11241100x8000000000000000333354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f16f9495c1297c02021-12-21 10:21:51.443root 11241100x8000000000000000333355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3424df29f1f737732021-12-21 10:21:51.443root 11241100x8000000000000000333356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f657d6a0b1414e372021-12-21 10:21:51.443root 11241100x8000000000000000333357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8ea85770858de42021-12-21 10:21:51.443root 11241100x8000000000000000333358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4139d44e6fdecbfc2021-12-21 10:21:51.443root 11241100x8000000000000000333359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5200d8820365424c2021-12-21 10:21:51.443root 11241100x8000000000000000333360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26dd6a0ac1c2425d2021-12-21 10:21:51.443root 11241100x8000000000000000333361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eadc76a1cda4d9192021-12-21 10:21:51.444root 11241100x8000000000000000333362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f795ce8dadd39b2021-12-21 10:21:51.444root 11241100x8000000000000000333363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8169f5469b8544242021-12-21 10:21:51.444root 11241100x8000000000000000333364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305a6008352066072021-12-21 10:21:51.444root 11241100x8000000000000000333365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd855411563a0402021-12-21 10:21:51.444root 11241100x8000000000000000333366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583f5500e0e9d8982021-12-21 10:21:51.444root 11241100x8000000000000000333367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487ca5be4ba35aec2021-12-21 10:21:51.444root 11241100x8000000000000000333368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b51af42119e7812021-12-21 10:21:51.444root 11241100x8000000000000000333369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f351fe417b84352d2021-12-21 10:21:51.444root 11241100x8000000000000000333370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585527e65659cabf2021-12-21 10:21:51.445root 11241100x8000000000000000333371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b9d95ed7ebb8672021-12-21 10:21:51.445root 11241100x8000000000000000333372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6241c5606069482021-12-21 10:21:51.445root 11241100x8000000000000000333373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c47b25dfd006b82021-12-21 10:21:51.445root 11241100x8000000000000000333374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a3f80c7d2058c72021-12-21 10:21:51.445root 11241100x8000000000000000333375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18de439912550762021-12-21 10:21:51.445root 11241100x8000000000000000333376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ea1df9b59b6a6f2021-12-21 10:21:51.445root 11241100x8000000000000000333377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7866ed20e4c730ae2021-12-21 10:21:51.445root 11241100x8000000000000000333378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c818f5710d4e3e2021-12-21 10:21:51.446root 11241100x8000000000000000333379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18575c0b339fad182021-12-21 10:21:51.446root 11241100x8000000000000000333380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d7704aa5dc0ebf2021-12-21 10:21:51.446root 11241100x8000000000000000333381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f717dcaeda75cadc2021-12-21 10:21:51.446root 11241100x8000000000000000333382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37e870bd5771a382021-12-21 10:21:51.447root 11241100x8000000000000000333383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f03ff1842ff9e5c2021-12-21 10:21:51.447root 11241100x8000000000000000333384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0a6875ba4fce922021-12-21 10:21:51.447root 11241100x8000000000000000333385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fade492dde0070552021-12-21 10:21:51.447root 11241100x8000000000000000333386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb220fe5a3b1e132021-12-21 10:21:51.447root 11241100x8000000000000000333387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf01a265eac3cc52021-12-21 10:21:51.447root 11241100x8000000000000000333388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71fb6270a7aa3e472021-12-21 10:21:51.447root 11241100x8000000000000000333389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2681c6951abbd0fe2021-12-21 10:21:51.448root 11241100x8000000000000000333390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19170866aa3db8712021-12-21 10:21:51.448root 11241100x8000000000000000333391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6af6559cccfa5e2021-12-21 10:21:51.448root 11241100x8000000000000000333392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfee595582bbfa5d2021-12-21 10:21:51.448root 11241100x8000000000000000333393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcf016d09ea98a12021-12-21 10:21:51.448root 11241100x8000000000000000333394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2327d3ccb8f2c6f62021-12-21 10:21:51.448root 11241100x8000000000000000333395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd606b9a67ddae8c2021-12-21 10:21:51.448root 11241100x8000000000000000333396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c5e2ee46343fd72021-12-21 10:21:51.448root 11241100x8000000000000000333397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2306e46e8d34fa2021-12-21 10:21:51.448root 11241100x8000000000000000333398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489a12e45a1424052021-12-21 10:21:51.448root 11241100x8000000000000000333399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94bd982cbf2114c2021-12-21 10:21:51.448root 11241100x8000000000000000333400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96c5efc4c199c152021-12-21 10:21:51.448root 11241100x8000000000000000333401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78de29495e0cc0e2021-12-21 10:21:51.943root 11241100x8000000000000000333402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf96ed7cb20456c2021-12-21 10:21:51.943root 11241100x8000000000000000333403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e46d92b05369212021-12-21 10:21:51.943root 11241100x8000000000000000333404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db08810f1baaccbe2021-12-21 10:21:51.943root 11241100x8000000000000000333405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d627c0705de76b492021-12-21 10:21:51.944root 11241100x8000000000000000333406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec531159054e62ac2021-12-21 10:21:51.944root 11241100x8000000000000000333407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efeaef699332bcb2021-12-21 10:21:51.944root 11241100x8000000000000000333408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24575d6543d7d55f2021-12-21 10:21:51.944root 11241100x8000000000000000333409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbac8b2c42257e02021-12-21 10:21:51.944root 11241100x8000000000000000333410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521d12359078e94b2021-12-21 10:21:51.944root 11241100x8000000000000000333411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009b600daa4a204b2021-12-21 10:21:51.945root 11241100x8000000000000000333412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933d6c96a1a419732021-12-21 10:21:51.945root 11241100x8000000000000000333413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c066a51499245a52021-12-21 10:21:51.945root 11241100x8000000000000000333414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4253283144e2a0f22021-12-21 10:21:51.945root 11241100x8000000000000000333415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8734f877401eb232021-12-21 10:21:51.945root 11241100x8000000000000000333416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d8967327526f1a2021-12-21 10:21:51.945root 11241100x8000000000000000333417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16acde24eec9026c2021-12-21 10:21:51.946root 11241100x8000000000000000333418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50647ca62bd05252021-12-21 10:21:51.946root 11241100x8000000000000000333419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603e42a93759074b2021-12-21 10:21:51.946root 11241100x8000000000000000333420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13550e92ac91e4512021-12-21 10:21:51.946root 11241100x8000000000000000333421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078ef07177925db22021-12-21 10:21:51.946root 11241100x8000000000000000333422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47245d94cd85b642021-12-21 10:21:51.946root 11241100x8000000000000000333423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f554278d2df1b5f12021-12-21 10:21:51.946root 11241100x8000000000000000333424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64c8ba5627443e52021-12-21 10:21:51.946root 11241100x8000000000000000333425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc14f66213a23fb2021-12-21 10:21:51.947root 11241100x8000000000000000333426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42302acd64ae76752021-12-21 10:21:51.947root 11241100x8000000000000000333427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338f1f8e017f53552021-12-21 10:21:51.947root 11241100x8000000000000000333428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455767abb3cad9992021-12-21 10:21:51.947root 11241100x8000000000000000333429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2f77dfa022bf5f2021-12-21 10:21:51.947root 11241100x8000000000000000333430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9f24913ae534112021-12-21 10:21:51.947root 11241100x8000000000000000333431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0180c9364c839c82021-12-21 10:21:51.947root 11241100x8000000000000000333432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e99e86e60d6ddd2021-12-21 10:21:51.947root 11241100x8000000000000000333433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110d5d7f7cb5e2ba2021-12-21 10:21:51.948root 11241100x8000000000000000333434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf28bb50c63a3c82021-12-21 10:21:51.948root 11241100x8000000000000000333435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7f1197badfeb322021-12-21 10:21:51.948root 11241100x8000000000000000333436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a305169d0e843af2021-12-21 10:21:51.948root 11241100x8000000000000000333437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138d678fb60d58a32021-12-21 10:21:51.948root 11241100x8000000000000000333438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25fa10fcc034e4422021-12-21 10:21:51.948root 11241100x8000000000000000333439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068a648b129a897c2021-12-21 10:21:51.948root 11241100x8000000000000000333440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bafb9f9deff143c2021-12-21 10:21:52.443root 11241100x8000000000000000333441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c9949a84d8794a2021-12-21 10:21:52.443root 11241100x8000000000000000333442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0bfb7841c37de72021-12-21 10:21:52.443root 11241100x8000000000000000333443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63e301e4baaec022021-12-21 10:21:52.444root 11241100x8000000000000000333444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2977ce84a99852542021-12-21 10:21:52.444root 11241100x8000000000000000333445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0f8594143eb0452021-12-21 10:21:52.444root 11241100x8000000000000000333446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879485a718c9ca6e2021-12-21 10:21:52.444root 11241100x8000000000000000333447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8749deb16d19b3bc2021-12-21 10:21:52.444root 11241100x8000000000000000333448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80294cb0fea942c92021-12-21 10:21:52.444root 11241100x8000000000000000333449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d753023d8e0e981a2021-12-21 10:21:52.445root 11241100x8000000000000000333450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca5a756a5d74a9a2021-12-21 10:21:52.445root 11241100x8000000000000000333451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a104771cb4c7ff2021-12-21 10:21:52.445root 11241100x8000000000000000333452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47804de8b7b93b312021-12-21 10:21:52.445root 11241100x8000000000000000333453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920bc030844a3c182021-12-21 10:21:52.445root 11241100x8000000000000000333454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75147de57e4836cd2021-12-21 10:21:52.445root 11241100x8000000000000000333455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8482cc068ad2c6db2021-12-21 10:21:52.445root 11241100x8000000000000000333456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27fd316a8a0339e92021-12-21 10:21:52.445root 11241100x8000000000000000333457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf546a9d4c9d3772021-12-21 10:21:52.446root 11241100x8000000000000000333458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e771be534ff3d2b2021-12-21 10:21:52.446root 11241100x8000000000000000333459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e65380a3028b9a2021-12-21 10:21:52.446root 11241100x8000000000000000333460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b833155e7fdb4d2021-12-21 10:21:52.446root 11241100x8000000000000000333461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b71d1dac0f006c2021-12-21 10:21:52.446root 11241100x8000000000000000333462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05d566b6513b2702021-12-21 10:21:52.447root 11241100x8000000000000000333463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e0fce63055a3dc2021-12-21 10:21:52.447root 11241100x8000000000000000333464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e226effe708bb59b2021-12-21 10:21:52.447root 11241100x8000000000000000333465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03aa15efd06724a22021-12-21 10:21:52.447root 11241100x8000000000000000333466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04cee1dccbc728e52021-12-21 10:21:52.448root 11241100x8000000000000000333467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69cb3e5ab62c4c222021-12-21 10:21:52.448root 11241100x8000000000000000333468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9fdbde138f63712021-12-21 10:21:52.448root 11241100x8000000000000000333469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697989e03787fb632021-12-21 10:21:52.448root 11241100x8000000000000000333470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50260f8191ed91cc2021-12-21 10:21:52.448root 11241100x8000000000000000333471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c6c6e56d4a553e2021-12-21 10:21:52.448root 11241100x8000000000000000333472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e68bc44348553f92021-12-21 10:21:52.448root 11241100x8000000000000000333473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03491449a730a6f72021-12-21 10:21:52.448root 11241100x8000000000000000333474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0964b1f02f32e862021-12-21 10:21:52.448root 11241100x8000000000000000333475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59b6429b0cc9a6e2021-12-21 10:21:52.449root 11241100x8000000000000000333476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e648b8ebe75e092021-12-21 10:21:52.449root 11241100x8000000000000000333477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716940ab8210e6eb2021-12-21 10:21:52.943root 11241100x8000000000000000333478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15e4490cc49d0f12021-12-21 10:21:52.943root 11241100x8000000000000000333479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8699fec4c4ddd42021-12-21 10:21:52.943root 11241100x8000000000000000333480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57535cde678801c62021-12-21 10:21:52.943root 11241100x8000000000000000333481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5610274ab30ec3832021-12-21 10:21:52.944root 11241100x8000000000000000333482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d80cc82bb50a882021-12-21 10:21:52.944root 11241100x8000000000000000333483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96aaadc1b2b15652021-12-21 10:21:52.944root 11241100x8000000000000000333484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ec67b43f2a12cf2021-12-21 10:21:52.944root 11241100x8000000000000000333485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab6f478e51274f22021-12-21 10:21:52.944root 11241100x8000000000000000333486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b6d0d350ec98402021-12-21 10:21:52.944root 11241100x8000000000000000333487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af54cc2c2257c752021-12-21 10:21:52.944root 11241100x8000000000000000333488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71dad801dcc5e1d22021-12-21 10:21:52.944root 11241100x8000000000000000333489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e198db043e2646f92021-12-21 10:21:52.944root 11241100x8000000000000000333490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513c1f31c9c1fda52021-12-21 10:21:52.944root 11241100x8000000000000000333491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aadfca8bb69eda342021-12-21 10:21:52.945root 11241100x8000000000000000333492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad45f05b4e80675c2021-12-21 10:21:52.945root 11241100x8000000000000000333493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc808192c21a50ca2021-12-21 10:21:52.945root 11241100x8000000000000000333494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23eb3d2f06709662021-12-21 10:21:52.945root 11241100x8000000000000000333495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b557ae38cc5ab23e2021-12-21 10:21:52.945root 11241100x8000000000000000333496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36600182fe362da2021-12-21 10:21:52.945root 11241100x8000000000000000333497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3127847cd340c4432021-12-21 10:21:52.945root 11241100x8000000000000000333498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597a8d8a9c37124a2021-12-21 10:21:52.945root 11241100x8000000000000000333499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2472ae580b90eb2021-12-21 10:21:52.946root 11241100x8000000000000000333500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67bc778219e675ef2021-12-21 10:21:52.946root 11241100x8000000000000000333501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e6f03c77968ae52021-12-21 10:21:52.946root 11241100x8000000000000000333502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbd4fbb69292c662021-12-21 10:21:52.946root 11241100x8000000000000000333503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5594b2b39ff1b9a82021-12-21 10:21:52.946root 11241100x8000000000000000333504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a72ae0d623fa5ac2021-12-21 10:21:52.946root 11241100x8000000000000000333505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e2c821a377c5c72021-12-21 10:21:52.946root 11241100x8000000000000000333506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef740dd71c488d6d2021-12-21 10:21:52.947root 11241100x8000000000000000333507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30361ed80544f5aa2021-12-21 10:21:52.947root 11241100x8000000000000000333508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cea0015469854a72021-12-21 10:21:52.947root 11241100x8000000000000000333509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c97a1c1f623f8042021-12-21 10:21:52.947root 11241100x8000000000000000333510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf82086d79694392021-12-21 10:21:52.947root 11241100x8000000000000000333511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8473289841de6b862021-12-21 10:21:52.947root 11241100x8000000000000000333512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e64bab3c00a55622021-12-21 10:21:53.443root 11241100x8000000000000000333513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f5006b83fec6922021-12-21 10:21:53.443root 11241100x8000000000000000333514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acab200f1fff80452021-12-21 10:21:53.443root 11241100x8000000000000000333515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2082a7f2976a732021-12-21 10:21:53.444root 11241100x8000000000000000333516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71bb9cac4e0034a2021-12-21 10:21:53.444root 11241100x8000000000000000333517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0683e55df2b6c2442021-12-21 10:21:53.444root 11241100x8000000000000000333518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f538b5a4449f612021-12-21 10:21:53.444root 11241100x8000000000000000333519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f9dcb2fa39ded32021-12-21 10:21:53.444root 11241100x8000000000000000333520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dabc4149fe174bc72021-12-21 10:21:53.444root 11241100x8000000000000000333521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05786e9e1f7095772021-12-21 10:21:53.444root 11241100x8000000000000000333522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f45978c403abf332021-12-21 10:21:53.444root 11241100x8000000000000000333523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea06d7de0c2e7892021-12-21 10:21:53.444root 11241100x8000000000000000333524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9363806fac83f892021-12-21 10:21:53.445root 11241100x8000000000000000333525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b19145f538faa92021-12-21 10:21:53.445root 11241100x8000000000000000333526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da249bbb962112062021-12-21 10:21:53.445root 11241100x8000000000000000333527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43cebcedbef46752021-12-21 10:21:53.445root 11241100x8000000000000000333528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0e27399a6d50652021-12-21 10:21:53.445root 11241100x8000000000000000333529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f39c5e3b7e3beb2021-12-21 10:21:53.445root 11241100x8000000000000000333530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6123f16357b95322021-12-21 10:21:53.445root 11241100x8000000000000000333531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e520b14e5d5d1f032021-12-21 10:21:53.445root 11241100x8000000000000000333532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f50880c43822b62021-12-21 10:21:53.445root 11241100x8000000000000000333533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ccd6a8b28307e62021-12-21 10:21:53.445root 11241100x8000000000000000333534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca9ca1371fb9ee72021-12-21 10:21:53.445root 11241100x8000000000000000333535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cb353eab550e232021-12-21 10:21:53.446root 11241100x8000000000000000333536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f311dab74fc16912021-12-21 10:21:53.446root 11241100x8000000000000000333537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22d4792a56fe7922021-12-21 10:21:53.446root 11241100x8000000000000000333538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a814462d17f91fff2021-12-21 10:21:53.446root 11241100x8000000000000000333539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0362889e79b00a2021-12-21 10:21:53.446root 11241100x8000000000000000333540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493eabe0764db1f32021-12-21 10:21:53.446root 11241100x8000000000000000333541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9834a106a1a82eb2021-12-21 10:21:53.446root 11241100x8000000000000000333542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25921c5098e51142021-12-21 10:21:53.446root 11241100x8000000000000000333543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc021a2d2f87f172021-12-21 10:21:53.446root 11241100x8000000000000000333544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65ac8e65785a2b22021-12-21 10:21:53.446root 11241100x8000000000000000333545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c6e562e54226af2021-12-21 10:21:53.447root 11241100x8000000000000000333546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce3b8775ce6dc352021-12-21 10:21:53.447root 11241100x8000000000000000333547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64732b543bfa41c42021-12-21 10:21:53.447root 11241100x8000000000000000333548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb5e2bbe2ef454d2021-12-21 10:21:53.943root 11241100x8000000000000000333549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7d72b518003d7b2021-12-21 10:21:53.943root 11241100x8000000000000000333550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837294e46c1d1c172021-12-21 10:21:53.943root 11241100x8000000000000000333551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a363c371acf29b2021-12-21 10:21:53.943root 11241100x8000000000000000333552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c8757425cac1582021-12-21 10:21:53.944root 11241100x8000000000000000333553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0a62cd95cf6b8d2021-12-21 10:21:53.944root 11241100x8000000000000000333554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7635c0150d31acd82021-12-21 10:21:53.944root 11241100x8000000000000000333555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9fe67c5d80e16e2021-12-21 10:21:53.944root 11241100x8000000000000000333556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f63cc35a0197702021-12-21 10:21:53.944root 11241100x8000000000000000333557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483dec7a7186889e2021-12-21 10:21:53.944root 11241100x8000000000000000333558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd06dc6f89eb2dbe2021-12-21 10:21:53.944root 11241100x8000000000000000333559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25e416b1d4f2d612021-12-21 10:21:53.945root 11241100x8000000000000000333560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb4008ac4d0777a2021-12-21 10:21:53.945root 11241100x8000000000000000333561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdc06aa730697322021-12-21 10:21:53.945root 11241100x8000000000000000333562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328be02d916ba6392021-12-21 10:21:53.945root 11241100x8000000000000000333563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5839f99726674e2021-12-21 10:21:53.945root 11241100x8000000000000000333564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747505ed7127250c2021-12-21 10:21:53.945root 11241100x8000000000000000333565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f40f1975b84eaa2021-12-21 10:21:53.945root 11241100x8000000000000000333566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6e8f48a9d279a12021-12-21 10:21:53.946root 11241100x8000000000000000333567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ec8169c2e7b6ff2021-12-21 10:21:53.946root 11241100x8000000000000000333568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2592f100afb9c9d22021-12-21 10:21:53.947root 11241100x8000000000000000333569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012c4ee555b538fc2021-12-21 10:21:53.947root 11241100x8000000000000000333570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013740940c908db22021-12-21 10:21:53.947root 11241100x8000000000000000333571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8fa2e17649cbfa2021-12-21 10:21:53.948root 11241100x8000000000000000333572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1750697fb5b0e3552021-12-21 10:21:53.948root 11241100x8000000000000000333573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d19e40c1c9b38e2021-12-21 10:21:53.948root 11241100x8000000000000000333574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f8beadd5a38afb2021-12-21 10:21:53.949root 11241100x8000000000000000333575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e38fe4d87bb0fe2021-12-21 10:21:53.949root 11241100x8000000000000000333576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f758d0ac6aad5092021-12-21 10:21:53.949root 11241100x8000000000000000333577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2b2e985f19339f2021-12-21 10:21:53.950root 11241100x8000000000000000333578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b42b0bc9d7f3cd02021-12-21 10:21:53.950root 11241100x8000000000000000333579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81feebbfe99eafcf2021-12-21 10:21:53.950root 11241100x8000000000000000333580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6955015878ebd642021-12-21 10:21:53.950root 11241100x8000000000000000333581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f649d77f743f006d2021-12-21 10:21:53.951root 11241100x8000000000000000333582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:53.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3dacfcfcbff6b6c2021-12-21 10:21:53.951root 354300x8000000000000000333583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.207{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-46992-false10.0.1.12-8000- 11241100x8000000000000000333584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402db7941540d94a2021-12-21 10:21:54.207root 11241100x8000000000000000333585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d5d56e20d34d612021-12-21 10:21:54.207root 11241100x8000000000000000333586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d94fa0ef6b37e7a2021-12-21 10:21:54.208root 11241100x8000000000000000333587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a131b7dbdcf709f52021-12-21 10:21:54.208root 11241100x8000000000000000333588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f49f135847f7aec2021-12-21 10:21:54.208root 11241100x8000000000000000333589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb40cb88e5bd4fb2021-12-21 10:21:54.208root 11241100x8000000000000000333590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a55e838911df612021-12-21 10:21:54.208root 11241100x8000000000000000333591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb65decf0f1a21ed2021-12-21 10:21:54.208root 11241100x8000000000000000333592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46d9b06c36a94b62021-12-21 10:21:54.208root 11241100x8000000000000000333593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab0bdb5bba1a0bb2021-12-21 10:21:54.209root 11241100x8000000000000000333594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d5d244a916c6c42021-12-21 10:21:54.209root 11241100x8000000000000000333595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a12e0226c3afdd2021-12-21 10:21:54.209root 11241100x8000000000000000333596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c521a05cb11c1c62021-12-21 10:21:54.209root 11241100x8000000000000000333597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de08c9810ffcc362021-12-21 10:21:54.209root 11241100x8000000000000000333598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a543c129ffb6cac52021-12-21 10:21:54.209root 11241100x8000000000000000333599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256069eccf64e03f2021-12-21 10:21:54.209root 11241100x8000000000000000333600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc8356a556fcb2d2021-12-21 10:21:54.210root 11241100x8000000000000000333601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a247add8ea3902d32021-12-21 10:21:54.210root 11241100x8000000000000000333602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a5dc697c6bf26c2021-12-21 10:21:54.210root 11241100x8000000000000000333603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401b22ff13f975b92021-12-21 10:21:54.210root 11241100x8000000000000000333604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5858ad2f995de52021-12-21 10:21:54.210root 11241100x8000000000000000333605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55322c2bc71beb722021-12-21 10:21:54.210root 11241100x8000000000000000333606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d6a6233a43d0e22021-12-21 10:21:54.210root 11241100x8000000000000000333607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10922bff25f227962021-12-21 10:21:54.211root 11241100x8000000000000000333608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c0b288ccc1dac52021-12-21 10:21:54.211root 11241100x8000000000000000333609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266490bb7a2ec6f32021-12-21 10:21:54.211root 11241100x8000000000000000333610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9e130098d61fc82021-12-21 10:21:54.211root 11241100x8000000000000000333611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6182b49510ede3262021-12-21 10:21:54.211root 11241100x8000000000000000333612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777ea826fab18d7c2021-12-21 10:21:54.211root 11241100x8000000000000000333613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb2973790e21d742021-12-21 10:21:54.211root 11241100x8000000000000000333614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87209df6d1702f862021-12-21 10:21:54.212root 11241100x8000000000000000333615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f171612783c64b862021-12-21 10:21:54.212root 11241100x8000000000000000333616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff819fda826baa4b2021-12-21 10:21:54.212root 11241100x8000000000000000333617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef329f8ca9a188f2021-12-21 10:21:54.212root 11241100x8000000000000000333618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c8c4edd6142e162021-12-21 10:21:54.212root 11241100x8000000000000000333619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f8359db8d0b0be2021-12-21 10:21:54.212root 11241100x8000000000000000333620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07086a1f84b83152021-12-21 10:21:54.213root 11241100x8000000000000000333621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99c6d88bba341842021-12-21 10:21:54.213root 11241100x8000000000000000333622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab47631e076de2782021-12-21 10:21:54.213root 11241100x8000000000000000333623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0522957432610982021-12-21 10:21:54.213root 11241100x8000000000000000333624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e92e4b9589bbbf12021-12-21 10:21:54.693root 11241100x8000000000000000333625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83f136e402337f92021-12-21 10:21:54.693root 11241100x8000000000000000333626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69dff0b75995960b2021-12-21 10:21:54.693root 11241100x8000000000000000333627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b8dd629e025dee2021-12-21 10:21:54.693root 11241100x8000000000000000333628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea5486afe9322b22021-12-21 10:21:54.694root 11241100x8000000000000000333629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14cf79cf14d5b69c2021-12-21 10:21:54.694root 11241100x8000000000000000333630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0139e158db5446e22021-12-21 10:21:54.694root 11241100x8000000000000000333631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9317c2bd2e303c3f2021-12-21 10:21:54.694root 11241100x8000000000000000333632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145339aa6afcffc32021-12-21 10:21:54.694root 11241100x8000000000000000333633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d15668f3e3b61e42021-12-21 10:21:54.695root 11241100x8000000000000000333634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331472649e2ff2192021-12-21 10:21:54.695root 11241100x8000000000000000333635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd1e59ccf9453502021-12-21 10:21:54.695root 11241100x8000000000000000333636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148c599e9b89087f2021-12-21 10:21:54.695root 11241100x8000000000000000333637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f7d5a332a629cc2021-12-21 10:21:54.695root 11241100x8000000000000000333638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a4b3b61a54e2112021-12-21 10:21:54.695root 11241100x8000000000000000333639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cbbf13ef1a932d62021-12-21 10:21:54.695root 11241100x8000000000000000333640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975f1beb30c8e8be2021-12-21 10:21:54.696root 11241100x8000000000000000333641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f475c927b6ef73ce2021-12-21 10:21:54.696root 11241100x8000000000000000333642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feca3c8ca70b949d2021-12-21 10:21:54.696root 11241100x8000000000000000333643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002fc163bb7dae682021-12-21 10:21:54.696root 11241100x8000000000000000333644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b3f144c912d7342021-12-21 10:21:54.696root 11241100x8000000000000000333645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b665ac8e0dc90b22021-12-21 10:21:54.696root 11241100x8000000000000000333646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0d454c2e4b80712021-12-21 10:21:54.697root 11241100x8000000000000000333647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c50e7bce5d07ad2021-12-21 10:21:54.697root 11241100x8000000000000000333648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08006ebbcf0d16d62021-12-21 10:21:54.697root 11241100x8000000000000000333649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1060172f24b408562021-12-21 10:21:54.697root 11241100x8000000000000000333650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b52e9937336d8772021-12-21 10:21:54.697root 11241100x8000000000000000333651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6dcf55cc1635d22021-12-21 10:21:54.697root 11241100x8000000000000000333652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c270c7e2fa8a962021-12-21 10:21:54.697root 11241100x8000000000000000333653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c2e7a1203d80692021-12-21 10:21:54.698root 11241100x8000000000000000333654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46db3da294fb87b2021-12-21 10:21:54.698root 11241100x8000000000000000333655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c59431359e784072021-12-21 10:21:54.698root 11241100x8000000000000000333656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044177c86f74f81a2021-12-21 10:21:54.698root 11241100x8000000000000000333657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56317f148e44fc22021-12-21 10:21:54.698root 11241100x8000000000000000333658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57907105eb4dfc7f2021-12-21 10:21:54.698root 11241100x8000000000000000333659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be22d273b2edd4102021-12-21 10:21:54.698root 11241100x8000000000000000333660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034e97de5c6449692021-12-21 10:21:54.698root 11241100x8000000000000000333661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5440cbc32444db542021-12-21 10:21:54.698root 11241100x8000000000000000333662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e67336f383e6fde2021-12-21 10:21:54.698root 11241100x8000000000000000333663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38054290389055e62021-12-21 10:21:54.698root 11241100x8000000000000000333664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fac35189d50bf292021-12-21 10:21:55.193root 11241100x8000000000000000333665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10e8e1b81de7a492021-12-21 10:21:55.194root 11241100x8000000000000000333666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5248850671699252021-12-21 10:21:55.194root 11241100x8000000000000000333667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9120a9ee8233d42021-12-21 10:21:55.194root 11241100x8000000000000000333668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3699e878e9f983442021-12-21 10:21:55.194root 11241100x8000000000000000333669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4e3a5605d093612021-12-21 10:21:55.194root 11241100x8000000000000000333670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde34ade2ea777152021-12-21 10:21:55.194root 11241100x8000000000000000333671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf2c21196de06012021-12-21 10:21:55.195root 11241100x8000000000000000333672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672a1f7d281e6d1f2021-12-21 10:21:55.195root 11241100x8000000000000000333673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3ea6a1d8918ee02021-12-21 10:21:55.195root 11241100x8000000000000000333674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9e14596ad596ae2021-12-21 10:21:55.195root 11241100x8000000000000000333675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3668d0a160c259232021-12-21 10:21:55.195root 11241100x8000000000000000333676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238a8cb5f1ff80492021-12-21 10:21:55.195root 11241100x8000000000000000333677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac0439131489b382021-12-21 10:21:55.195root 11241100x8000000000000000333678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd8993bb191f8ef2021-12-21 10:21:55.195root 11241100x8000000000000000333679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6834d18a3d538a732021-12-21 10:21:55.196root 11241100x8000000000000000333680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079c94d40c3f99c22021-12-21 10:21:55.196root 11241100x8000000000000000333681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c962172796eeb1b2021-12-21 10:21:55.196root 11241100x8000000000000000333682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f460fc73a36a7f2e2021-12-21 10:21:55.196root 11241100x8000000000000000333683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e89502e7992e492021-12-21 10:21:55.196root 11241100x8000000000000000333684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429c5be9180486352021-12-21 10:21:55.196root 11241100x8000000000000000333685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84600954e5b2b1742021-12-21 10:21:55.196root 11241100x8000000000000000333686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2ac7aa1e65cd6c2021-12-21 10:21:55.196root 11241100x8000000000000000333687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1eb6a6e537339cc2021-12-21 10:21:55.197root 11241100x8000000000000000333688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8c5442ce5835982021-12-21 10:21:55.197root 11241100x8000000000000000333689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c109ab9a3f78a6742021-12-21 10:21:55.197root 11241100x8000000000000000333690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49aa2398ecd623842021-12-21 10:21:55.197root 11241100x8000000000000000333691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2564179dfb4103b2021-12-21 10:21:55.197root 11241100x8000000000000000333692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442eb432371b4a492021-12-21 10:21:55.197root 11241100x8000000000000000333693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e736b0ed9f5f8e2021-12-21 10:21:55.198root 11241100x8000000000000000333694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbc569822fd8fff2021-12-21 10:21:55.198root 11241100x8000000000000000333695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e894e2f4a3ed4dde2021-12-21 10:21:55.198root 11241100x8000000000000000333696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208b42357443f2782021-12-21 10:21:55.198root 11241100x8000000000000000333697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637031ea89c631dc2021-12-21 10:21:55.198root 11241100x8000000000000000333698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52569d00aaa21b402021-12-21 10:21:55.199root 11241100x8000000000000000333699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8b027de76577b32021-12-21 10:21:55.199root 11241100x8000000000000000333700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee355b74a38d0f4e2021-12-21 10:21:55.693root 11241100x8000000000000000333701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef17f119ee74be42021-12-21 10:21:55.693root 11241100x8000000000000000333702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19832b6092f4ea032021-12-21 10:21:55.693root 11241100x8000000000000000333703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327f73134bdc7cc62021-12-21 10:21:55.694root 11241100x8000000000000000333704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bdf4e9ed4e745b2021-12-21 10:21:55.694root 11241100x8000000000000000333705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259b280a2bf5bfe72021-12-21 10:21:55.695root 11241100x8000000000000000333706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4dd5c1f2dbfee882021-12-21 10:21:55.695root 11241100x8000000000000000333707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa240b4c27231722021-12-21 10:21:55.695root 11241100x8000000000000000333708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edb6dea42a26e172021-12-21 10:21:55.695root 11241100x8000000000000000333709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4590eeb5f75645eb2021-12-21 10:21:55.695root 11241100x8000000000000000333710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac86bb4cdffd77e2021-12-21 10:21:55.695root 11241100x8000000000000000333711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b7785b58bd06f62021-12-21 10:21:55.696root 11241100x8000000000000000333712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62fc3185ec9b0c22021-12-21 10:21:55.696root 11241100x8000000000000000333713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2e4f0d610c03112021-12-21 10:21:55.696root 11241100x8000000000000000333714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30dad7ef8ff50c72021-12-21 10:21:55.696root 11241100x8000000000000000333715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da78664b0f4df9d2021-12-21 10:21:55.696root 11241100x8000000000000000333716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1890dc1596ec488b2021-12-21 10:21:55.696root 11241100x8000000000000000333717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973e95ae98791b9d2021-12-21 10:21:55.696root 11241100x8000000000000000333718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c8d84bfe2dbddc2021-12-21 10:21:55.696root 11241100x8000000000000000333719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9572b571b1fba6742021-12-21 10:21:55.696root 11241100x8000000000000000333720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a866c4906030e65b2021-12-21 10:21:55.697root 11241100x8000000000000000333721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ef011dde3a6fbd2021-12-21 10:21:55.697root 11241100x8000000000000000333722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c5db44280b47322021-12-21 10:21:55.697root 11241100x8000000000000000333723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed3b23261a4a02f2021-12-21 10:21:55.697root 11241100x8000000000000000333724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c27cb0403b256f2021-12-21 10:21:55.697root 11241100x8000000000000000333725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469cae1b5347d7832021-12-21 10:21:55.697root 11241100x8000000000000000333726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0890ab3c00e3372021-12-21 10:21:55.697root 11241100x8000000000000000333727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56cc49cb15bd92572021-12-21 10:21:55.697root 11241100x8000000000000000333728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9e5e9ef48975db2021-12-21 10:21:55.697root 11241100x8000000000000000333729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ecc9115825e0a502021-12-21 10:21:55.698root 11241100x8000000000000000333730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3c09895bd1eefd2021-12-21 10:21:55.698root 11241100x8000000000000000333731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3783e6d3783259af2021-12-21 10:21:55.698root 11241100x8000000000000000333732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103980c237681bbe2021-12-21 10:21:55.698root 11241100x8000000000000000333733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50747d819c633722021-12-21 10:21:55.698root 11241100x8000000000000000333734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c078ca833840db72021-12-21 10:21:55.698root 11241100x8000000000000000333735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d966878f598e6432021-12-21 10:21:55.698root 11241100x8000000000000000333736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1614b0fce6a5702021-12-21 10:21:55.698root 11241100x8000000000000000333737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee42e134fe5c18e92021-12-21 10:21:55.698root 11241100x8000000000000000333738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:55.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4645c6aef7c0a072021-12-21 10:21:55.699root 11241100x8000000000000000333739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de72b55f561384b2021-12-21 10:21:56.193root 11241100x8000000000000000333740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d102b0fbdd79c26e2021-12-21 10:21:56.194root 11241100x8000000000000000333741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1f18c4898222c02021-12-21 10:21:56.194root 11241100x8000000000000000333742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4551cb6d5791be32021-12-21 10:21:56.194root 11241100x8000000000000000333743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62bfe08e37131c382021-12-21 10:21:56.194root 11241100x8000000000000000333744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19744ff7666bf252021-12-21 10:21:56.195root 11241100x8000000000000000333745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e2b351a38b83e42021-12-21 10:21:56.195root 11241100x8000000000000000333746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed75b600419c8832021-12-21 10:21:56.195root 11241100x8000000000000000333747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272df7e920944c412021-12-21 10:21:56.195root 11241100x8000000000000000333748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc95fb7cd3cc27d02021-12-21 10:21:56.196root 11241100x8000000000000000333749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40b2b6c4866a4cf2021-12-21 10:21:56.196root 11241100x8000000000000000333750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ebe536050632cd2021-12-21 10:21:56.196root 11241100x8000000000000000333751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98cf090f06651972021-12-21 10:21:56.196root 11241100x8000000000000000333752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0382f1ee7f0f7ac82021-12-21 10:21:56.196root 11241100x8000000000000000333753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94f18b64bc98faf2021-12-21 10:21:56.196root 11241100x8000000000000000333754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d4dd85d3d8cdad2021-12-21 10:21:56.197root 11241100x8000000000000000333755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775f5a8c2d6aafa62021-12-21 10:21:56.197root 11241100x8000000000000000333756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8523e556e95a9ee92021-12-21 10:21:56.197root 11241100x8000000000000000333757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4911ec1b19855c8b2021-12-21 10:21:56.197root 11241100x8000000000000000333758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918235871c2f83732021-12-21 10:21:56.197root 11241100x8000000000000000333759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8637383223fc27432021-12-21 10:21:56.197root 11241100x8000000000000000333760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ce198f6e68746d2021-12-21 10:21:56.197root 11241100x8000000000000000333761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6462fb10ba54222021-12-21 10:21:56.197root 11241100x8000000000000000333762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea1079eee30fc912021-12-21 10:21:56.198root 11241100x8000000000000000333763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a221d02cebef199b2021-12-21 10:21:56.198root 11241100x8000000000000000333764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fade377ee054cbcd2021-12-21 10:21:56.198root 11241100x8000000000000000333765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd1da806230f0af2021-12-21 10:21:56.198root 11241100x8000000000000000333766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4e413a79fae45a2021-12-21 10:21:56.198root 11241100x8000000000000000333767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f2448e5a49daba2021-12-21 10:21:56.198root 11241100x8000000000000000333768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f631aff07734672d2021-12-21 10:21:56.198root 11241100x8000000000000000333769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c79032c67a4d9a2021-12-21 10:21:56.198root 11241100x8000000000000000333770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5042522e2b4e872021-12-21 10:21:56.199root 11241100x8000000000000000333771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944a152ec41bb69c2021-12-21 10:21:56.199root 11241100x8000000000000000333772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8fc8346cb3e7ccc2021-12-21 10:21:56.199root 11241100x8000000000000000333773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156caec7fa331c7b2021-12-21 10:21:56.199root 11241100x8000000000000000333774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6916a24ff7b4e82021-12-21 10:21:56.199root 11241100x8000000000000000333775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8cc00ab613c0642021-12-21 10:21:56.199root 11241100x8000000000000000333776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312ecc0fd7fc00f72021-12-21 10:21:56.199root 11241100x8000000000000000333777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21024cf4a42f2a02021-12-21 10:21:56.693root 11241100x8000000000000000333778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddef635feb17ed2a2021-12-21 10:21:56.693root 11241100x8000000000000000333779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c773e52571a6962021-12-21 10:21:56.693root 11241100x8000000000000000333780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844bc738c86457c32021-12-21 10:21:56.693root 11241100x8000000000000000333781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4961592af08bb5b2021-12-21 10:21:56.693root 11241100x8000000000000000333782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea153b27ec88d4d52021-12-21 10:21:56.694root 11241100x8000000000000000333783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e619623089a12f22021-12-21 10:21:56.694root 11241100x8000000000000000333784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d73a8bb3aef552e2021-12-21 10:21:56.694root 11241100x8000000000000000333785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7526c382afbadb92021-12-21 10:21:56.694root 11241100x8000000000000000333786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fbbaca2b319cbf32021-12-21 10:21:56.694root 11241100x8000000000000000333787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c199f757450293e62021-12-21 10:21:56.694root 11241100x8000000000000000333788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1538224f5ece53732021-12-21 10:21:56.694root 11241100x8000000000000000333789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936340061918eb0e2021-12-21 10:21:56.694root 11241100x8000000000000000333790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8557ba7767472f182021-12-21 10:21:56.694root 11241100x8000000000000000333791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3f1cbabe4a512c2021-12-21 10:21:56.694root 11241100x8000000000000000333792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4a9f883f0526152021-12-21 10:21:56.694root 11241100x8000000000000000333793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f515bfe56e525be02021-12-21 10:21:56.695root 11241100x8000000000000000333794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8322d02c32181bd2021-12-21 10:21:56.695root 11241100x8000000000000000333795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a89c808add275302021-12-21 10:21:56.695root 11241100x8000000000000000333796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e006960768b43b72021-12-21 10:21:56.695root 11241100x8000000000000000333797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aed95d39f90a6112021-12-21 10:21:56.695root 11241100x8000000000000000333798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a2c3673c656a5d2021-12-21 10:21:56.695root 11241100x8000000000000000333799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca5f9a1873c4da082021-12-21 10:21:56.695root 11241100x8000000000000000333800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2912e63d49f0242021-12-21 10:21:56.695root 11241100x8000000000000000333801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c96eb014ebba122021-12-21 10:21:56.695root 11241100x8000000000000000333802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf921ac4b8c36f32021-12-21 10:21:56.696root 11241100x8000000000000000333803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63471b3c428229d82021-12-21 10:21:56.696root 11241100x8000000000000000333804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d86040d73a74d462021-12-21 10:21:56.696root 11241100x8000000000000000333805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27585368c63276f02021-12-21 10:21:56.696root 11241100x8000000000000000333806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c207bfe2a41ad73b2021-12-21 10:21:56.696root 11241100x8000000000000000333807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070cde09070b13a52021-12-21 10:21:56.696root 11241100x8000000000000000333808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c008995881d0772021-12-21 10:21:56.696root 11241100x8000000000000000333809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05f840633201c342021-12-21 10:21:56.696root 11241100x8000000000000000333810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df02807730208732021-12-21 10:21:56.696root 11241100x8000000000000000333811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:56.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da2c85377965e252021-12-21 10:21:56.696root 11241100x8000000000000000333812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83cab1ff6a09a8f02021-12-21 10:21:57.193root 11241100x8000000000000000333813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c89a75ecd5ad1e92021-12-21 10:21:57.193root 11241100x8000000000000000333814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d0a0431aaeca9a2021-12-21 10:21:57.193root 11241100x8000000000000000333815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e92d020e598945b2021-12-21 10:21:57.193root 11241100x8000000000000000333816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f0e60d21b64aaf2021-12-21 10:21:57.194root 11241100x8000000000000000333817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53415d3b996fcb82021-12-21 10:21:57.194root 11241100x8000000000000000333818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843020460ca4f3d22021-12-21 10:21:57.194root 11241100x8000000000000000333819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a426e426894a0b842021-12-21 10:21:57.194root 11241100x8000000000000000333820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702c8eab4220efe72021-12-21 10:21:57.194root 11241100x8000000000000000333821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22bcca03aac7ff9e2021-12-21 10:21:57.194root 11241100x8000000000000000333822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e816ba29cac4e4f72021-12-21 10:21:57.194root 11241100x8000000000000000333823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f076d0c0b369851d2021-12-21 10:21:57.194root 11241100x8000000000000000333824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b74fe77919b876a2021-12-21 10:21:57.194root 11241100x8000000000000000333825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3bfd6b407e8d352021-12-21 10:21:57.195root 11241100x8000000000000000333826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ef673c4a65a6332021-12-21 10:21:57.195root 11241100x8000000000000000333827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d743111a9b8b2f2021-12-21 10:21:57.195root 11241100x8000000000000000333828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28355333d40567f2021-12-21 10:21:57.195root 11241100x8000000000000000333829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5548cdc91bbbe1122021-12-21 10:21:57.195root 11241100x8000000000000000333830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3024271be59da5982021-12-21 10:21:57.195root 11241100x8000000000000000333831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783352ef4783fd862021-12-21 10:21:57.195root 11241100x8000000000000000333832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f39ef0ce71b527c2021-12-21 10:21:57.195root 11241100x8000000000000000333833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf363f4963e696732021-12-21 10:21:57.195root 11241100x8000000000000000333834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbafc050b76a7012021-12-21 10:21:57.195root 11241100x8000000000000000333835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dcae0a467c08b8e2021-12-21 10:21:57.196root 11241100x8000000000000000333836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a608ade88a3d9c862021-12-21 10:21:57.196root 11241100x8000000000000000333837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab68a4e50fd039f2021-12-21 10:21:57.196root 11241100x8000000000000000333838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd9e252c2580da72021-12-21 10:21:57.196root 11241100x8000000000000000333839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de024a3e76ec2cd52021-12-21 10:21:57.196root 11241100x8000000000000000333840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb5e412ad6605282021-12-21 10:21:57.196root 11241100x8000000000000000333841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d97564b08ae432f2021-12-21 10:21:57.196root 11241100x8000000000000000333842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc7384907bc634e2021-12-21 10:21:57.196root 11241100x8000000000000000333843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9edf834fbe216212021-12-21 10:21:57.196root 11241100x8000000000000000333844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad9592efcf0a02f2021-12-21 10:21:57.197root 11241100x8000000000000000333845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd381af38777bed2021-12-21 10:21:57.197root 11241100x8000000000000000333846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b40403a11de47222021-12-21 10:21:57.197root 11241100x8000000000000000333847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128d75b0b79747042021-12-21 10:21:57.197root 11241100x8000000000000000333848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456a518c2426f8922021-12-21 10:21:57.197root 11241100x8000000000000000333849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b4c24f4ae703632021-12-21 10:21:57.197root 11241100x8000000000000000333850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef258e3b87272322021-12-21 10:21:57.197root 11241100x8000000000000000333851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a13084ac2ed29d92021-12-21 10:21:57.197root 11241100x8000000000000000333852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b9c63d6076d30c2021-12-21 10:21:57.197root 11241100x8000000000000000333853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51553961712a225a2021-12-21 10:21:57.693root 11241100x8000000000000000333854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11ed6d715c660702021-12-21 10:21:57.693root 11241100x8000000000000000333855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b71d4d5073a4602021-12-21 10:21:57.694root 11241100x8000000000000000333856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02aa4f646ea2d8b2021-12-21 10:21:57.694root 11241100x8000000000000000333857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619d5ebfb338857d2021-12-21 10:21:57.694root 11241100x8000000000000000333858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4415a6e23089a7a32021-12-21 10:21:57.694root 11241100x8000000000000000333859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea3f93f4e8c30032021-12-21 10:21:57.694root 11241100x8000000000000000333860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdabf73db4241eb22021-12-21 10:21:57.695root 11241100x8000000000000000333861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ae59a0a3211aa22021-12-21 10:21:57.695root 11241100x8000000000000000333862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626f077d576f884a2021-12-21 10:21:57.695root 11241100x8000000000000000333863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc258bbf280f94b62021-12-21 10:21:57.695root 11241100x8000000000000000333864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387f873ecb87d01e2021-12-21 10:21:57.695root 11241100x8000000000000000333865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d7d45541ee62bda2021-12-21 10:21:57.695root 11241100x8000000000000000333866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e1aef98df46eda2021-12-21 10:21:57.695root 11241100x8000000000000000333867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c033a1e7238ab3ab2021-12-21 10:21:57.696root 11241100x8000000000000000333868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c01020f3d407db2021-12-21 10:21:57.696root 11241100x8000000000000000333869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32614194791f2f92021-12-21 10:21:57.696root 11241100x8000000000000000333870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc32ed046f5786f82021-12-21 10:21:57.696root 11241100x8000000000000000333871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab971a47a4646fc2021-12-21 10:21:57.696root 11241100x8000000000000000333872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165f86d66c8ace962021-12-21 10:21:57.696root 11241100x8000000000000000333873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e50c29c0679915a2021-12-21 10:21:57.696root 11241100x8000000000000000333874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0ed15d1658c5022021-12-21 10:21:57.696root 11241100x8000000000000000333875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e63ab438fe81dce2021-12-21 10:21:57.696root 11241100x8000000000000000333876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b123dcb7260ddab12021-12-21 10:21:57.697root 11241100x8000000000000000333877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765ef712701e17622021-12-21 10:21:57.697root 11241100x8000000000000000333878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f476e8a0c9718a882021-12-21 10:21:57.697root 11241100x8000000000000000333879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9150cf20f771f572021-12-21 10:21:57.697root 11241100x8000000000000000333880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a00d0a6eb681922021-12-21 10:21:57.697root 11241100x8000000000000000333881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72c56d528edf4f42021-12-21 10:21:57.697root 11241100x8000000000000000333882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad98bf6583b37e6f2021-12-21 10:21:57.697root 11241100x8000000000000000333883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347a9dc7da43fd122021-12-21 10:21:57.697root 11241100x8000000000000000333884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3095ee2bd0723e2021-12-21 10:21:57.697root 11241100x8000000000000000333885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df51b14ea4dc56e2021-12-21 10:21:57.697root 11241100x8000000000000000333886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61db362176d43eeb2021-12-21 10:21:57.697root 11241100x8000000000000000333887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc96efb3bb501562021-12-21 10:21:57.697root 11241100x8000000000000000333888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71658ce50f582002021-12-21 10:21:57.697root 11241100x8000000000000000333889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0824aff2ce2f632021-12-21 10:21:57.697root 11241100x8000000000000000333890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0144bca703d7e2302021-12-21 10:21:57.698root 11241100x8000000000000000333891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc10fa29b3ef8f22021-12-21 10:21:57.698root 11241100x8000000000000000333892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d748356095b450ff2021-12-21 10:21:57.698root 11241100x8000000000000000333893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931487858e1805262021-12-21 10:21:57.698root 11241100x8000000000000000333894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc9f010fe5be1d32021-12-21 10:21:57.698root 11241100x8000000000000000333895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811dd9d7dbe7058b2021-12-21 10:21:57.698root 11241100x8000000000000000333896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933344acb3cb58812021-12-21 10:21:57.698root 11241100x8000000000000000333897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feca54b6d9ee63842021-12-21 10:21:57.698root 11241100x8000000000000000333898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436e9f866e992fbe2021-12-21 10:21:57.698root 11241100x8000000000000000333899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a896875669027d2021-12-21 10:21:57.698root 11241100x8000000000000000333900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862353df6a5036062021-12-21 10:21:57.698root 11241100x8000000000000000333901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:57.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b731754af0356f2021-12-21 10:21:57.698root 11241100x8000000000000000333902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc9abe2f7e7b50b2021-12-21 10:21:58.193root 11241100x8000000000000000333903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab1521ee47d7f0c2021-12-21 10:21:58.193root 11241100x8000000000000000333904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f0ea97115b3e612021-12-21 10:21:58.193root 11241100x8000000000000000333905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d0f6f46e7b808e2021-12-21 10:21:58.193root 11241100x8000000000000000333906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b226bacf9b2d395c2021-12-21 10:21:58.194root 11241100x8000000000000000333907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a7e199136d5c7b2021-12-21 10:21:58.194root 11241100x8000000000000000333908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2d61954a931f2a2021-12-21 10:21:58.194root 11241100x8000000000000000333909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc179e6891f52c592021-12-21 10:21:58.194root 11241100x8000000000000000333910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a891f637ae7d262021-12-21 10:21:58.194root 11241100x8000000000000000333911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1604b8941b64c0092021-12-21 10:21:58.194root 11241100x8000000000000000333912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7f40a6959346d22021-12-21 10:21:58.194root 11241100x8000000000000000333913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1c5c327d61ba8c2021-12-21 10:21:58.195root 11241100x8000000000000000333914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46bb477255735342021-12-21 10:21:58.195root 11241100x8000000000000000333915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4fc56d03538a232021-12-21 10:21:58.195root 11241100x8000000000000000333916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3670ccbdc5f0eb52021-12-21 10:21:58.195root 11241100x8000000000000000333917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a3ff1134e1e3422021-12-21 10:21:58.195root 11241100x8000000000000000333918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5115191ce4134722021-12-21 10:21:58.195root 11241100x8000000000000000333919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5a4d66b3494d2e2021-12-21 10:21:58.195root 11241100x8000000000000000333920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16133f03640027d2021-12-21 10:21:58.196root 11241100x8000000000000000333921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5f19104b060fef2021-12-21 10:21:58.196root 11241100x8000000000000000333922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4035138af58ad032021-12-21 10:21:58.196root 11241100x8000000000000000333923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458e0ee06fd6131a2021-12-21 10:21:58.196root 11241100x8000000000000000333924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1b1b75c254213e2021-12-21 10:21:58.196root 11241100x8000000000000000333925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4e8538bcc309e12021-12-21 10:21:58.196root 11241100x8000000000000000333926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25edc984a4c57002021-12-21 10:21:58.196root 11241100x8000000000000000333927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42f1dd7921258902021-12-21 10:21:58.196root 11241100x8000000000000000333928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8cba38e1cc76a392021-12-21 10:21:58.196root 11241100x8000000000000000333929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d785f0c708af13222021-12-21 10:21:58.196root 11241100x8000000000000000333930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5836e508fb6b5e742021-12-21 10:21:58.196root 11241100x8000000000000000333931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989756d38ba776982021-12-21 10:21:58.197root 11241100x8000000000000000333932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0143df6ce8efa5a72021-12-21 10:21:58.197root 11241100x8000000000000000333933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c66a4cc63560ec2021-12-21 10:21:58.197root 11241100x8000000000000000333934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6de98ce918544db2021-12-21 10:21:58.197root 11241100x8000000000000000333935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d61ee8d9232ec912021-12-21 10:21:58.197root 11241100x8000000000000000333936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd7f1a0402ca12a2021-12-21 10:21:58.197root 11241100x8000000000000000333937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8951d46ad7551b8c2021-12-21 10:21:58.693root 11241100x8000000000000000333938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f056d05e23c0a72021-12-21 10:21:58.693root 11241100x8000000000000000333939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa928083585277ac2021-12-21 10:21:58.694root 11241100x8000000000000000333940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8dd6d488fc7c6b2021-12-21 10:21:58.694root 11241100x8000000000000000333941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e8f9fe2f2332dd2021-12-21 10:21:58.694root 11241100x8000000000000000333942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788faec1fcc26fa42021-12-21 10:21:58.694root 11241100x8000000000000000333943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5562ca07fa8b98542021-12-21 10:21:58.694root 11241100x8000000000000000333944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0053f97e1a6a27872021-12-21 10:21:58.694root 11241100x8000000000000000333945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb13ba666e7ac212021-12-21 10:21:58.694root 11241100x8000000000000000333946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65674e700a3859ac2021-12-21 10:21:58.694root 11241100x8000000000000000333947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ae1823d23bbef42021-12-21 10:21:58.694root 11241100x8000000000000000333948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5875b27a869b092021-12-21 10:21:58.695root 11241100x8000000000000000333949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500cb74941272ff72021-12-21 10:21:58.695root 11241100x8000000000000000333950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3415d76e94e35ed42021-12-21 10:21:58.695root 11241100x8000000000000000333951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4c0d150f2072e42021-12-21 10:21:58.695root 11241100x8000000000000000333952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe335f92f343d0d2021-12-21 10:21:58.696root 11241100x8000000000000000333953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc637e04d93ff2f2021-12-21 10:21:58.696root 11241100x8000000000000000333954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e696900ebabd5cf2021-12-21 10:21:58.696root 11241100x8000000000000000333955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b2bd0e7150bd742021-12-21 10:21:58.696root 11241100x8000000000000000333956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35624663509328422021-12-21 10:21:58.697root 11241100x8000000000000000333957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c474c845146d6302021-12-21 10:21:58.697root 11241100x8000000000000000333958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd9d5ece2ad99d92021-12-21 10:21:58.697root 11241100x8000000000000000333959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82c11dfe172f29a2021-12-21 10:21:58.697root 11241100x8000000000000000333960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9235b8ff55e736b22021-12-21 10:21:58.697root 11241100x8000000000000000333961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8addadf48d84be7c2021-12-21 10:21:58.697root 11241100x8000000000000000333962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ecd67a9f806bb82021-12-21 10:21:58.697root 11241100x8000000000000000333963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ca75382faab6ce2021-12-21 10:21:58.697root 11241100x8000000000000000333964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9beba53f105ffd0c2021-12-21 10:21:58.700root 11241100x8000000000000000333965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e886d6baef7cf25e2021-12-21 10:21:58.700root 11241100x8000000000000000333966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015beeb32771f0122021-12-21 10:21:58.700root 11241100x8000000000000000333967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3fd80e0f7ca2232021-12-21 10:21:58.700root 11241100x8000000000000000333968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f04071e72b94cad2021-12-21 10:21:58.700root 11241100x8000000000000000333969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28700cc92d6efd112021-12-21 10:21:58.700root 11241100x8000000000000000333970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b053f26352bd532021-12-21 10:21:58.701root 11241100x8000000000000000333971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:58.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b8bb2bd181c3032021-12-21 10:21:58.701root 11241100x8000000000000000333972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07b1e38266e071f2021-12-21 10:21:59.193root 11241100x8000000000000000333973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4317a71b1c8ec72021-12-21 10:21:59.194root 11241100x8000000000000000333974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de4436ae5fb2dff2021-12-21 10:21:59.194root 11241100x8000000000000000333975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40607c23411ea6602021-12-21 10:21:59.194root 11241100x8000000000000000333976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9bad319200e8162021-12-21 10:21:59.195root 11241100x8000000000000000333977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d998e6edd324c32021-12-21 10:21:59.195root 11241100x8000000000000000333978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d13071fe8ce4392021-12-21 10:21:59.195root 11241100x8000000000000000333979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6df5ef596889eb2021-12-21 10:21:59.195root 11241100x8000000000000000333980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a113eab0f29bd3b2021-12-21 10:21:59.195root 11241100x8000000000000000333981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d8e64543940e182021-12-21 10:21:59.195root 11241100x8000000000000000333982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1c322da8abf9382021-12-21 10:21:59.195root 11241100x8000000000000000333983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1b8ffd63aae7342021-12-21 10:21:59.195root 11241100x8000000000000000333984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682ecf56d5678ece2021-12-21 10:21:59.196root 11241100x8000000000000000333985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f234392ca6a48aa2021-12-21 10:21:59.196root 11241100x8000000000000000333986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7794c8b989aba582021-12-21 10:21:59.196root 11241100x8000000000000000333987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2b40726fe8c8dd2021-12-21 10:21:59.196root 11241100x8000000000000000333988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a469661ccb0322ca2021-12-21 10:21:59.196root 11241100x8000000000000000333989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dae45a795a29a8e2021-12-21 10:21:59.196root 11241100x8000000000000000333990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae01d3001860fa92021-12-21 10:21:59.196root 11241100x8000000000000000333991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4379ef054c2fdf982021-12-21 10:21:59.196root 11241100x8000000000000000333992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ce4fc23860f10d2021-12-21 10:21:59.197root 11241100x8000000000000000333993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f88d60773d63cb2021-12-21 10:21:59.197root 11241100x8000000000000000333994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b4d6083174874d2021-12-21 10:21:59.197root 11241100x8000000000000000333995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e4ba50de7633da2021-12-21 10:21:59.197root 11241100x8000000000000000333996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069901399689d0122021-12-21 10:21:59.197root 11241100x8000000000000000333997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f280de77e8dcc82021-12-21 10:21:59.197root 11241100x8000000000000000333998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7d789713989ca42021-12-21 10:21:59.197root 11241100x8000000000000000333999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7539b6ac4ac321d2021-12-21 10:21:59.197root 11241100x8000000000000000334000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc1b3fb59bd5c5c2021-12-21 10:21:59.197root 11241100x8000000000000000334001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b3c39f17ec31c62021-12-21 10:21:59.198root 11241100x8000000000000000334002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d3b59b8584249a2021-12-21 10:21:59.198root 11241100x8000000000000000334003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33116a2e426085022021-12-21 10:21:59.198root 11241100x8000000000000000334004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15968e45cefaac72021-12-21 10:21:59.198root 11241100x8000000000000000334005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c512ec0118add38d2021-12-21 10:21:59.198root 11241100x8000000000000000334006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc6bf71a197e48c2021-12-21 10:21:59.198root 11241100x8000000000000000334007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320eb0a401bc987f2021-12-21 10:21:59.198root 11241100x8000000000000000334008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f236c21c0d951b52021-12-21 10:21:59.693root 11241100x8000000000000000334009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d6091f5f56230c2021-12-21 10:21:59.693root 11241100x8000000000000000334010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f052a53e4859b322021-12-21 10:21:59.693root 11241100x8000000000000000334011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a596b6b093734aa22021-12-21 10:21:59.694root 11241100x8000000000000000334012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6cbe5f2d6335a4e2021-12-21 10:21:59.694root 11241100x8000000000000000334013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5492c8e44f18b872021-12-21 10:21:59.694root 11241100x8000000000000000334014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ea47df3136f8152021-12-21 10:21:59.694root 11241100x8000000000000000334015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b292804eb8a03782021-12-21 10:21:59.695root 11241100x8000000000000000334016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bda104da5b050782021-12-21 10:21:59.695root 11241100x8000000000000000334017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0b3596d0163e772021-12-21 10:21:59.695root 11241100x8000000000000000334018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541d65540b9537e12021-12-21 10:21:59.696root 11241100x8000000000000000334019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa981ab0b3260ce62021-12-21 10:21:59.696root 11241100x8000000000000000334020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a2559f851a03952021-12-21 10:21:59.696root 11241100x8000000000000000334021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b9eb2556e1a0022021-12-21 10:21:59.696root 11241100x8000000000000000334022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12203d7c21a39d652021-12-21 10:21:59.697root 11241100x8000000000000000334023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51cfd321ff7621f2021-12-21 10:21:59.697root 11241100x8000000000000000334024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfc41c9089151ff2021-12-21 10:21:59.697root 11241100x8000000000000000334025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a75e964d3593b72021-12-21 10:21:59.697root 11241100x8000000000000000334026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b22c64954ba2162021-12-21 10:21:59.697root 11241100x8000000000000000334027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712ff9fbb914b5d52021-12-21 10:21:59.697root 11241100x8000000000000000334028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c36f14405cd94b2021-12-21 10:21:59.698root 11241100x8000000000000000334029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c130cc77744507d2021-12-21 10:21:59.698root 11241100x8000000000000000334030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e516310460a8152021-12-21 10:21:59.698root 11241100x8000000000000000334031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8003155b565435b22021-12-21 10:21:59.698root 11241100x8000000000000000334032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8ce2a136796d8b2021-12-21 10:21:59.698root 11241100x8000000000000000334033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffff1f698e7f43ed2021-12-21 10:21:59.698root 11241100x8000000000000000334034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefbe84ec613fbac2021-12-21 10:21:59.698root 11241100x8000000000000000334035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99946cb6f57812932021-12-21 10:21:59.698root 11241100x8000000000000000334036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c28eedeb62ae352021-12-21 10:21:59.699root 11241100x8000000000000000334037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02464d691d18d5462021-12-21 10:21:59.699root 11241100x8000000000000000334038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc08d86348a9aa012021-12-21 10:21:59.699root 11241100x8000000000000000334039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7811c9cb211c5c32021-12-21 10:21:59.699root 11241100x8000000000000000334040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbb956a27f02df72021-12-21 10:21:59.699root 11241100x8000000000000000334041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f2afa6d4b079fc2021-12-21 10:21:59.699root 11241100x8000000000000000334042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f947f41698bf802021-12-21 10:21:59.699root 11241100x8000000000000000334043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08cf6805e88d585e2021-12-21 10:21:59.699root 11241100x8000000000000000334044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c275ac7aac39b02f2021-12-21 10:21:59.700root 11241100x8000000000000000334045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:21:59.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc09a5cd36c964a2021-12-21 10:21:59.700root 354300x8000000000000000334046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.079{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-46994-false10.0.1.12-8000- 11241100x8000000000000000334047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f77e652e5b370082021-12-21 10:22:00.080root 11241100x8000000000000000334048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6eb0ba19984a752021-12-21 10:22:00.080root 11241100x8000000000000000334049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358aa5fdde69c0d02021-12-21 10:22:00.080root 11241100x8000000000000000334050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c8ab342ef691742021-12-21 10:22:00.080root 11241100x8000000000000000334051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67efe982e09ffda82021-12-21 10:22:00.080root 11241100x8000000000000000334052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc3d4b8e6d3a6c92021-12-21 10:22:00.080root 11241100x8000000000000000334053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.080{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202f6c9590fe16c82021-12-21 10:22:00.080root 11241100x8000000000000000334054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9628974d45b586f2021-12-21 10:22:00.081root 11241100x8000000000000000334055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635137423efecf1f2021-12-21 10:22:00.081root 11241100x8000000000000000334056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb0ca5f1228d6ac2021-12-21 10:22:00.081root 11241100x8000000000000000334057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754a0d7df2d50e5d2021-12-21 10:22:00.081root 11241100x8000000000000000334058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3daa0e33751daa5d2021-12-21 10:22:00.081root 11241100x8000000000000000334059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18c3df6b471a61d2021-12-21 10:22:00.081root 11241100x8000000000000000334060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc781b9ddfc8752f2021-12-21 10:22:00.081root 11241100x8000000000000000334061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec16ef4daab395e12021-12-21 10:22:00.081root 11241100x8000000000000000334062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf8da73446980f42021-12-21 10:22:00.082root 11241100x8000000000000000334063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701b829a67f66b5d2021-12-21 10:22:00.082root 11241100x8000000000000000334064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45da942eb021e8512021-12-21 10:22:00.082root 11241100x8000000000000000334065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57652987d48d5eb82021-12-21 10:22:00.082root 11241100x8000000000000000334066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626c7b00799e3e5c2021-12-21 10:22:00.082root 11241100x8000000000000000334067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeba7b7a983c34b32021-12-21 10:22:00.082root 11241100x8000000000000000334068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3f1445e70d16942021-12-21 10:22:00.082root 11241100x8000000000000000334069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d43e8f61f1b11202021-12-21 10:22:00.082root 11241100x8000000000000000334070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c83d32b8529b852021-12-21 10:22:00.083root 11241100x8000000000000000334071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1050976cdb84fd2021-12-21 10:22:00.083root 11241100x8000000000000000334072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390e5436be50708b2021-12-21 10:22:00.083root 11241100x8000000000000000334073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c549603ccab9ca6e2021-12-21 10:22:00.083root 11241100x8000000000000000334074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a42a00dec75e7a2021-12-21 10:22:00.083root 11241100x8000000000000000334075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2bcf75d2608c812021-12-21 10:22:00.084root 11241100x8000000000000000334076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca24d57ad5df3e042021-12-21 10:22:00.084root 11241100x8000000000000000334077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8ffd56678bf8662021-12-21 10:22:00.084root 11241100x8000000000000000334078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac4f88a682eddda2021-12-21 10:22:00.084root 11241100x8000000000000000334079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de81a4fea07fb132021-12-21 10:22:00.084root 11241100x8000000000000000334080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958d1eb46f8106d52021-12-21 10:22:00.084root 11241100x8000000000000000334081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a3c358c22ad1212021-12-21 10:22:00.084root 11241100x8000000000000000334082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072e1b666468934c2021-12-21 10:22:00.084root 11241100x8000000000000000334083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecac241e4aa72f792021-12-21 10:22:00.084root 11241100x8000000000000000334084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.084{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0720c345f5dc3c2021-12-21 10:22:00.084root 11241100x8000000000000000334085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8933bbac347724662021-12-21 10:22:00.085root 11241100x8000000000000000334086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c779efb3e9381ed42021-12-21 10:22:00.085root 11241100x8000000000000000334087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9022ec3d265057ba2021-12-21 10:22:00.085root 11241100x8000000000000000334088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecb5fdcb73415c12021-12-21 10:22:00.085root 11241100x8000000000000000334089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4886855434cb4442021-12-21 10:22:00.085root 11241100x8000000000000000334090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9bd9f172cab7822021-12-21 10:22:00.085root 11241100x8000000000000000334091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864e884b1986e7942021-12-21 10:22:00.085root 11241100x8000000000000000334092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.085{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1629397ae54f7fc92021-12-21 10:22:00.085root 11241100x8000000000000000334093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8dfbb2592aeeea92021-12-21 10:22:00.086root 11241100x8000000000000000334094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c56df5b7aaf31a62021-12-21 10:22:00.086root 11241100x8000000000000000334095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75169e9a1d7c7462021-12-21 10:22:00.086root 11241100x8000000000000000334096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9343b6268cd2d0162021-12-21 10:22:00.086root 11241100x8000000000000000334097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f54fdfda5eb43a2021-12-21 10:22:00.086root 11241100x8000000000000000334098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b69c6178e311e92021-12-21 10:22:00.086root 11241100x8000000000000000334099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.086{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92a4d0e4dee46612021-12-21 10:22:00.086root 11241100x8000000000000000334100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8221e685112128a2021-12-21 10:22:00.087root 11241100x8000000000000000334101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4cba02a169712d2021-12-21 10:22:00.087root 11241100x8000000000000000334102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8b260d37e26f8c2021-12-21 10:22:00.087root 11241100x8000000000000000334103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea310ab144fd3672021-12-21 10:22:00.087root 11241100x8000000000000000334104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854df210e77a4a5e2021-12-21 10:22:00.087root 11241100x8000000000000000334105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21811990576c312b2021-12-21 10:22:00.087root 11241100x8000000000000000334106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e552067294efe2df2021-12-21 10:22:00.087root 11241100x8000000000000000334107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26534cd8d02fcb802021-12-21 10:22:00.087root 11241100x8000000000000000334108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92ed92f4afb3b2c2021-12-21 10:22:00.087root 11241100x8000000000000000334109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264a0ce782104ef32021-12-21 10:22:00.087root 11241100x8000000000000000334110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.087{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101e5fb507b11def2021-12-21 10:22:00.087root 11241100x8000000000000000334111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1687905768b83372021-12-21 10:22:00.088root 11241100x8000000000000000334112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d366b9071b26802021-12-21 10:22:00.088root 11241100x8000000000000000334113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e67df854599386e2021-12-21 10:22:00.088root 11241100x8000000000000000334114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8de9c344a33ba22021-12-21 10:22:00.088root 11241100x8000000000000000334115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f658da8aa957aa62021-12-21 10:22:00.088root 11241100x8000000000000000334116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae7feb7406fd3b12021-12-21 10:22:00.088root 11241100x8000000000000000334117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.088{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9bdd34a1d3cdd902021-12-21 10:22:00.088root 11241100x8000000000000000334118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4fa0ce1040f73772021-12-21 10:22:00.089root 11241100x8000000000000000334119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3273a7d1f9045eea2021-12-21 10:22:00.089root 11241100x8000000000000000334120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0047996e78a5e0ef2021-12-21 10:22:00.089root 11241100x8000000000000000334121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7ee6ceb6cbca402021-12-21 10:22:00.443root 11241100x8000000000000000334122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323ebfef3d67f39a2021-12-21 10:22:00.443root 11241100x8000000000000000334123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bdbf0ccd6be19172021-12-21 10:22:00.443root 11241100x8000000000000000334124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d4c9ac226c83ff2021-12-21 10:22:00.443root 11241100x8000000000000000334125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e862e7a42977ec2021-12-21 10:22:00.443root 11241100x8000000000000000334126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ecb5d0cf85adf632021-12-21 10:22:00.443root 11241100x8000000000000000334127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8eb56d496ec11492021-12-21 10:22:00.443root 11241100x8000000000000000334128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d69b1fe41f114e2021-12-21 10:22:00.443root 11241100x8000000000000000334129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbf00563808a12c2021-12-21 10:22:00.444root 11241100x8000000000000000334130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85af9a0e62f50142021-12-21 10:22:00.444root 11241100x8000000000000000334131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38bef554e614c5bf2021-12-21 10:22:00.445root 11241100x8000000000000000334132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69df0b06a6e1fcd62021-12-21 10:22:00.445root 11241100x8000000000000000334133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b342627ef4c7c712021-12-21 10:22:00.445root 11241100x8000000000000000334134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d071318ebb1476e72021-12-21 10:22:00.446root 11241100x8000000000000000334135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388354251223c5142021-12-21 10:22:00.446root 11241100x8000000000000000334136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c607557b85ea6832021-12-21 10:22:00.446root 11241100x8000000000000000334137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5a8027c95b56722021-12-21 10:22:00.446root 11241100x8000000000000000334138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b479f21ee34d73c12021-12-21 10:22:00.447root 11241100x8000000000000000334139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e0b7d7b822a6c12021-12-21 10:22:00.447root 11241100x8000000000000000334140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc0bc41cb87f0be2021-12-21 10:22:00.447root 11241100x8000000000000000334141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134986f6e54d8c8b2021-12-21 10:22:00.447root 11241100x8000000000000000334142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4fa61bea7309932021-12-21 10:22:00.447root 11241100x8000000000000000334143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0fa2c37c93b5d222021-12-21 10:22:00.448root 11241100x8000000000000000334144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db49a9f7945a43702021-12-21 10:22:00.448root 11241100x8000000000000000334145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7517b66735fd6ed2021-12-21 10:22:00.448root 11241100x8000000000000000334146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d48971555fff8f2021-12-21 10:22:00.448root 11241100x8000000000000000334147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4eec25c9d6c5e42021-12-21 10:22:00.448root 11241100x8000000000000000334148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43a48df875f32d32021-12-21 10:22:00.449root 11241100x8000000000000000334149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3fd8a43bca56f132021-12-21 10:22:00.449root 11241100x8000000000000000334150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904415d900c068d82021-12-21 10:22:00.449root 11241100x8000000000000000334151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b23b67658810702021-12-21 10:22:00.449root 11241100x8000000000000000334152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd51745b33513b02021-12-21 10:22:00.449root 11241100x8000000000000000334153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa5b0b2e41cd51f2021-12-21 10:22:00.450root 11241100x8000000000000000334154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b267628a7f3219a2021-12-21 10:22:00.450root 11241100x8000000000000000334155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa5654e0d0965dc2021-12-21 10:22:00.450root 11241100x8000000000000000334156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e97827324a21652021-12-21 10:22:00.450root 11241100x8000000000000000334157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb41b475326ff8a2021-12-21 10:22:00.451root 11241100x8000000000000000334158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c30709b317708aa2021-12-21 10:22:00.451root 11241100x8000000000000000334159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945aec5c89c781a92021-12-21 10:22:00.451root 11241100x8000000000000000334160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474b7308d251828e2021-12-21 10:22:00.451root 11241100x8000000000000000334161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaff8fed97caec2b2021-12-21 10:22:00.451root 11241100x8000000000000000334162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9a255f003b62da2021-12-21 10:22:00.451root 11241100x8000000000000000334163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f51676ade7a2a922021-12-21 10:22:00.451root 11241100x8000000000000000334164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245804d899efd0ad2021-12-21 10:22:00.452root 11241100x8000000000000000334165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.698{ec2b6afe-aac8-61c1-e0f7-1f3839560000}5584/usr/sbin/sshd/proc/5584/oom_score_adj2021-12-21 10:22:00.698root 154100x8000000000000000334166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.698{ec2b6afe-aac8-61c1-e0a7-07c689550000}5584/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}1173--- 11241100x8000000000000000334167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45353193cc20f6562021-12-21 10:22:00.699root 11241100x8000000000000000334168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9c2752f60149f12021-12-21 10:22:00.699root 11241100x8000000000000000334169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c41a9a328ed83ed2021-12-21 10:22:00.700root 11241100x8000000000000000334170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac45b72d793b5a92021-12-21 10:22:00.700root 11241100x8000000000000000334171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f42d0f62e5fb452021-12-21 10:22:00.700root 11241100x8000000000000000334172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c80128b6ed2f4c72021-12-21 10:22:00.700root 11241100x8000000000000000334173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f050f57b432f25262021-12-21 10:22:00.701root 11241100x8000000000000000334174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24368f98a70ed5572021-12-21 10:22:00.701root 11241100x8000000000000000334175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7835c2b5854b29b92021-12-21 10:22:00.701root 11241100x8000000000000000334176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43294487c23844d02021-12-21 10:22:00.702root 11241100x8000000000000000334177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e41d00475ad7ea42021-12-21 10:22:00.702root 11241100x8000000000000000334178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04600ff9011b65262021-12-21 10:22:00.703root 11241100x8000000000000000334179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0494c4e285a32e32021-12-21 10:22:00.703root 11241100x8000000000000000334180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6fe910392c1c2da2021-12-21 10:22:00.704root 11241100x8000000000000000334181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1cf8ed782b416822021-12-21 10:22:00.704root 11241100x8000000000000000334182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d428e3df604c848f2021-12-21 10:22:00.704root 11241100x8000000000000000334183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f79c83d4ee043222021-12-21 10:22:00.704root 11241100x8000000000000000334184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc5d06baeb1a6a22021-12-21 10:22:00.704root 11241100x8000000000000000334185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148a62cfe2e3a3232021-12-21 10:22:00.705root 11241100x8000000000000000334186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436caa514077c8e32021-12-21 10:22:00.705root 11241100x8000000000000000334187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbe05638d20664b2021-12-21 10:22:00.705root 11241100x8000000000000000334188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3311dcbe2666fa372021-12-21 10:22:00.705root 11241100x8000000000000000334189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee0edeecec389d12021-12-21 10:22:00.705root 11241100x8000000000000000334190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d50d7aa716375a2021-12-21 10:22:00.706root 11241100x8000000000000000334191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cecdc0e7da95310c2021-12-21 10:22:00.706root 11241100x8000000000000000334192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fab4a3b94742a612021-12-21 10:22:00.706root 11241100x8000000000000000334193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92823a7827c1b5d2021-12-21 10:22:00.706root 11241100x8000000000000000334194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93caf4962bd2fc322021-12-21 10:22:00.706root 11241100x8000000000000000334195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94fab0a5f1613dd52021-12-21 10:22:00.707root 11241100x8000000000000000334196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5fe6f1328456212021-12-21 10:22:00.707root 11241100x8000000000000000334197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37063a7aeddcf662021-12-21 10:22:00.707root 11241100x8000000000000000334198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5985897162d23ee2021-12-21 10:22:00.707root 11241100x8000000000000000334199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dea30c7c1f42ed92021-12-21 10:22:00.707root 11241100x8000000000000000334200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101669c10e90c1d32021-12-21 10:22:00.707root 11241100x8000000000000000334201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f9646b99519c972021-12-21 10:22:00.707root 11241100x8000000000000000334202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fa037a958b11192021-12-21 10:22:00.708root 11241100x8000000000000000334203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6002baaad63aab052021-12-21 10:22:00.708root 11241100x8000000000000000334204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc371b51dc347d92021-12-21 10:22:00.708root 11241100x8000000000000000334205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1f3d40bbaf17232021-12-21 10:22:00.708root 11241100x8000000000000000334206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c03cffaafcb7b982021-12-21 10:22:00.708root 11241100x8000000000000000334207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101f81709f4e45862021-12-21 10:22:00.708root 11241100x8000000000000000334208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46df958489d889b02021-12-21 10:22:00.708root 11241100x8000000000000000334209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fe901161cd929c2021-12-21 10:22:00.708root 11241100x8000000000000000334210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3c11f828a703482021-12-21 10:22:00.708root 11241100x8000000000000000334211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e421ac802e989b1a2021-12-21 10:22:00.709root 11241100x8000000000000000334212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db23edb17a8e22e82021-12-21 10:22:00.709root 11241100x8000000000000000334213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7588baae7036f8f2021-12-21 10:22:00.709root 11241100x8000000000000000334214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e04d69cad0db0cc2021-12-21 10:22:00.709root 11241100x8000000000000000334215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:00.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ece4c809c7f60a92021-12-21 10:22:00.709root 11241100x8000000000000000334216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4316e4e75c2784572021-12-21 10:22:01.193root 11241100x8000000000000000334217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60e0ec25c9bea192021-12-21 10:22:01.193root 11241100x8000000000000000334218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14346788b3db40742021-12-21 10:22:01.193root 11241100x8000000000000000334219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4ee31b52f5b9742021-12-21 10:22:01.193root 11241100x8000000000000000334220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f60c3df470eb2ae2021-12-21 10:22:01.194root 11241100x8000000000000000334221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25626ada69c284d52021-12-21 10:22:01.194root 11241100x8000000000000000334222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6cfbf2ae26845c2021-12-21 10:22:01.194root 11241100x8000000000000000334223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dbb2a34ff943efe2021-12-21 10:22:01.194root 11241100x8000000000000000334224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f19c727e2de6322021-12-21 10:22:01.194root 11241100x8000000000000000334225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbabc1cb6b68a232021-12-21 10:22:01.194root 11241100x8000000000000000334226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee4c244a890adcb2021-12-21 10:22:01.194root 11241100x8000000000000000334227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21a7d524740eea72021-12-21 10:22:01.195root 11241100x8000000000000000334228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9c162d880231852021-12-21 10:22:01.195root 11241100x8000000000000000334229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f20a292018a98e12021-12-21 10:22:01.195root 11241100x8000000000000000334230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb0613f566f4eef2021-12-21 10:22:01.195root 11241100x8000000000000000334231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3c2669bd3b53b72021-12-21 10:22:01.195root 11241100x8000000000000000334232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff44834c28688b12021-12-21 10:22:01.195root 11241100x8000000000000000334233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d8f4a295bad6e72021-12-21 10:22:01.195root 11241100x8000000000000000334234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a912e62dc81b94442021-12-21 10:22:01.196root 11241100x8000000000000000334235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a857530d4dbf892b2021-12-21 10:22:01.196root 11241100x8000000000000000334236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54697f2d9218a4a2021-12-21 10:22:01.196root 11241100x8000000000000000334237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670473428910a8322021-12-21 10:22:01.196root 11241100x8000000000000000334238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731b153a74dcd6d52021-12-21 10:22:01.196root 11241100x8000000000000000334239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe646241451ff4032021-12-21 10:22:01.196root 11241100x8000000000000000334240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bac6b9abb7d0cb32021-12-21 10:22:01.196root 11241100x8000000000000000334241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327b6cd9e756f7fe2021-12-21 10:22:01.197root 11241100x8000000000000000334242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13f5670548eb42c2021-12-21 10:22:01.197root 11241100x8000000000000000334243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd80ebc5613b383d2021-12-21 10:22:01.197root 11241100x8000000000000000334244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9812ac57f9b3f3b2021-12-21 10:22:01.197root 11241100x8000000000000000334245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fa95b22c1e849f2021-12-21 10:22:01.197root 11241100x8000000000000000334246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71494daddbcc363d2021-12-21 10:22:01.197root 11241100x8000000000000000334247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81130411fa9244aa2021-12-21 10:22:01.198root 11241100x8000000000000000334248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cea6d058cab97a2021-12-21 10:22:01.198root 11241100x8000000000000000334249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5055d9800688b6732021-12-21 10:22:01.198root 11241100x8000000000000000334250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34413c2480e60e9e2021-12-21 10:22:01.198root 11241100x8000000000000000334251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38ef5fd1006a7152021-12-21 10:22:01.198root 11241100x8000000000000000334252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54c422b0c9fcbe12021-12-21 10:22:01.198root 11241100x8000000000000000334253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b4de3bfce120d42021-12-21 10:22:01.198root 11241100x8000000000000000334254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b480762fc2ad14f52021-12-21 10:22:01.199root 11241100x8000000000000000334255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e14152abe1e2fed2021-12-21 10:22:01.199root 11241100x8000000000000000334256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697521ed688d93942021-12-21 10:22:01.199root 11241100x8000000000000000334257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d765b392816db82021-12-21 10:22:01.199root 11241100x8000000000000000334258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487daf348a4fe79b2021-12-21 10:22:01.199root 11241100x8000000000000000334259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ecf13793757e2a2021-12-21 10:22:01.199root 11241100x8000000000000000334260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a04813f330d2782021-12-21 10:22:01.199root 11241100x8000000000000000334261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7100702715357642021-12-21 10:22:01.199root 11241100x8000000000000000334262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef753ad331f50e52021-12-21 10:22:01.200root 11241100x8000000000000000334263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbc29abe74496302021-12-21 10:22:01.200root 11241100x8000000000000000334264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df01f28bc1f199542021-12-21 10:22:01.200root 11241100x8000000000000000334265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d3c2e09e624cd82021-12-21 10:22:01.200root 11241100x8000000000000000334266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b024538cdaba38e2021-12-21 10:22:01.200root 11241100x8000000000000000334267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebb78a32752d42f2021-12-21 10:22:01.200root 11241100x8000000000000000334268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ffbc4c25cbf0a32021-12-21 10:22:01.200root 11241100x8000000000000000334269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5443a5de3fa4e4172021-12-21 10:22:01.200root 11241100x8000000000000000334270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d470c78c13817062021-12-21 10:22:01.200root 11241100x8000000000000000334271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248df5a07ab2d1ae2021-12-21 10:22:01.200root 11241100x8000000000000000334272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c3dac88dade82e2021-12-21 10:22:01.201root 11241100x8000000000000000334273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e4791a851bfee42021-12-21 10:22:01.693root 11241100x8000000000000000334274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72f21475453a13a2021-12-21 10:22:01.693root 11241100x8000000000000000334275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006acfa6ad84dbd02021-12-21 10:22:01.693root 11241100x8000000000000000334276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2537b81a30b65bd2021-12-21 10:22:01.693root 11241100x8000000000000000334277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca5e24d977288692021-12-21 10:22:01.693root 11241100x8000000000000000334278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250aa9dcce4314032021-12-21 10:22:01.693root 11241100x8000000000000000334279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffc48cb30d69e042021-12-21 10:22:01.693root 11241100x8000000000000000334280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0473499a87f938482021-12-21 10:22:01.693root 11241100x8000000000000000334281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a756ef074d6f0b2021-12-21 10:22:01.693root 11241100x8000000000000000334282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556507ca15b4dbe12021-12-21 10:22:01.693root 11241100x8000000000000000334283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882cae877b08ffd32021-12-21 10:22:01.693root 11241100x8000000000000000334284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d11e4e9b51a59112021-12-21 10:22:01.693root 11241100x8000000000000000334285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae67694412bb025c2021-12-21 10:22:01.694root 11241100x8000000000000000334286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0638019ff8714db72021-12-21 10:22:01.694root 11241100x8000000000000000334287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8225acea59e90c2021-12-21 10:22:01.694root 11241100x8000000000000000334288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16a1883645f53112021-12-21 10:22:01.694root 11241100x8000000000000000334289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b0a35cb74a10d52021-12-21 10:22:01.694root 11241100x8000000000000000334290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4580851f106dceb2021-12-21 10:22:01.694root 11241100x8000000000000000334291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db7e714204118232021-12-21 10:22:01.694root 11241100x8000000000000000334292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601ecbb8eaeb64972021-12-21 10:22:01.694root 11241100x8000000000000000334293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbef4f14f0a7bae22021-12-21 10:22:01.695root 11241100x8000000000000000334294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4bc7098e521a7712021-12-21 10:22:01.695root 11241100x8000000000000000334295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f4e461ed13c48c2021-12-21 10:22:01.695root 11241100x8000000000000000334296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4775b3023e767a42021-12-21 10:22:01.695root 11241100x8000000000000000334297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6909addda7466b2021-12-21 10:22:01.695root 11241100x8000000000000000334298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3361be38e5c9ea22021-12-21 10:22:01.695root 11241100x8000000000000000334299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650d30b8b89ef4112021-12-21 10:22:01.696root 11241100x8000000000000000334300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ed4bbe33641c1c2021-12-21 10:22:01.696root 11241100x8000000000000000334301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f99131643b64212021-12-21 10:22:01.696root 11241100x8000000000000000334302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd316bca0f030262021-12-21 10:22:01.696root 11241100x8000000000000000334303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439d3c992640260f2021-12-21 10:22:01.696root 11241100x8000000000000000334304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d30b72f2ae20422021-12-21 10:22:01.696root 11241100x8000000000000000334305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934892df2b46b4fd2021-12-21 10:22:01.696root 11241100x8000000000000000334306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b44092b42a5b0f12021-12-21 10:22:01.696root 11241100x8000000000000000334307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0007d5990eba7c022021-12-21 10:22:01.697root 11241100x8000000000000000334308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7182095fb5b4f32021-12-21 10:22:01.697root 11241100x8000000000000000334309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e654360de0694cc2021-12-21 10:22:01.697root 11241100x8000000000000000334310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d67927c8ffff7382021-12-21 10:22:01.697root 11241100x8000000000000000334311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4a3815fff14c212021-12-21 10:22:01.697root 11241100x8000000000000000334312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1f8849c19a44642021-12-21 10:22:01.697root 11241100x8000000000000000334313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c8facdf14b00fa2021-12-21 10:22:01.697root 11241100x8000000000000000334314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b76c78288149c32021-12-21 10:22:01.697root 11241100x8000000000000000334315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6143350f9746dd632021-12-21 10:22:01.697root 11241100x8000000000000000334316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9b44c77b3ed59e2021-12-21 10:22:01.698root 11241100x8000000000000000334317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ad9163ce7e640a2021-12-21 10:22:01.698root 11241100x8000000000000000334318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18d5f977a600c372021-12-21 10:22:01.698root 11241100x8000000000000000334319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c050d1cdc2eded72021-12-21 10:22:01.698root 11241100x8000000000000000334320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950945a0920fa27e2021-12-21 10:22:01.698root 11241100x8000000000000000334321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fef0f36eed75cbd2021-12-21 10:22:01.698root 11241100x8000000000000000334322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6b4c31f83ef43d2021-12-21 10:22:01.698root 11241100x8000000000000000334323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db18950e0b0c9aee2021-12-21 10:22:01.699root 11241100x8000000000000000334324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ec531f8c64db942021-12-21 10:22:01.699root 11241100x8000000000000000334325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96eec9a6de50aafb2021-12-21 10:22:01.699root 11241100x8000000000000000334326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999a9759e5a7dbf12021-12-21 10:22:01.699root 11241100x8000000000000000334327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45282abb2d2b4b402021-12-21 10:22:01.699root 11241100x8000000000000000334328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f40db53472529f22021-12-21 10:22:01.699root 11241100x8000000000000000334329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def07e7c0c2705112021-12-21 10:22:01.700root 11241100x8000000000000000334330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffbd4eb70fd4aca2021-12-21 10:22:01.700root 11241100x8000000000000000334331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb58c6feb6a6a9ab2021-12-21 10:22:01.700root 11241100x8000000000000000334332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:01.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9eb11d0447b8ed92021-12-21 10:22:01.700root 11241100x8000000000000000334333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78f19a254fc85152021-12-21 10:22:02.193root 11241100x8000000000000000334334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed3ff352050a1e72021-12-21 10:22:02.193root 11241100x8000000000000000334335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38af0936e41f38b22021-12-21 10:22:02.193root 11241100x8000000000000000334336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95685e343fa60ed62021-12-21 10:22:02.193root 11241100x8000000000000000334337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30e20ad3ce2a1352021-12-21 10:22:02.193root 11241100x8000000000000000334338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2593e606928b93bc2021-12-21 10:22:02.194root 11241100x8000000000000000334339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d3e58c8493fa4d2021-12-21 10:22:02.194root 11241100x8000000000000000334340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbe1f5c60507ab72021-12-21 10:22:02.194root 11241100x8000000000000000334341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddc9a82830aadf82021-12-21 10:22:02.194root 11241100x8000000000000000334342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb773f0e02cace72021-12-21 10:22:02.194root 11241100x8000000000000000334343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c02b4e0c21a8382021-12-21 10:22:02.194root 11241100x8000000000000000334344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d50f7c67c4fd902021-12-21 10:22:02.194root 11241100x8000000000000000334345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbeccf49bda78c62021-12-21 10:22:02.194root 11241100x8000000000000000334346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc74cacfa4f2c0542021-12-21 10:22:02.194root 11241100x8000000000000000334347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63815c999df5fcbe2021-12-21 10:22:02.195root 11241100x8000000000000000334348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c71258204cc61b2021-12-21 10:22:02.195root 11241100x8000000000000000334349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc5de8364fa66c62021-12-21 10:22:02.195root 11241100x8000000000000000334350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf6272c666fd9972021-12-21 10:22:02.195root 11241100x8000000000000000334351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70eeacbb35b22db12021-12-21 10:22:02.195root 11241100x8000000000000000334352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733f296ce228961d2021-12-21 10:22:02.196root 11241100x8000000000000000334353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7695198465e5da882021-12-21 10:22:02.196root 11241100x8000000000000000334354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d722a18063a2c4b2021-12-21 10:22:02.196root 11241100x8000000000000000334355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2328a291d7ef89052021-12-21 10:22:02.196root 11241100x8000000000000000334356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7616c103a6d09b2021-12-21 10:22:02.196root 11241100x8000000000000000334357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e218f19d410172fd2021-12-21 10:22:02.196root 11241100x8000000000000000334358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53774c5248e9cac72021-12-21 10:22:02.196root 11241100x8000000000000000334359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847f1b5538a2a66c2021-12-21 10:22:02.196root 11241100x8000000000000000334360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee64ab46fd958c82021-12-21 10:22:02.196root 11241100x8000000000000000334361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48843b21b2ce4a1f2021-12-21 10:22:02.196root 11241100x8000000000000000334362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162902640e0bd67d2021-12-21 10:22:02.196root 11241100x8000000000000000334363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265d01a66f49bd142021-12-21 10:22:02.196root 11241100x8000000000000000334364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90925c6a9c0fd14b2021-12-21 10:22:02.196root 11241100x8000000000000000334365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ab46b74dc7d2952021-12-21 10:22:02.196root 11241100x8000000000000000334366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3b6aea993f4a342021-12-21 10:22:02.197root 11241100x8000000000000000334367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c666aec375caff2021-12-21 10:22:02.197root 11241100x8000000000000000334368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c3c7b8228365fb2021-12-21 10:22:02.197root 11241100x8000000000000000334369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ecd81fafbc2d71f2021-12-21 10:22:02.197root 11241100x8000000000000000334370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7b490bb82007392021-12-21 10:22:02.197root 11241100x8000000000000000334371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf8f2a1c2ffb5af2021-12-21 10:22:02.197root 11241100x8000000000000000334372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73f5ff11fb408ee2021-12-21 10:22:02.197root 11241100x8000000000000000334373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b296c178621179902021-12-21 10:22:02.197root 11241100x8000000000000000334374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80007c0631ded582021-12-21 10:22:02.197root 11241100x8000000000000000334375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05d5e248ef98e312021-12-21 10:22:02.197root 11241100x8000000000000000334376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1494110a22c6fd752021-12-21 10:22:02.197root 11241100x8000000000000000334377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd6840c128103682021-12-21 10:22:02.197root 11241100x8000000000000000334378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c778de093b18b92021-12-21 10:22:02.198root 11241100x8000000000000000334379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0db7ba10d65b5e72021-12-21 10:22:02.198root 11241100x8000000000000000334380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862de18b78139e392021-12-21 10:22:02.198root 11241100x8000000000000000334381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef1dff1dbeea05c2021-12-21 10:22:02.198root 11241100x8000000000000000334382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65eecefed1be7632021-12-21 10:22:02.198root 11241100x8000000000000000334383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c25a4c3289cc0942021-12-21 10:22:02.198root 11241100x8000000000000000334384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.accb1c2416e0c2642021-12-21 10:22:02.198root 11241100x8000000000000000334385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96a6be38c0741842021-12-21 10:22:02.198root 11241100x8000000000000000334386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc7bbf93cb9cf1b2021-12-21 10:22:02.198root 11241100x8000000000000000334387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575629d81da4b2ef2021-12-21 10:22:02.693root 11241100x8000000000000000334388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce981425c9a2f6c02021-12-21 10:22:02.693root 11241100x8000000000000000334389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cae3aec4b1928f2021-12-21 10:22:02.694root 11241100x8000000000000000334390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cad9d5fdc245f042021-12-21 10:22:02.694root 11241100x8000000000000000334391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22a54399303e82b2021-12-21 10:22:02.694root 11241100x8000000000000000334392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22bfdfabd5e7d2e22021-12-21 10:22:02.694root 11241100x8000000000000000334393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def7623da34d8c3c2021-12-21 10:22:02.694root 11241100x8000000000000000334394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6476044828ac1ae2021-12-21 10:22:02.695root 11241100x8000000000000000334395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec46cbb950b50ee42021-12-21 10:22:02.695root 11241100x8000000000000000334396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eef730d3e9dbbc52021-12-21 10:22:02.695root 11241100x8000000000000000334397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f2495c4a73b07b2021-12-21 10:22:02.695root 11241100x8000000000000000334398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7104395aababcd2021-12-21 10:22:02.695root 11241100x8000000000000000334399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39388888a172b9a2021-12-21 10:22:02.695root 11241100x8000000000000000334400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd49724ce5c4d2d2021-12-21 10:22:02.695root 11241100x8000000000000000334401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0639ad95fd1a6cf52021-12-21 10:22:02.695root 11241100x8000000000000000334402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93517fa62f8671f32021-12-21 10:22:02.695root 11241100x8000000000000000334403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39063440781447e52021-12-21 10:22:02.695root 11241100x8000000000000000334404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8602d34b067fc0f32021-12-21 10:22:02.696root 11241100x8000000000000000334405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582bbb51a44948692021-12-21 10:22:02.696root 11241100x8000000000000000334406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80aa8e7acb5d17002021-12-21 10:22:02.696root 11241100x8000000000000000334407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb267650297c0b32021-12-21 10:22:02.696root 11241100x8000000000000000334408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca750138c92909b92021-12-21 10:22:02.696root 11241100x8000000000000000334409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8f8df11bbf7a0d2021-12-21 10:22:02.696root 11241100x8000000000000000334410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15157f190085da72021-12-21 10:22:02.696root 11241100x8000000000000000334411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9c24a2b9486dd02021-12-21 10:22:02.696root 11241100x8000000000000000334412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e79561d13490f1f2021-12-21 10:22:02.696root 11241100x8000000000000000334413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf112e5366e029d2021-12-21 10:22:02.696root 11241100x8000000000000000334414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac11ba9f4050d0f2021-12-21 10:22:02.697root 11241100x8000000000000000334415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797284eb000d421a2021-12-21 10:22:02.697root 11241100x8000000000000000334416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc9a99a353dc49f2021-12-21 10:22:02.697root 11241100x8000000000000000334417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aacb1f1bb08290c2021-12-21 10:22:02.697root 11241100x8000000000000000334418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595949958b0e48032021-12-21 10:22:02.697root 11241100x8000000000000000334419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b11feec248b4402021-12-21 10:22:02.697root 11241100x8000000000000000334420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b439c01b3713a4852021-12-21 10:22:02.697root 11241100x8000000000000000334421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a588b46a8e1113c2021-12-21 10:22:02.697root 11241100x8000000000000000334422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe7eae31727c4ad2021-12-21 10:22:02.697root 11241100x8000000000000000334423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d747f4141369ae2021-12-21 10:22:02.697root 11241100x8000000000000000334424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac01561942970ae2021-12-21 10:22:02.698root 11241100x8000000000000000334425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7fa0e6aa78c41792021-12-21 10:22:02.698root 11241100x8000000000000000334426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c13809581562b5f2021-12-21 10:22:02.698root 11241100x8000000000000000334427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ab1573c6cfc4262021-12-21 10:22:02.698root 11241100x8000000000000000334428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8366872f5d7644852021-12-21 10:22:02.698root 534500x8000000000000000334429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.842{ec2b6afe-a535-61c1-0000-000000000000}5585-sshd 11241100x8000000000000000334430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.844{ec2b6afe-922b-61c1-5869-7f35a1550000}1/lib/systemd/systemd/run/systemd/transient/session-6.scope2021-12-21 10:22:02.844root 11241100x8000000000000000334431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.847{ec2b6afe-923a-61c1-80f3-458708560000}968/lib/systemd/systemd-logind/run/systemd/sessions/.#6IWamAo2021-12-21 10:22:02.847root 11241100x8000000000000000334432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.847{ec2b6afe-923a-61c1-80f3-458708560000}968/lib/systemd/systemd-logind/run/systemd/users/.#1000cEMEB02021-12-21 10:22:02.847root 11241100x8000000000000000334433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.848{ec2b6afe-923a-61c1-80f3-458708560000}968/lib/systemd/systemd-logind/run/systemd/sessions/.#6IPUYCC2021-12-21 10:22:02.848root 11241100x8000000000000000334434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.848{ec2b6afe-923a-61c1-80f3-458708560000}968/lib/systemd/systemd-logind/run/systemd/sessions/.#6ovHjEe2021-12-21 10:22:02.848root 11241100x8000000000000000334435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.848{ec2b6afe-923a-61c1-80f3-458708560000}968/lib/systemd/systemd-logind/run/systemd/users/.#1000yiWEFQ2021-12-21 10:22:02.848root 154100x8000000000000000334436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.848{ec2b6afe-aaca-61c1-68a2-7e8676550000}5586/bin/dash-----sh -c /usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d > /run/motd.dynamic.new/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aac8-61c1-e0a7-07c689550000}5584/usr/sbin/sshd/usr/sbin/sshdroot 11241100x8000000000000000334437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.849{ec2b6afe-aaca-61c1-68a2-7e8676550000}5586/bin/dash/run/motd.dynamic.new2021-12-21 10:22:02.849root 154100x8000000000000000334438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.849{ec2b6afe-aaca-61c1-785c-6f542d560000}5587/usr/bin/env-----/usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-68a2-7e8676550000}5586/bin/dashshroot 154100x8000000000000000334439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.849{ec2b6afe-aaca-61c1-383a-fcc925560000}5587/bin/run-parts-----run-parts --lsbsysinit /etc/update-motd.d/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-68a2-7e8676550000}5586/bin/dashshroot 154100x8000000000000000334440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.851{ec2b6afe-aaca-61c1-68b2-e9b990550000}5588/bin/dash-----/bin/sh /etc/update-motd.d/00-header/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-383a-fcc925560000}5587/bin/run-partsrun-partsroot 154100x8000000000000000334441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.851{ec2b6afe-aaca-61c1-803e-2775a3550000}5589/bin/uname-----uname -o/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-68b2-e9b990550000}5588/bin/dash/bin/shroot 534500x8000000000000000334442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.852{ec2b6afe-aaca-61c1-803e-2775a3550000}5589/bin/unameroot 154100x8000000000000000334443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.852{ec2b6afe-aaca-61c1-801e-929dea550000}5590/bin/uname-----uname -r/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-68b2-e9b990550000}5588/bin/dash/bin/shroot 534500x8000000000000000334444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.853{ec2b6afe-aaca-61c1-801e-929dea550000}5590/bin/unameroot 154100x8000000000000000334445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.853{ec2b6afe-aaca-61c1-80fe-88b10b560000}5591/bin/uname-----uname -m/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-68b2-e9b990550000}5588/bin/dash/bin/shroot 534500x8000000000000000334446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.854{ec2b6afe-aaca-61c1-80fe-88b10b560000}5591/bin/unameroot 534500x8000000000000000334447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.854{ec2b6afe-aaca-61c1-68b2-e9b990550000}5588/bin/dashroot 154100x8000000000000000334448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.854{ec2b6afe-aaca-61c1-6882-6e3ed6550000}5592/bin/dash-----/bin/sh /etc/update-motd.d/10-help-text/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-383a-fcc925560000}5587/bin/run-partsrun-partsroot 534500x8000000000000000334449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.854{ec2b6afe-aaca-61c1-6882-6e3ed6550000}5592/bin/dashroot 154100x8000000000000000334450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.855{ec2b6afe-aaca-61c1-6802-1434b2550000}5593/bin/dash-----/bin/sh /etc/update-motd.d/50-landscape-sysinfo/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-383a-fcc925560000}5587/bin/run-partsrun-partsroot 154100x8000000000000000334451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.856{ec2b6afe-aaca-61c1-505c-36861a560000}5594/bin/grep-----grep -c ^processor /proc/cpuinfo/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-6802-1434b2550000}5593/bin/dash/bin/shroot 534500x8000000000000000334452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.857{ec2b6afe-aaca-61c1-505c-36861a560000}5594/bin/greproot 154100x8000000000000000334453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.857{ec2b6afe-aaca-61c1-986f-bbfaba550000}5597/usr/bin/bc-----bc/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{00000000-0000-0000-0000-000000000000}5595--- 154100x8000000000000000334454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.857{ec2b6afe-aaca-61c1-b8e0-41ed65550000}5598/usr/bin/cut-----cut -f1 -d /proc/loadavg/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{00000000-0000-0000-0000-000000000000}5596--- 534500x8000000000000000334455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.859{ec2b6afe-aaca-61c1-b8e0-41ed65550000}5598/usr/bin/cutroot 534500x8000000000000000334456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.859{ec2b6afe-aaca-61c1-0000-000000000000}5596-root 534500x8000000000000000334457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.859{ec2b6afe-aaca-61c1-986f-bbfaba550000}5597/usr/bin/bcroot 534500x8000000000000000334458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.859{00000000-0000-0000-0000-000000000000}5595<unknown process>root 154100x8000000000000000334459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.860{ec2b6afe-aaca-61c1-08ef-61e257550000}5599/bin/date-----/bin/date/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-6802-1434b2550000}5593/bin/dash/bin/shroot 534500x8000000000000000334460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.861{ec2b6afe-aaca-61c1-08ef-61e257550000}5599/bin/dateroot 154100x8000000000000000334461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:02.861{ec2b6afe-aaca-61c1-303c-7b0000000000}5600/usr/bin/python3.6-----/usr/bin/python3 /usr/bin/landscape-sysinfo/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-6802-1434b2550000}5593/bin/dash/bin/shroot 154100x8000000000000000334462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.029{ec2b6afe-aacb-61c1-68d2-1bdd2d560000}5601/bin/dash-----/bin/sh /sbin/ldconfig -p/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-303c-7b0000000000}5600/usr/bin/python3.6/usr/bin/python3root 154100x8000000000000000334463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.029{ec2b6afe-aacb-61c1-b03f-f8d5577f0000}5601/sbin/ldconfig.real-----/sbin/ldconfig.real -p/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-303c-7b0000000000}5600/usr/bin/python3.6/usr/bin/python3root 534500x8000000000000000334464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.031{ec2b6afe-aacb-61c1-b03f-f8d5577f0000}5601/sbin/ldconfig.realroot 11241100x8000000000000000334465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf09a850c87bc1b52021-12-21 10:22:03.031root 11241100x8000000000000000334466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bf9919c10aae232021-12-21 10:22:03.031root 11241100x8000000000000000334467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.031{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc64be785305dac2021-12-21 10:22:03.031root 11241100x8000000000000000334468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c756917f05bb60892021-12-21 10:22:03.032root 11241100x8000000000000000334469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9457d088daa83bb2021-12-21 10:22:03.032root 11241100x8000000000000000334470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eada9fddff722d662021-12-21 10:22:03.032root 11241100x8000000000000000334471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b16726067d3fb022021-12-21 10:22:03.032root 11241100x8000000000000000334472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626ac359fde171df2021-12-21 10:22:03.032root 11241100x8000000000000000334473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9b4e31f0f4e2662021-12-21 10:22:03.032root 11241100x8000000000000000334474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fdd49b553a9e352021-12-21 10:22:03.032root 11241100x8000000000000000334475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15956b535a475d432021-12-21 10:22:03.032root 11241100x8000000000000000334476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c5ffcf3e42141d2021-12-21 10:22:03.032root 11241100x8000000000000000334477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.032{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364661a0b24d973c2021-12-21 10:22:03.032root 11241100x8000000000000000334478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.033{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3525c0107bdea94a2021-12-21 10:22:03.033root 11241100x8000000000000000334479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.033{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941e044f5bc89f072021-12-21 10:22:03.033root 11241100x8000000000000000334480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.033{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835781b467ba251c2021-12-21 10:22:03.033root 11241100x8000000000000000334481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.033{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51b321b0c1849b12021-12-21 10:22:03.033root 11241100x8000000000000000334482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.033{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a10b7595f2d6cc32021-12-21 10:22:03.033root 11241100x8000000000000000334483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.033{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9907e671707c18ed2021-12-21 10:22:03.033root 11241100x8000000000000000334484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044afa1291cb51132021-12-21 10:22:03.034root 11241100x8000000000000000334485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee763e4687e18eb2021-12-21 10:22:03.034root 11241100x8000000000000000334486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9848ab3293024a2021-12-21 10:22:03.034root 11241100x8000000000000000334487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f70c0c52ccab0da2021-12-21 10:22:03.034root 11241100x8000000000000000334488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa31de8c4e913efb2021-12-21 10:22:03.034root 11241100x8000000000000000334489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448cab8039e8a2a42021-12-21 10:22:03.034root 11241100x8000000000000000334490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f299e53d53415022021-12-21 10:22:03.034root 11241100x8000000000000000334491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0348654ae16a134e2021-12-21 10:22:03.034root 11241100x8000000000000000334492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43bd350fdf41e3f12021-12-21 10:22:03.034root 11241100x8000000000000000334493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3fb481335e66cd2021-12-21 10:22:03.034root 11241100x8000000000000000334494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.035{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cff103fa40ad1972021-12-21 10:22:03.035root 11241100x8000000000000000334495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.035{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738f6c23342b68262021-12-21 10:22:03.035root 11241100x8000000000000000334496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.035{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a8caa396176f942021-12-21 10:22:03.035root 11241100x8000000000000000334497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.035{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03be69b06f1a37a92021-12-21 10:22:03.035root 11241100x8000000000000000334498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.035{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e1bbb375a751f82021-12-21 10:22:03.035root 11241100x8000000000000000334499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.035{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c8cb2a0f0bf1bb2021-12-21 10:22:03.035root 11241100x8000000000000000334500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.035{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a977c23fd5eb03c2021-12-21 10:22:03.035root 11241100x8000000000000000334501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.035{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d1b60c585625e12021-12-21 10:22:03.035root 11241100x8000000000000000334502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.036{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82566045642c7e442021-12-21 10:22:03.036root 11241100x8000000000000000334503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.036{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323c8e865cbcc0c62021-12-21 10:22:03.036root 11241100x8000000000000000334504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.036{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5090a5cde77066d2021-12-21 10:22:03.036root 11241100x8000000000000000334505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.036{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f611a067b6ff6e2021-12-21 10:22:03.036root 11241100x8000000000000000334506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.036{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d82dc3c08e1709b2021-12-21 10:22:03.036root 11241100x8000000000000000334507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.036{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76253a3d21595bb72021-12-21 10:22:03.036root 11241100x8000000000000000334508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f66a1bd2cfce832021-12-21 10:22:03.037root 11241100x8000000000000000334509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224062d3e56ceb5b2021-12-21 10:22:03.037root 11241100x8000000000000000334510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78034d9edc246fc32021-12-21 10:22:03.037root 11241100x8000000000000000334511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2e8c2904339b2d2021-12-21 10:22:03.037root 11241100x8000000000000000334512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb644e182ee77ed22021-12-21 10:22:03.037root 11241100x8000000000000000334513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9ed4e28cb3ad802021-12-21 10:22:03.038root 11241100x8000000000000000334514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a2e7cf274e370d2021-12-21 10:22:03.038root 11241100x8000000000000000334515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1293cb4ba0ac2442021-12-21 10:22:03.038root 11241100x8000000000000000334516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8106127dc65a252021-12-21 10:22:03.038root 11241100x8000000000000000334517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.039{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e99ebe4da44d2242021-12-21 10:22:03.039root 11241100x8000000000000000334518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.039{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f326bdf0997d37902021-12-21 10:22:03.039root 11241100x8000000000000000334519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.039{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb17b926e5bb68de2021-12-21 10:22:03.039root 11241100x8000000000000000334520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.039{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6bc52083e38c8fe2021-12-21 10:22:03.039root 11241100x8000000000000000334521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.039{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1039f277968bdbe92021-12-21 10:22:03.039root 11241100x8000000000000000334522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.039{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15045aae99857f32021-12-21 10:22:03.039root 11241100x8000000000000000334523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.040{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc503a664eda4e242021-12-21 10:22:03.040root 11241100x8000000000000000334524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.040{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f3974eb5d5917f2021-12-21 10:22:03.040root 11241100x8000000000000000334525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.040{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd4cc26c93b9a732021-12-21 10:22:03.040root 11241100x8000000000000000334526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.040{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e40e2d41af9b83c2021-12-21 10:22:03.040root 11241100x8000000000000000334527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.040{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29fbe6ca23461a3f2021-12-21 10:22:03.040root 11241100x8000000000000000334528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.041{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03eb782822bcc5142021-12-21 10:22:03.041root 11241100x8000000000000000334529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.041{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3f566442bf05c72021-12-21 10:22:03.041root 11241100x8000000000000000334530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.041{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768799284f5411992021-12-21 10:22:03.041root 11241100x8000000000000000334531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.041{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467af3d960cc666d2021-12-21 10:22:03.041root 11241100x8000000000000000334532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.041{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2257821f8c10002021-12-21 10:22:03.041root 11241100x8000000000000000334533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.042{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb4a6f32723df922021-12-21 10:22:03.042root 11241100x8000000000000000334534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.042{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4dd15a9b746aff52021-12-21 10:22:03.042root 11241100x8000000000000000334535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.042{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a62e4da6b9b6c6c2021-12-21 10:22:03.042root 11241100x8000000000000000334536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b67f24a8827c3e82021-12-21 10:22:03.043root 11241100x8000000000000000334537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2c670dd55746682021-12-21 10:22:03.043root 11241100x8000000000000000334538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a5f617be06f4652021-12-21 10:22:03.043root 11241100x8000000000000000334539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb11165064a688b12021-12-21 10:22:03.043root 11241100x8000000000000000334540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293f9ace98e279812021-12-21 10:22:03.043root 11241100x8000000000000000334541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.789548db394d41a22021-12-21 10:22:03.043root 11241100x8000000000000000334542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9a23bb97352dcc2021-12-21 10:22:03.044root 11241100x8000000000000000334543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c5e72a8648fb7d2021-12-21 10:22:03.044root 11241100x8000000000000000334544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac25132cd89b6a62021-12-21 10:22:03.044root 11241100x8000000000000000334545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45793f8819455f0c2021-12-21 10:22:03.044root 11241100x8000000000000000334546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4e3e41166c36372021-12-21 10:22:03.044root 11241100x8000000000000000334547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e894dfe2584164e2021-12-21 10:22:03.044root 11241100x8000000000000000334548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b071c3479e2763782021-12-21 10:22:03.044root 11241100x8000000000000000334549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8f5d2b0743ec362021-12-21 10:22:03.044root 11241100x8000000000000000334550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9feeb5d25710ed332021-12-21 10:22:03.044root 11241100x8000000000000000334551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a70075cd0968d12021-12-21 10:22:03.045root 11241100x8000000000000000334552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8efda78ae205ed832021-12-21 10:22:03.045root 11241100x8000000000000000334553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c511c98c1a6e58d42021-12-21 10:22:03.045root 11241100x8000000000000000334554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500b72c41263c5a12021-12-21 10:22:03.045root 11241100x8000000000000000334555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1476da1a0e79a5b2021-12-21 10:22:03.045root 11241100x8000000000000000334556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965083c323477ac32021-12-21 10:22:03.045root 11241100x8000000000000000334557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be92af72dce210da2021-12-21 10:22:03.045root 11241100x8000000000000000334558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622818e3cf00f4db2021-12-21 10:22:03.046root 11241100x8000000000000000334559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56815185eedf86f22021-12-21 10:22:03.046root 11241100x8000000000000000334560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a61aa7c1468bdb52021-12-21 10:22:03.046root 11241100x8000000000000000334561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcff80cf35e14e632021-12-21 10:22:03.046root 11241100x8000000000000000334562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785673129d929b892021-12-21 10:22:03.046root 11241100x8000000000000000334563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.047{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead74a7d4e51063a2021-12-21 10:22:03.047root 11241100x8000000000000000334564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.047{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.336fb655de4111862021-12-21 10:22:03.047root 11241100x8000000000000000334565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.047{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4672144a419095d22021-12-21 10:22:03.047root 11241100x8000000000000000334566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.047{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19260563ee32184f2021-12-21 10:22:03.047root 11241100x8000000000000000334567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.047{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e446ab06574efc6c2021-12-21 10:22:03.047root 11241100x8000000000000000334568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.047{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939a61244d13a8de2021-12-21 10:22:03.047root 11241100x8000000000000000334569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.048{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935e348ee046d30e2021-12-21 10:22:03.048root 11241100x8000000000000000334570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.048{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0012c1613a680c52021-12-21 10:22:03.048root 11241100x8000000000000000334571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.048{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0589bd4079ab77fd2021-12-21 10:22:03.048root 11241100x8000000000000000334572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.048{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1090d37efeba6dea2021-12-21 10:22:03.048root 11241100x8000000000000000334573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.048{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b24af6d9b2942062021-12-21 10:22:03.048root 11241100x8000000000000000334574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.048{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30739208ce89893d2021-12-21 10:22:03.048root 11241100x8000000000000000334575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146d73b7b8d277652021-12-21 10:22:03.049root 11241100x8000000000000000334576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41db9cd66dae6c892021-12-21 10:22:03.049root 11241100x8000000000000000334577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2569a9b1c6046212021-12-21 10:22:03.049root 11241100x8000000000000000334578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64a3e47e81285a22021-12-21 10:22:03.049root 11241100x8000000000000000334579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.049{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc820d0fc6e61942021-12-21 10:22:03.049root 11241100x8000000000000000334580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.050{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d2d4a62a272a032021-12-21 10:22:03.050root 11241100x8000000000000000334581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.050{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb018b6b31d791e62021-12-21 10:22:03.050root 11241100x8000000000000000334582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.050{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92434c8383aedd72021-12-21 10:22:03.050root 11241100x8000000000000000334583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.050{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3222212b3e1a7812021-12-21 10:22:03.050root 11241100x8000000000000000334584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.051{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003089e993dbc7592021-12-21 10:22:03.051root 11241100x8000000000000000334585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.051{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38df3dffd2aa97f2021-12-21 10:22:03.051root 11241100x8000000000000000334586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.051{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805978067906a3b32021-12-21 10:22:03.051root 11241100x8000000000000000334587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.051{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d541274e415a462a2021-12-21 10:22:03.051root 11241100x8000000000000000334588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d52e7861108726a2021-12-21 10:22:03.052root 11241100x8000000000000000334589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732efd10a7ce8c6b2021-12-21 10:22:03.052root 11241100x8000000000000000334590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85756db17576a97b2021-12-21 10:22:03.052root 11241100x8000000000000000334591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.052{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0995420b1615c42021-12-21 10:22:03.052root 11241100x8000000000000000334592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.053{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099cc1f1492d223f2021-12-21 10:22:03.053root 154100x8000000000000000334593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.076{ec2b6afe-aacb-61c1-6822-aa4121560000}5602/bin/dash-----/bin/sh /sbin/ldconfig -p/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-303c-7b0000000000}5600/usr/bin/python3.6/usr/bin/python3root 154100x8000000000000000334594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.076{ec2b6afe-aacb-61c1-b03f-8b6db17f0000}5602/sbin/ldconfig.real-----/sbin/ldconfig.real -p/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-303c-7b0000000000}5600/usr/bin/python3.6/usr/bin/python3root 534500x8000000000000000334595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.077{ec2b6afe-aacb-61c1-b03f-8b6db17f0000}5602/sbin/ldconfig.realroot 534500x8000000000000000334596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.207{00000000-0000-0000-0000-000000000000}5603<unknown process>root 154100x8000000000000000334597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.246{ec2b6afe-aacb-61c1-f013-6e291b560000}5604/usr/bin/who-----who -q/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-303c-7b0000000000}5600/usr/bin/python3.6/usr/bin/python3root 534500x8000000000000000334598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.251{ec2b6afe-aacb-61c1-f013-6e291b560000}5604/usr/bin/whoroot 534500x8000000000000000334599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.300{ec2b6afe-aaca-61c1-303c-7b0000000000}5600/usr/bin/python3.6root 534500x8000000000000000334600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.300{ec2b6afe-aaca-61c1-6802-1434b2550000}5593/bin/dashroot 154100x8000000000000000334601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.301{ec2b6afe-aacb-61c1-68b2-b2f325560000}5605/bin/dash-----/bin/sh /etc/update-motd.d/50-motd-news/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-383a-fcc925560000}5587/bin/run-partsrun-partsroot 11241100x8000000000000000334602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a46dd07589559562021-12-21 10:22:03.301root 11241100x8000000000000000334603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0876cc6b610f6f2021-12-21 10:22:03.301root 11241100x8000000000000000334604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aacbb522b0792c992021-12-21 10:22:03.301root 11241100x8000000000000000334605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0774d7323272e9402021-12-21 10:22:03.301root 11241100x8000000000000000334606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2599baf8828b9f5b2021-12-21 10:22:03.301root 11241100x8000000000000000334607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebc249a778b33202021-12-21 10:22:03.301root 11241100x8000000000000000334608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641ad786e101714c2021-12-21 10:22:03.302root 11241100x8000000000000000334609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9679d8d6710e9b2021-12-21 10:22:03.302root 11241100x8000000000000000334610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8409fbbe9b72d9962021-12-21 10:22:03.302root 11241100x8000000000000000334611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a4ec141c058f5f2021-12-21 10:22:03.302root 11241100x8000000000000000334612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287bf0e1b68c7f8b2021-12-21 10:22:03.302root 11241100x8000000000000000334613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89433c2b00542dc92021-12-21 10:22:03.302root 11241100x8000000000000000334614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf17cf934b572372021-12-21 10:22:03.303root 11241100x8000000000000000334615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a04e1a8811da212021-12-21 10:22:03.303root 154100x8000000000000000334616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.302{ec2b6afe-aacb-61c1-d0a9-925fb8550000}5606/bin/cat-----cat /var/cache/motd-news/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aacb-61c1-68b2-b2f325560000}5605/bin/dash/bin/shroot 534500x8000000000000000334617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.302{ec2b6afe-aacb-61c1-d0a9-925fb8550000}5606/bin/catroot 154100x8000000000000000334618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.302{ec2b6afe-aacb-61c1-7842-208fb6550000}5607/usr/bin/head-----head -n 10/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aacb-61c1-68b2-b2f325560000}5605/bin/dash/bin/shroot 534500x8000000000000000334619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.302{ec2b6afe-aacb-61c1-7842-208fb6550000}5607/usr/bin/headroot 154100x8000000000000000334620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.302{ec2b6afe-aacb-61c1-e065-688e43560000}5608/usr/bin/tr-----tr -d \000-\011\013\014\016-\037/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aacb-61c1-68b2-b2f325560000}5605/bin/dash/bin/shroot 534500x8000000000000000334621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.303{ec2b6afe-aacb-61c1-e065-688e43560000}5608/usr/bin/trroot 154100x8000000000000000334622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.302{ec2b6afe-aacb-61c1-b8b0-5db5a3550000}5609/usr/bin/cut-----cut -c -80/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aacb-61c1-68b2-b2f325560000}5605/bin/dash/bin/shroot 11241100x8000000000000000334623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d952b281f76231502021-12-21 10:22:03.303root 11241100x8000000000000000334624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a3e8ae9a40accf2021-12-21 10:22:03.303root 11241100x8000000000000000334625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.304{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaddb139ed04d35c2021-12-21 10:22:03.304root 11241100x8000000000000000334626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.304{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27099bb158a03f4c2021-12-21 10:22:03.304root 11241100x8000000000000000334627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.305{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604006d0186dd4062021-12-21 10:22:03.305root 11241100x8000000000000000334628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.305{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba65f86ff420dcd82021-12-21 10:22:03.305root 11241100x8000000000000000334629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.305{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08aae8f9f52871692021-12-21 10:22:03.305root 11241100x8000000000000000334630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.305{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69024fae39bf05052021-12-21 10:22:03.305root 11241100x8000000000000000334631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.305{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9e8ac82aeb8fd82021-12-21 10:22:03.305root 11241100x8000000000000000334632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.305{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa59dd4450e23a02021-12-21 10:22:03.305root 11241100x8000000000000000334633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.305{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ddac81db56b92e2021-12-21 10:22:03.305root 154100x8000000000000000334634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.305{ec2b6afe-aacb-61c1-68c2-0efc12560000}5611/bin/dash-----/bin/sh /etc/update-motd.d/90-updates-available/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-383a-fcc925560000}5587/bin/run-partsrun-partsroot 11241100x8000000000000000334635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.306{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737df9771da44c9b2021-12-21 10:22:03.306root 11241100x8000000000000000334636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.306{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a862d65220987f2021-12-21 10:22:03.306root 534500x8000000000000000334637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.303{ec2b6afe-aacb-61c1-b8b0-5db5a3550000}5609/usr/bin/cutroot 154100x8000000000000000334638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.304{ec2b6afe-aacb-61c1-6872-8192f3550000}5610/bin/dash-----/bin/sh /etc/update-motd.d/88-esm-announce/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-383a-fcc925560000}5587/bin/run-partsrun-partsroot 534500x8000000000000000334639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.305{ec2b6afe-aacb-61c1-6872-8192f3550000}5610/bin/dashroot 154100x8000000000000000334640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.306{ec2b6afe-aacb-61c1-d099-92bd3c560000}5612/bin/cat-----cat /var/lib/update-notifier/updates-available/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aacb-61c1-68c2-0efc12560000}5611/bin/dash/bin/shroot 534500x8000000000000000334641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.307{ec2b6afe-aacb-61c1-d099-92bd3c560000}5612/bin/catroot 534500x8000000000000000334642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.303{ec2b6afe-aacb-61c1-68b2-b2f325560000}5605/bin/dashroot 11241100x8000000000000000334643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.307{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c7f28843c2ae502021-12-21 10:22:03.307root 11241100x8000000000000000334644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.307{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822e7e043bd070062021-12-21 10:22:03.307root 11241100x8000000000000000334645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.307{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da537ac6d376b3022021-12-21 10:22:03.307root 11241100x8000000000000000334646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.307{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbaf05e38b58b2fc2021-12-21 10:22:03.307root 11241100x8000000000000000334647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.308{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a49edfc62e71bbe2021-12-21 10:22:03.308root 11241100x8000000000000000334648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.306{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62339d39f3e2cf72021-12-21 10:22:03.306root 154100x8000000000000000334649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.307{ec2b6afe-aacb-61c1-6882-2a2f28560000}5613/bin/dash-----/bin/sh /etc/update-motd.d/91-contract-ua-esm-status/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-383a-fcc925560000}5587/bin/run-partsrun-partsroot 534500x8000000000000000334650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.308{ec2b6afe-aacb-61c1-6882-2a2f28560000}5613/bin/dashroot 11241100x8000000000000000334651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.308{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6034a49dc0339b2021-12-21 10:22:03.308root 11241100x8000000000000000334652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.308{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2374216de581fbd2021-12-21 10:22:03.308root 11241100x8000000000000000334653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.308{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b5f1842473c4832021-12-21 10:22:03.308root 11241100x8000000000000000334654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.308{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270608f26ac8efff2021-12-21 10:22:03.308root 11241100x8000000000000000334655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.308{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b438a3f4313015b2021-12-21 10:22:03.308root 534500x8000000000000000334656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.307{ec2b6afe-aacb-61c1-68c2-0efc12560000}5611/bin/dashroot 154100x8000000000000000334657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.308{ec2b6afe-aacb-61c1-68a2-606a07560000}5614/bin/dash-----/bin/sh /etc/update-motd.d/91-release-upgrade/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-aaca-61c1-383a-fcc925560000}5587/bin/run-partsrun-partsroot 154100x8000000000000000334658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.309{ec2b6afe-aacb-61c1-b890-94ee19560000}5617/usr/bin/cut-----cut -d -f4/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{00000000-0000-0000-0000-000000000000}5615--- 11241100x8000000000000000334659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.309{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57be849e94cb311e2021-12-21 10:22:03.309root 11241100x8000000000000000334660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.309{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f23a81faadf0552021-12-21 10:22:03.309root 11241100x8000000000000000334661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.309{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45b89bcabbbc2902021-12-21 10:22:03.309root 11241100x8000000000000000334662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.310{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e78073c82412a82021-12-21 10:22:03.310root 11241100x8000000000000000334663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.310{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb32580c8cd0c8d2021-12-21 10:22:03.310root 154100x8000000000000000334664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.309{ec2b6afe-aacb-61c1-303c-7b0000000000}5616/usr/bin/python3.6-----/usr/bin/python3 -Es /usr/bin/lsb_release -sd/root{ec2b6afe-0000-0000-0000-000000000000}06no level-{00000000-0000-0000-0000-000000000000}5615--- 11241100x8000000000000000334665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.310{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d69c2ba18b417002021-12-21 10:22:03.310root 11241100x8000000000000000334666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.310{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a070bc30854908e22021-12-21 10:22:03.310root 11241100x8000000000000000334667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.310{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9cf6bf68ffcd6c2021-12-21 10:22:03.310root 11241100x8000000000000000334668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.311{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40422d08239aa8e2021-12-21 10:22:03.311root 11241100x8000000000000000334669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.311{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aecad3a06e64a6d72021-12-21 10:22:03.311root 11241100x8000000000000000334670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.311{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844fb399e4b15af12021-12-21 10:22:03.311root 11241100x8000000000000000334671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.312{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612a6621fe3232ba2021-12-21 10:22:03.312root 11241100x8000000000000000334672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.312{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d7fab56d3a30772021-12-21 10:22:03.312root 11241100x8000000000000000334673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.312{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a211373945777a042021-12-21 10:22:03.312root 11241100x8000000000000000334674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.312{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68ce6dfafd55a202021-12-21 10:22:03.312root 11241100x8000000000000000334675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.313{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6d67b112df6ed22021-12-21 10:22:03.313root 11241100x8000000000000000334676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.313{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2036ac62ace05852021-12-21 10:22:03.313root 11241100x8000000000000000334677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.313{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ff35b7e7fcc5e12021-12-21 10:22:03.313root 11241100x8000000000000000334678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.314{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626cf720542a0a182021-12-21 10:22:03.314root 11241100x8000000000000000334679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.314{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162b11ff73905ce52021-12-21 10:22:03.314root 11241100x8000000000000000334680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.315{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30fce21f304778742021-12-21 10:22:03.315root 11241100x8000000000000000334681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.315{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b78ca580f83df6a2021-12-21 10:22:03.315root 11241100x8000000000000000334682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.315{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb312e1b45bd3262021-12-21 10:22:03.315root 11241100x8000000000000000334683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.315{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b705ee288c906542021-12-21 10:22:03.315root 11241100x8000000000000000334684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.316{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7eb639f6a0a2952021-12-21 10:22:03.316root 11241100x8000000000000000334685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.316{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7776a7950e2c9b72021-12-21 10:22:03.316root 11241100x8000000000000000334686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.316{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3ba3b4d6ff4be42021-12-21 10:22:03.316root 11241100x8000000000000000334687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.316{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b491811685291c862021-12-21 10:22:03.316root 11241100x8000000000000000334688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.317{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a265fdc8c4a2ea2021-12-21 10:22:03.317root 11241100x8000000000000000334689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.317{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60502e3fb1a443482021-12-21 10:22:03.317root 11241100x8000000000000000334690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.317{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d4636d894551cb2021-12-21 10:22:03.317root 11241100x8000000000000000334691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.317{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a44e75ef571a3e2021-12-21 10:22:03.317root 11241100x8000000000000000334692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.318{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527a594e8714e09c2021-12-21 10:22:03.318root 11241100x8000000000000000334693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.318{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb663801fe8266f2021-12-21 10:22:03.318root 11241100x8000000000000000334694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.319{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d599886e872f57492021-12-21 10:22:03.319root 11241100x8000000000000000334695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.319{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86d758d06f4744f2021-12-21 10:22:03.319root 11241100x8000000000000000334696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.319{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b66795de0545d8a2021-12-21 10:22:03.319root 11241100x8000000000000000334697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.319{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016dbc7d68c572c22021-12-21 10:22:03.319root 11241100x8000000000000000334698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.320{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee75a994876e80b2021-12-21 10:22:03.320root 11241100x8000000000000000334699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.320{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e2d3b9630ab3992021-12-21 10:22:03.320root 11241100x8000000000000000334700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.320{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13456a7d81856142021-12-21 10:22:03.320root 11241100x8000000000000000334701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.321{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589f9938f425baf92021-12-21 10:22:03.321root 11241100x8000000000000000334702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.321{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871ca9d6b60c7f432021-12-21 10:22:03.321root 11241100x8000000000000000334703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.321{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9018a565529403602021-12-21 10:22:03.321root 11241100x8000000000000000334704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.321{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df64252908193fea2021-12-21 10:22:03.321root 11241100x8000000000000000334705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.322{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5c7d0770f796842021-12-21 10:22:03.322root 11241100x8000000000000000334706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.322{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce493623131bb0f52021-12-21 10:22:03.322root 11241100x8000000000000000334707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.322{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71fda9bc23e1e0262021-12-21 10:22:03.322root 11241100x8000000000000000334708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.322{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f840b40c47001c842021-12-21 10:22:03.322root 11241100x8000000000000000334709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.323{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d18ce75bd1ccdac2021-12-21 10:22:03.323root 11241100x8000000000000000334710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.323{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e56747130e224c42021-12-21 10:22:03.323root 11241100x8000000000000000334711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.323{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ebdb68694f57b02021-12-21 10:22:03.323root 11241100x8000000000000000334712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.323{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d606ecbb148a9b92021-12-21 10:22:03.323root 11241100x8000000000000000334713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.324{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6d1657895174302021-12-21 10:22:03.324root 11241100x8000000000000000334714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.324{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583316f1c31806342021-12-21 10:22:03.324root 11241100x8000000000000000334715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.324{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f18aa87a474769d2021-12-21 10:22:03.324root 11241100x8000000000000000334716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.325{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95a57d2b7f882f12021-12-21 10:22:03.325root 11241100x8000000000000000334717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.325{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8320065fa68fd6d2021-12-21 10:22:03.325root 11241100x8000000000000000334718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.325{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc707c30b6facdd92021-12-21 10:22:03.325root 11241100x8000000000000000334719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.325{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1bf21555fb02c612021-12-21 10:22:03.325root 11241100x8000000000000000334720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.326{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3bf6f922829f4c2021-12-21 10:22:03.326root 11241100x8000000000000000334721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.326{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8665af963ca8002021-12-21 10:22:03.326root 11241100x8000000000000000334722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.326{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcc93ac6b1a8b4c2021-12-21 10:22:03.326root 11241100x8000000000000000334723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e40bbc93c3bb4b2021-12-21 10:22:03.327root 11241100x8000000000000000334724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5d5a0d318348542021-12-21 10:22:03.327root 11241100x8000000000000000334725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d621b60bba841d6b2021-12-21 10:22:03.327root 11241100x8000000000000000334726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.327{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ac00d1c8d4db372021-12-21 10:22:03.327root 11241100x8000000000000000334727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe041d668ef23dcf2021-12-21 10:22:03.328root 11241100x8000000000000000334728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f33e7db6d5a8622021-12-21 10:22:03.328root 11241100x8000000000000000334729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.328{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3f74cd648a0d302021-12-21 10:22:03.328root 11241100x8000000000000000334730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10639e955b6cc1792021-12-21 10:22:03.329root 11241100x8000000000000000334731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.329{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c19ce88f8647992021-12-21 10:22:03.329root 11241100x8000000000000000334732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.330{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b32f68483b2fac2021-12-21 10:22:03.330root 11241100x8000000000000000334733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454f96bc13b881072021-12-21 10:22:03.331root 11241100x8000000000000000334734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.331{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3360c6bbdf453ef12021-12-21 10:22:03.331root 11241100x8000000000000000334735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ea0c25ebc0905c2021-12-21 10:22:03.332root 11241100x8000000000000000334736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f5a9410fa76d0a2021-12-21 10:22:03.332root 11241100x8000000000000000334737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee8fbbf4d43d49c2021-12-21 10:22:03.332root 11241100x8000000000000000334738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.332{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7888afb6005b6d2e2021-12-21 10:22:03.332root 11241100x8000000000000000334739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d9350b6c860db02021-12-21 10:22:03.333root 11241100x8000000000000000334740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31fb5f75301947c32021-12-21 10:22:03.333root 11241100x8000000000000000334741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4089f3cf436f3fcb2021-12-21 10:22:03.333root 11241100x8000000000000000334742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.333{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d52aeae0f2e62452021-12-21 10:22:03.333root 11241100x8000000000000000334743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb450fe51aeb6e32021-12-21 10:22:03.334root 11241100x8000000000000000334744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70aa0c50c774bbb32021-12-21 10:22:03.334root 11241100x8000000000000000334745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b589d6cc276dca92021-12-21 10:22:03.334root 11241100x8000000000000000334746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d780cd1f272365a2021-12-21 10:22:03.334root 11241100x8000000000000000334747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02ae0d378e3ad4a2021-12-21 10:22:03.334root 11241100x8000000000000000334748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef045b1646ab75c2021-12-21 10:22:03.334root 11241100x8000000000000000334749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.334{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cca3e07a344e8e02021-12-21 10:22:03.334root 11241100x8000000000000000334750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.335{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50cd62d6459e3842021-12-21 10:22:03.335root 11241100x8000000000000000334751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.335{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8540f2029febc29c2021-12-21 10:22:03.335root 11241100x8000000000000000334752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.335{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220c58d65cbb48832021-12-21 10:22:03.335root 11241100x8000000000000000334753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.336{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10558efd205f5712021-12-21 10:22:03.336root 11241100x8000000000000000334754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.336{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84e914eec1eef672021-12-21 10:22:03.336root 11241100x8000000000000000334755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.336{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cfdfa37bb7d0f582021-12-21 10:22:03.336root 11241100x8000000000000000334756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.336{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bbe310537cd2cc2021-12-21 10:22:03.336root 11241100x8000000000000000334757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.336{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b082d14d084a0c432021-12-21 10:22:03.336root 11241100x8000000000000000334758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.337{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9446dca94f06dbc52021-12-21 10:22:03.337root 11241100x8000000000000000334759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.337{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa415dc4c048e472021-12-21 10:22:03.337root 11241100x8000000000000000334760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.337{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db6b8ac4a0d56b72021-12-21 10:22:03.337root 11241100x8000000000000000334761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.337{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bddbf9cd4a7cb8f2021-12-21 10:22:03.337root 11241100x8000000000000000334762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.337{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d758024d5b6444d2021-12-21 10:22:03.337root 11241100x8000000000000000334763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.337{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f6ef71932a37dd2021-12-21 10:22:03.337root 11241100x8000000000000000334764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.337{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b454c125cf8d33a42021-12-21 10:22:03.337root 11241100x8000000000000000334765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.338{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20102a92f8526a22021-12-21 10:22:03.338root 11241100x8000000000000000334766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.338{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561572df0a7c654c2021-12-21 10:22:03.338root 11241100x8000000000000000334767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.338{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e8dc561533ab5f2021-12-21 10:22:03.338root 11241100x8000000000000000334768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.339{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2366e2cc238eba302021-12-21 10:22:03.339root 11241100x8000000000000000334769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.339{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f22af300aa6abe82021-12-21 10:22:03.339root 11241100x8000000000000000334770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.339{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5e43ebac7751752021-12-21 10:22:03.339root 11241100x8000000000000000334771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.339{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d854c6748ef97212021-12-21 10:22:03.339root 11241100x8000000000000000334772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.339{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad6f767368decc72021-12-21 10:22:03.339root 11241100x8000000000000000334773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.339{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650e84f0c2b784122021-12-21 10:22:03.339root 11241100x8000000000000000334774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.340{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f81a1495fd8fd12021-12-21 10:22:03.340root 11241100x8000000000000000334775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.340{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ffc4a1478ea6d62021-12-21 10:22:03.340root 11241100x8000000000000000334776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.340{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d11bcca5601a88a2021-12-21 10:22:03.340root 11241100x8000000000000000334777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.340{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b9230b12e8e7472021-12-21 10:22:03.340root 11241100x8000000000000000334778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.340{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b899bfaae0e48a872021-12-21 10:22:03.340root 11241100x8000000000000000334779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.340{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cab9c19600ae26e2021-12-21 10:22:03.340root 11241100x8000000000000000334780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.341{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff7158ab63b84942021-12-21 10:22:03.341root 11241100x8000000000000000334781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.341{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70bce3eeff443db72021-12-21 10:22:03.341root 11241100x8000000000000000334782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.341{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba818ae3651aabf72021-12-21 10:22:03.341root 11241100x8000000000000000334783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.341{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a50ae6349edc5e2021-12-21 10:22:03.341root 11241100x8000000000000000334784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.341{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb2ec7ec2e7a68a2021-12-21 10:22:03.341root 11241100x8000000000000000334785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.341{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64606823c7f65bc12021-12-21 10:22:03.341root 11241100x8000000000000000334786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.341{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e07f40b7a278ad2021-12-21 10:22:03.341root 11241100x8000000000000000334787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.342{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770186efc2946b2a2021-12-21 10:22:03.342root 11241100x8000000000000000334788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.342{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd4ffc22a2527882021-12-21 10:22:03.342root 11241100x8000000000000000334789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.342{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7885ecd815121b302021-12-21 10:22:03.342root 11241100x8000000000000000334790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.342{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68abb4c62ec690f2021-12-21 10:22:03.342root 11241100x8000000000000000334791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.342{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ae194749e1e83f2021-12-21 10:22:03.342root 11241100x8000000000000000334792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.343{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40a92e145f075ec2021-12-21 10:22:03.343root 11241100x8000000000000000334793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.343{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f1d576edcf61922021-12-21 10:22:03.343root 11241100x8000000000000000334794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.343{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d761538a0e691f02021-12-21 10:22:03.343root 11241100x8000000000000000334795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.343{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ef7b2d0f53df662021-12-21 10:22:03.343root 11241100x8000000000000000334796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.343{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae6a49f27e73f1c2021-12-21 10:22:03.343root 11241100x8000000000000000334797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af85d65868cc10822021-12-21 10:22:03.344root 11241100x8000000000000000334798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dea701cd0728f1f2021-12-21 10:22:03.344root 11241100x8000000000000000334799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa2c56680774b172021-12-21 10:22:03.344root 11241100x8000000000000000334800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a0310768b0e1d02021-12-21 10:22:03.344root 11241100x8000000000000000334801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4bfa7376e54ac7f2021-12-21 10:22:03.344root 11241100x8000000000000000334802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.344{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa8862e2c3aa71e2021-12-21 10:22:03.344root 11241100x8000000000000000334803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7949b93d2af57e912021-12-21 10:22:03.345root 11241100x8000000000000000334804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4c3fb995b97b212021-12-21 10:22:03.345root 11241100x8000000000000000334805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655fdfbe83f87eaa2021-12-21 10:22:03.345root 11241100x8000000000000000334806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb63a04d26ccf962021-12-21 10:22:03.345root 11241100x8000000000000000334807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ef256a422fedb52021-12-21 10:22:03.345root 11241100x8000000000000000334808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cf58c8ead029192021-12-21 10:22:03.345root 11241100x8000000000000000334809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f203bb50114837c32021-12-21 10:22:03.345root 11241100x8000000000000000334810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2232917be4767d2021-12-21 10:22:03.345root 11241100x8000000000000000334811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b890f69a3cee385d2021-12-21 10:22:03.345root 11241100x8000000000000000334812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.345{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b21d1efd3e224b2021-12-21 10:22:03.345root 11241100x8000000000000000334813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820715d095c43a7c2021-12-21 10:22:03.346root 11241100x8000000000000000334814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79789a56dcc100492021-12-21 10:22:03.346root 11241100x8000000000000000334815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23d343283b9443c2021-12-21 10:22:03.346root 11241100x8000000000000000334816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990e91abd8f471432021-12-21 10:22:03.346root 11241100x8000000000000000334817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a7dc8b77bffb662021-12-21 10:22:03.346root 11241100x8000000000000000334818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125549b017b40d692021-12-21 10:22:03.346root 11241100x8000000000000000334819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3877e8cc7bb6332f2021-12-21 10:22:03.346root 11241100x8000000000000000334820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ec26b1570ad1592021-12-21 10:22:03.346root 11241100x8000000000000000334821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e415bcdd2e9c7f12021-12-21 10:22:03.346root 11241100x8000000000000000334822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8651a0c3d30f2d82021-12-21 10:22:03.346root 11241100x8000000000000000334823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b97d78f5a76562352021-12-21 10:22:03.346root 11241100x8000000000000000334824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8bdb904aa9f0092021-12-21 10:22:03.346root 11241100x8000000000000000334825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f713a8bd1d4bc52021-12-21 10:22:03.346root 11241100x8000000000000000334826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b221c1616a6f7382021-12-21 10:22:03.346root 11241100x8000000000000000334827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a5cf554da2152d2021-12-21 10:22:03.346root 11241100x8000000000000000334828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.346{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898d65cd9f19e8172021-12-21 10:22:03.346root 11241100x8000000000000000334829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61ab25e7df3809f2021-12-21 10:22:03.347root 11241100x8000000000000000334830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bee1d1fb1463ab2021-12-21 10:22:03.347root 11241100x8000000000000000334831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7fc3a456a288c52021-12-21 10:22:03.347root 11241100x8000000000000000334832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4019a86ae84def532021-12-21 10:22:03.347root 11241100x8000000000000000334833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e6391789e0b9422021-12-21 10:22:03.347root 11241100x8000000000000000334834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:03.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5613f266fcdda2a2021-12-21 10:22:03.347root 354300x8000000000000000335077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:05.229{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-46996-false10.0.1.12-8000- 11241100x8000000000000000335078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:05.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80acdfc94b63d9782021-12-21 10:22:05.692root 11241100x8000000000000000335079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:06.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857152574908c42f2021-12-21 10:22:06.192root 11241100x8000000000000000335080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:06.520{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:22:06.520root 11241100x8000000000000000335081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:06.521{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87faf7f0477f17392021-12-21 10:22:06.521root 11241100x8000000000000000335082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:06.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00269421a466e3882021-12-21 10:22:06.942root 11241100x8000000000000000335083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:06.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0fb6bd36124d4b42021-12-21 10:22:06.943root 11241100x8000000000000000335084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:07.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecda66e84d5ca94e2021-12-21 10:22:07.442root 11241100x8000000000000000335085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:07.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63bd7a10c0cd2c6c2021-12-21 10:22:07.442root 11241100x8000000000000000335086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:07.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787fbfb9177e70ad2021-12-21 10:22:07.942root 11241100x8000000000000000335087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6799d6faabbd8d2021-12-21 10:22:07.943root 11241100x8000000000000000335088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:08.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2b08c6e47202ef2021-12-21 10:22:08.442root 11241100x8000000000000000335089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb24446ed08047d82021-12-21 10:22:08.443root 11241100x8000000000000000335090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:08.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a9a987098afccb2021-12-21 10:22:08.942root 11241100x8000000000000000335091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea0a5242dd4e8bb2021-12-21 10:22:08.943root 534500x8000000000000000335092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.202{ec2b6afe-9233-61c1-c81a-006eee550000}454/lib/systemd/systemd-journaldroot 11241100x8000000000000000335093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578876c4e7e2553a2021-12-21 10:22:09.203root 11241100x8000000000000000335094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602971e8a69fa04b2021-12-21 10:22:09.203root 11241100x8000000000000000335095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.205{ec2b6afe-9233-61c1-c81a-006eee550000}454/lib/systemd/systemd-journald/var/log/journal/ec2b6afe52f9882cff7bf7f0661ea563/system.journal2021-12-21 10:22:09.205root 11241100x8000000000000000335096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9627a675e836dc2021-12-21 10:22:09.206root 11241100x8000000000000000335097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.213{ec2b6afe-9233-61c1-c81a-006eee550000}454/lib/systemd/systemd-journald/var/log/journal/ec2b6afe52f9882cff7bf7f0661ea563/user-1000.journal2021-12-21 10:22:09.213root 534500x8000000000000000335098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.216{ec2b6afe-9233-61c1-c81a-006eee550000}454/lib/systemd/systemd-journaldroot 23542300x8000000000000000335099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.242{ec2b6afe-9233-61c1-c81a-006eee550000}454root/lib/systemd/systemd-journald/var/log/journal/ec2b6afe52f9882cff7bf7f0661ea563/user-1000@23a4030a05c14f4487fe6448e1318b5d-0000000000000000-0000000000000000.journal--- 23542300x8000000000000000335100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.522{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000335101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.523{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a3dc22f6c5c83e2021-12-21 10:22:09.523root 11241100x8000000000000000335102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.523{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c5d77bb583845e2021-12-21 10:22:09.523root 11241100x8000000000000000335103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.523{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0537aab17a58bff42021-12-21 10:22:09.523root 11241100x8000000000000000335104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.523{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666024cb58cfce6b2021-12-21 10:22:09.523root 11241100x8000000000000000335105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.523{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391ad890ad4046342021-12-21 10:22:09.523root 11241100x8000000000000000335106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.523{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fab15acccf04f122021-12-21 10:22:09.523root 11241100x8000000000000000335107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.523{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec645cb77ea355b42021-12-21 10:22:09.523root 11241100x8000000000000000335108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba5186fb76297032021-12-21 10:22:09.943root 11241100x8000000000000000335109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f57930c2a80dabd2021-12-21 10:22:09.943root 11241100x8000000000000000335110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59642dd65081b52e2021-12-21 10:22:09.943root 11241100x8000000000000000335111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f699f8b8d8a22f052021-12-21 10:22:09.943root 11241100x8000000000000000335112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5c1a41663481cb2021-12-21 10:22:09.943root 11241100x8000000000000000335113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b171eab8b6e05a802021-12-21 10:22:09.943root 11241100x8000000000000000335114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e16c4a99e37b292021-12-21 10:22:09.943root 11241100x8000000000000000335115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:09.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17aab14b1d63a6de2021-12-21 10:22:09.943root 354300x8000000000000000335116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.245{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-46998-false10.0.1.12-8000- 11241100x8000000000000000335117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede589ca2f176f752021-12-21 10:22:10.246root 11241100x8000000000000000335118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbbad64aac9f9352021-12-21 10:22:10.246root 11241100x8000000000000000335119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc955d45811ffd52021-12-21 10:22:10.246root 11241100x8000000000000000335120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf19e14fa704a4492021-12-21 10:22:10.246root 11241100x8000000000000000335121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75527d6b39b78fc32021-12-21 10:22:10.247root 11241100x8000000000000000335122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ad58497be900c32021-12-21 10:22:10.247root 11241100x8000000000000000335123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be132e71e5436012021-12-21 10:22:10.247root 11241100x8000000000000000335124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67542a0e056891002021-12-21 10:22:10.247root 11241100x8000000000000000335125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949e319ed2de16552021-12-21 10:22:10.247root 11241100x8000000000000000335126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcde5ca94ad1b69e2021-12-21 10:22:10.693root 11241100x8000000000000000335127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29743cbe0bb87362021-12-21 10:22:10.693root 11241100x8000000000000000335128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9575a55437f33232021-12-21 10:22:10.693root 11241100x8000000000000000335129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4cc69e5d3ee39a62021-12-21 10:22:10.693root 11241100x8000000000000000335130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff79c61041a75142021-12-21 10:22:10.693root 11241100x8000000000000000335131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891ab17d6f417afa2021-12-21 10:22:10.693root 11241100x8000000000000000335132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f3901ad58adb8c2021-12-21 10:22:10.693root 11241100x8000000000000000335133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc573163dc8ad9362021-12-21 10:22:10.693root 11241100x8000000000000000335134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0bc0aad851cf4212021-12-21 10:22:10.694root 154100x8000000000000000335135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.006{ec2b6afe-aad3-61c1-6824-796ba7550000}5691/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 11241100x8000000000000000335136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.008{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb39a430e5722862021-12-21 10:22:11.008root 11241100x8000000000000000335137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.008{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86844edcfe15a7202021-12-21 10:22:11.008root 11241100x8000000000000000335138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.008{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a7e72e9ce0e94f2021-12-21 10:22:11.008root 11241100x8000000000000000335139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.008{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128a412272fe9d3d2021-12-21 10:22:11.008root 11241100x8000000000000000335140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.008{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b12efbc983d5422021-12-21 10:22:11.008root 11241100x8000000000000000335141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.008{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af16d994cbc658632021-12-21 10:22:11.008root 11241100x8000000000000000335142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.008{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3407e9e3b3904e2021-12-21 10:22:11.008root 11241100x8000000000000000335143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.008{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abfb12ba1d10e59b2021-12-21 10:22:11.008root 11241100x8000000000000000335144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.008{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a66e6ed7e92e2542021-12-21 10:22:11.008root 11241100x8000000000000000335145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.009{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bebf5cefe5bf7072021-12-21 10:22:11.009root 534500x8000000000000000335146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.018{ec2b6afe-aad3-61c1-6824-796ba7550000}5691/bin/psroot 11241100x8000000000000000335147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c286944cbb95152021-12-21 10:22:11.443root 11241100x8000000000000000335148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb08ac535144b4132021-12-21 10:22:11.443root 11241100x8000000000000000335149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46830ceea9fa65da2021-12-21 10:22:11.443root 11241100x8000000000000000335150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb43ccad412849d02021-12-21 10:22:11.443root 11241100x8000000000000000335151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dcba167f89f9b432021-12-21 10:22:11.443root 11241100x8000000000000000335152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8463bc40b7ba8c182021-12-21 10:22:11.443root 11241100x8000000000000000335153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7631de714ccd8a2021-12-21 10:22:11.443root 11241100x8000000000000000335154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5802d2d6a36c1f02021-12-21 10:22:11.444root 11241100x8000000000000000335155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9cb63fedafe0b92021-12-21 10:22:11.444root 11241100x8000000000000000335156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.579a05d9bf39c14c2021-12-21 10:22:11.444root 11241100x8000000000000000335157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc19cbe4d0c78f22021-12-21 10:22:11.444root 11241100x8000000000000000335158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521dff50043462f02021-12-21 10:22:11.943root 11241100x8000000000000000335159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7e91c604de73be2021-12-21 10:22:11.943root 11241100x8000000000000000335160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f396a0e42507542021-12-21 10:22:11.943root 11241100x8000000000000000335161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56d50c14ed1b65f2021-12-21 10:22:11.943root 11241100x8000000000000000335162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff8080642e41f4f2021-12-21 10:22:11.943root 11241100x8000000000000000335163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29258c62beb5bf6d2021-12-21 10:22:11.943root 11241100x8000000000000000335164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467b6ad97af451142021-12-21 10:22:11.944root 11241100x8000000000000000335165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa5b52e544db0452021-12-21 10:22:11.944root 11241100x8000000000000000335166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629248bd8c30e11e2021-12-21 10:22:11.944root 11241100x8000000000000000335167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9892936b4e1cd2562021-12-21 10:22:11.944root 11241100x8000000000000000335168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea239cf1a3ce3ce2021-12-21 10:22:11.944root 11241100x8000000000000000335169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c254baf2312f4c72021-12-21 10:22:12.443root 11241100x8000000000000000335170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0aa05c88f99bc732021-12-21 10:22:12.443root 11241100x8000000000000000335171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cdd540bad9890d22021-12-21 10:22:12.443root 11241100x8000000000000000335172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72fbc0344ff76d432021-12-21 10:22:12.443root 11241100x8000000000000000335173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b744b786c5e86082021-12-21 10:22:12.443root 11241100x8000000000000000335174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9814b3b12db64f3c2021-12-21 10:22:12.443root 11241100x8000000000000000335175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112a7093a85f30f42021-12-21 10:22:12.443root 11241100x8000000000000000335176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f33ca1d762546f2021-12-21 10:22:12.443root 11241100x8000000000000000335177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f06dabc142eef32021-12-21 10:22:12.444root 11241100x8000000000000000335178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48aba4ecf94cf912021-12-21 10:22:12.444root 11241100x8000000000000000335179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4272a06fc57489a2021-12-21 10:22:12.444root 11241100x8000000000000000335180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548a7a30b89480a32021-12-21 10:22:12.942root 11241100x8000000000000000335181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781d2d05ff47f68b2021-12-21 10:22:12.943root 11241100x8000000000000000335182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9df4c30e8a8e0e2021-12-21 10:22:12.943root 11241100x8000000000000000335183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9099299ca17d8aab2021-12-21 10:22:12.943root 11241100x8000000000000000335184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aaaf2a1b24f71082021-12-21 10:22:12.943root 11241100x8000000000000000335185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a960ccabd366c5ea2021-12-21 10:22:12.943root 11241100x8000000000000000335186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1190d6d84266db822021-12-21 10:22:12.943root 11241100x8000000000000000335187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004058e8f410d9402021-12-21 10:22:12.944root 11241100x8000000000000000335188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f43e42ffe11399c2021-12-21 10:22:12.944root 11241100x8000000000000000335189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e0c01b59fc6eb02021-12-21 10:22:12.944root 11241100x8000000000000000335190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b536ee38ef03a9092021-12-21 10:22:12.944root 11241100x8000000000000000335191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232bef8374aac2a82021-12-21 10:22:13.443root 11241100x8000000000000000335192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1609c0e13e97b6d2021-12-21 10:22:13.443root 11241100x8000000000000000335193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af702abacf65b8e2021-12-21 10:22:13.443root 11241100x8000000000000000335194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5501b2f0381d4602021-12-21 10:22:13.443root 11241100x8000000000000000335195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87920c5d8837d2a82021-12-21 10:22:13.443root 11241100x8000000000000000335196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4bb76e472b0221d2021-12-21 10:22:13.443root 11241100x8000000000000000335197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d760a75fc47bdb62021-12-21 10:22:13.444root 11241100x8000000000000000335198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26248a9d0f0a0bb2021-12-21 10:22:13.444root 11241100x8000000000000000335199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca92e30b437dd7f62021-12-21 10:22:13.444root 11241100x8000000000000000335200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4712244736635f132021-12-21 10:22:13.444root 11241100x8000000000000000335201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32df8d959b1f14202021-12-21 10:22:13.444root 11241100x8000000000000000335202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47912cc67b9a7182021-12-21 10:22:13.943root 11241100x8000000000000000335203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646c75db6e858fb22021-12-21 10:22:13.943root 11241100x8000000000000000335204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a97ea1d246b7532021-12-21 10:22:13.943root 11241100x8000000000000000335205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbe1a6b04d8c4ad2021-12-21 10:22:13.943root 11241100x8000000000000000335206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac734a86ef354cfe2021-12-21 10:22:13.943root 11241100x8000000000000000335207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb32f6bf515fcbe02021-12-21 10:22:13.943root 11241100x8000000000000000335208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a266bac2f665eefa2021-12-21 10:22:13.943root 11241100x8000000000000000335209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65c0658b7a2fb3b2021-12-21 10:22:13.944root 11241100x8000000000000000335210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93e2ec052903eb42021-12-21 10:22:13.944root 11241100x8000000000000000335211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4133eaa72f9e277d2021-12-21 10:22:13.944root 11241100x8000000000000000335212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47b4b018e7d91982021-12-21 10:22:13.944root 11241100x8000000000000000335213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59f1f8f9b4b2d4b2021-12-21 10:22:14.443root 11241100x8000000000000000335214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609fed0994301c1a2021-12-21 10:22:14.443root 11241100x8000000000000000335215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c1ba76565ab7682021-12-21 10:22:14.443root 11241100x8000000000000000335216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdb279fcfa313482021-12-21 10:22:14.443root 11241100x8000000000000000335217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e847fa820619c3922021-12-21 10:22:14.443root 11241100x8000000000000000335218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798dcfda1b673a1b2021-12-21 10:22:14.444root 11241100x8000000000000000335219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab34e465281e0e22021-12-21 10:22:14.444root 11241100x8000000000000000335220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636a78cb5931cc762021-12-21 10:22:14.444root 11241100x8000000000000000335221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9f1f182a47e3a62021-12-21 10:22:14.444root 11241100x8000000000000000335222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f809a53b55d41722021-12-21 10:22:14.444root 11241100x8000000000000000335223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf537e6274d07052021-12-21 10:22:14.444root 11241100x8000000000000000335224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f3277070d2d81e2021-12-21 10:22:14.943root 11241100x8000000000000000335225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1909d210cb71cba72021-12-21 10:22:14.943root 11241100x8000000000000000335226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49110741d69f1222021-12-21 10:22:14.943root 11241100x8000000000000000335227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed11eb46e398a8fa2021-12-21 10:22:14.943root 11241100x8000000000000000335228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8900d90ef66cbd0d2021-12-21 10:22:14.943root 11241100x8000000000000000335229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665bdc607ac179b72021-12-21 10:22:14.943root 11241100x8000000000000000335230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3baa044fae86e2b82021-12-21 10:22:14.943root 11241100x8000000000000000335231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f296ab0c007d066c2021-12-21 10:22:14.943root 11241100x8000000000000000335232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5274914fdad35b9c2021-12-21 10:22:14.944root 11241100x8000000000000000335233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5259c5d598725b2021-12-21 10:22:14.944root 11241100x8000000000000000335234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed8f3cc4151b7d922021-12-21 10:22:14.944root 11241100x8000000000000000335235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc0d518d3dd0b892021-12-21 10:22:15.443root 11241100x8000000000000000335236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfea17b154575c522021-12-21 10:22:15.443root 11241100x8000000000000000335237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6d1334d0032c4b2021-12-21 10:22:15.443root 11241100x8000000000000000335238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c589de782445e48e2021-12-21 10:22:15.443root 11241100x8000000000000000335239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5da97bab83740d32021-12-21 10:22:15.443root 11241100x8000000000000000335240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695968ce08bdfc4f2021-12-21 10:22:15.443root 11241100x8000000000000000335241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1bc84cf68f959d2021-12-21 10:22:15.443root 11241100x8000000000000000335242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d22ee42482e552e2021-12-21 10:22:15.443root 11241100x8000000000000000335243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6dd1b12f581f50a2021-12-21 10:22:15.443root 11241100x8000000000000000335244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3294e93e71baec2021-12-21 10:22:15.444root 11241100x8000000000000000335245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91eb7670f9bdc1932021-12-21 10:22:15.444root 11241100x8000000000000000335246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0a144cba457faa2021-12-21 10:22:15.943root 11241100x8000000000000000335247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68e01ff904379692021-12-21 10:22:15.943root 11241100x8000000000000000335248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320069cc1f702b602021-12-21 10:22:15.943root 11241100x8000000000000000335249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c71c4519979d362021-12-21 10:22:15.943root 11241100x8000000000000000335250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d14befdaee94c42021-12-21 10:22:15.943root 11241100x8000000000000000335251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672761b1d7bffdcb2021-12-21 10:22:15.943root 11241100x8000000000000000335252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de0641c3d123a012021-12-21 10:22:15.943root 11241100x8000000000000000335253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48e8f7050e54c2c2021-12-21 10:22:15.943root 11241100x8000000000000000335254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098fc70897a2378e2021-12-21 10:22:15.944root 11241100x8000000000000000335255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1b88d2ca08b35f2021-12-21 10:22:15.944root 11241100x8000000000000000335256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002eb8eec462577b2021-12-21 10:22:15.944root 354300x8000000000000000335257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.069{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47000-false10.0.1.12-8000- 11241100x8000000000000000335258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ec1d7ddab79afa2021-12-21 10:22:16.443root 11241100x8000000000000000335259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9b9de1637d0db32021-12-21 10:22:16.443root 11241100x8000000000000000335260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829d0eca007ecfdc2021-12-21 10:22:16.443root 11241100x8000000000000000335261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5199922b22f8767a2021-12-21 10:22:16.443root 11241100x8000000000000000335262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11e622c0c5680232021-12-21 10:22:16.443root 11241100x8000000000000000335263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3874fe8eff668e2021-12-21 10:22:16.443root 11241100x8000000000000000335264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda6aa161071bb2f2021-12-21 10:22:16.443root 11241100x8000000000000000335265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057bbff1315eba832021-12-21 10:22:16.443root 11241100x8000000000000000335266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446c5f74ba3111f12021-12-21 10:22:16.444root 11241100x8000000000000000335267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e51b821d13decf2021-12-21 10:22:16.444root 11241100x8000000000000000335268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4982199b7b09d82021-12-21 10:22:16.444root 11241100x8000000000000000335269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac13bf3f0e3151112021-12-21 10:22:16.444root 11241100x8000000000000000335270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b84204c73024c012021-12-21 10:22:16.943root 11241100x8000000000000000335271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff1d1a6f005d99e2021-12-21 10:22:16.944root 11241100x8000000000000000335272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94147ed6ca313fb52021-12-21 10:22:16.944root 11241100x8000000000000000335273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2458bbbd930d6a512021-12-21 10:22:16.944root 11241100x8000000000000000335274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4b32231302374e2021-12-21 10:22:16.945root 11241100x8000000000000000335275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d12eef9f35e601c2021-12-21 10:22:16.945root 11241100x8000000000000000335276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ac91064fa296122021-12-21 10:22:16.945root 11241100x8000000000000000335277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654ed7efc3f664482021-12-21 10:22:16.945root 11241100x8000000000000000335278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f97aabd701fbc62021-12-21 10:22:16.945root 11241100x8000000000000000335279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1e1dbd7cb6c43c2021-12-21 10:22:16.945root 11241100x8000000000000000335280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c562bb642b0336592021-12-21 10:22:16.946root 11241100x8000000000000000335281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7ad7520af832c62021-12-21 10:22:16.946root 11241100x8000000000000000335282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a089a901747ab82021-12-21 10:22:17.443root 11241100x8000000000000000335283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f125fc414ecf7b7f2021-12-21 10:22:17.443root 11241100x8000000000000000335284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e742cb0d5b5959812021-12-21 10:22:17.443root 11241100x8000000000000000335285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59dce7341a7b7ebc2021-12-21 10:22:17.443root 11241100x8000000000000000335286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc00dab185d12d72021-12-21 10:22:17.443root 11241100x8000000000000000335287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c43a3ac42ee9a2c2021-12-21 10:22:17.443root 11241100x8000000000000000335288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a3264bc0c5d59972021-12-21 10:22:17.443root 11241100x8000000000000000335289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2401216827f59a02021-12-21 10:22:17.443root 11241100x8000000000000000335290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe06840f626d4b3e2021-12-21 10:22:17.443root 11241100x8000000000000000335291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae49c7ca4947428d2021-12-21 10:22:17.443root 11241100x8000000000000000335292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062ec19dfee4cca02021-12-21 10:22:17.444root 11241100x8000000000000000335293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce70768abefcb232021-12-21 10:22:17.444root 11241100x8000000000000000335294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793ecae0a82da7102021-12-21 10:22:17.943root 11241100x8000000000000000335295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53918309e59146692021-12-21 10:22:17.943root 11241100x8000000000000000335296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cd54e14f60cbda2021-12-21 10:22:17.943root 11241100x8000000000000000335297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456223ca4db9ad452021-12-21 10:22:17.943root 11241100x8000000000000000335298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a723b4bd8e9f292021-12-21 10:22:17.943root 11241100x8000000000000000335299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d09dfb251071c02021-12-21 10:22:17.943root 11241100x8000000000000000335300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75446a75240e78c62021-12-21 10:22:17.944root 11241100x8000000000000000335301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a98daa843bbb822021-12-21 10:22:17.944root 11241100x8000000000000000335302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1eaa83bef1840f52021-12-21 10:22:17.944root 11241100x8000000000000000335303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e220c2e19d0abb1a2021-12-21 10:22:17.944root 11241100x8000000000000000335304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d1b7aa2995f70b2021-12-21 10:22:17.944root 11241100x8000000000000000335305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b60c3d2094317752021-12-21 10:22:17.944root 11241100x8000000000000000335306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efccc12821ae0bf02021-12-21 10:22:18.443root 11241100x8000000000000000335307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f71cdbf44afeca12021-12-21 10:22:18.443root 11241100x8000000000000000335308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a80236ebaa830302021-12-21 10:22:18.443root 11241100x8000000000000000335309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb743df12f5cf922021-12-21 10:22:18.443root 11241100x8000000000000000335310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafb2712335212cc2021-12-21 10:22:18.443root 11241100x8000000000000000335311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308ed98ca5836fbe2021-12-21 10:22:18.443root 11241100x8000000000000000335312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36433b01885f9c42021-12-21 10:22:18.443root 11241100x8000000000000000335313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d82a516cde89f72021-12-21 10:22:18.443root 11241100x8000000000000000335314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5b47c962885b022021-12-21 10:22:18.444root 11241100x8000000000000000335315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3179cc02942d72c2021-12-21 10:22:18.444root 11241100x8000000000000000335316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2349a39fd8ced2e32021-12-21 10:22:18.444root 11241100x8000000000000000335317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e75324f8c9e91f2021-12-21 10:22:18.444root 11241100x8000000000000000335318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a743c4a8a203afc52021-12-21 10:22:18.943root 11241100x8000000000000000335319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ef0ef0dcc601ed2021-12-21 10:22:18.943root 11241100x8000000000000000335320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e01bc4c0c873872021-12-21 10:22:18.943root 11241100x8000000000000000335321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f453b964d03c3562021-12-21 10:22:18.943root 11241100x8000000000000000335322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbb56cbafcbc6df2021-12-21 10:22:18.943root 11241100x8000000000000000335323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e557b0f3abd0582021-12-21 10:22:18.943root 11241100x8000000000000000335324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ba1e400ffd822d2021-12-21 10:22:18.943root 11241100x8000000000000000335325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ff58aaa82a7c902021-12-21 10:22:18.944root 11241100x8000000000000000335326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888892baabe973902021-12-21 10:22:18.944root 11241100x8000000000000000335327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be99a681f1e25382021-12-21 10:22:18.944root 11241100x8000000000000000335328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c57ece33d4c8347c2021-12-21 10:22:18.944root 11241100x8000000000000000335329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b310a93adccd54c72021-12-21 10:22:18.944root 11241100x8000000000000000335330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58246f018f0318812021-12-21 10:22:19.443root 11241100x8000000000000000335331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f432294f50286ef32021-12-21 10:22:19.443root 11241100x8000000000000000335332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248889f37a6b231a2021-12-21 10:22:19.443root 11241100x8000000000000000335333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35077ca30b3248d2021-12-21 10:22:19.443root 11241100x8000000000000000335334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a3f4fbb59a805c2021-12-21 10:22:19.443root 11241100x8000000000000000335335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c1dde0b75282352021-12-21 10:22:19.443root 11241100x8000000000000000335336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63dd97eb07b57bc62021-12-21 10:22:19.443root 11241100x8000000000000000335337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad23d2368c8ee1b22021-12-21 10:22:19.443root 11241100x8000000000000000335338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c4ebd05504deef2021-12-21 10:22:19.443root 11241100x8000000000000000335339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc2af0bfc90aa962021-12-21 10:22:19.444root 11241100x8000000000000000335340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37ce4573b14d4052021-12-21 10:22:19.444root 11241100x8000000000000000335341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f646bd15f6bf2a82021-12-21 10:22:19.444root 11241100x8000000000000000335342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a587ccb7bed09f2021-12-21 10:22:19.943root 11241100x8000000000000000335343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffeff0a3a908b3c52021-12-21 10:22:19.943root 11241100x8000000000000000335344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a76fe457aa8608862021-12-21 10:22:19.943root 11241100x8000000000000000335345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42135d47162a9022021-12-21 10:22:19.943root 11241100x8000000000000000335346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2794706dda09fc82021-12-21 10:22:19.943root 11241100x8000000000000000335347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e5d95b8956e3ba2021-12-21 10:22:19.943root 11241100x8000000000000000335348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce664c25b0d65ac2021-12-21 10:22:19.943root 11241100x8000000000000000335349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfce6a046a7aeb12021-12-21 10:22:19.943root 11241100x8000000000000000335350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae788ee07b8380232021-12-21 10:22:19.944root 11241100x8000000000000000335351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66aad4260821e982021-12-21 10:22:19.944root 11241100x8000000000000000335352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7397eaa0e7fcb512021-12-21 10:22:19.944root 11241100x8000000000000000335353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc4635935a62f7e2021-12-21 10:22:19.944root 11241100x8000000000000000335354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4621b253a59d1beb2021-12-21 10:22:20.443root 11241100x8000000000000000335355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede257b5efe89ff12021-12-21 10:22:20.443root 11241100x8000000000000000335356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f9d9a0e7e7940c2021-12-21 10:22:20.443root 11241100x8000000000000000335357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155766605825a9f12021-12-21 10:22:20.443root 11241100x8000000000000000335358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c35dcb18f3e5c02021-12-21 10:22:20.443root 11241100x8000000000000000335359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679aa3900cd28a392021-12-21 10:22:20.443root 11241100x8000000000000000335360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63706fdfda9e67af2021-12-21 10:22:20.443root 11241100x8000000000000000335361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0466cf35505842da2021-12-21 10:22:20.443root 11241100x8000000000000000335362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49d67823a5783452021-12-21 10:22:20.444root 11241100x8000000000000000335363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a143e7e6361effa2021-12-21 10:22:20.444root 11241100x8000000000000000335364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69473ed6109bcd272021-12-21 10:22:20.444root 11241100x8000000000000000335365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3197184f67c1cf12021-12-21 10:22:20.444root 11241100x8000000000000000335366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1499f27efad8fcec2021-12-21 10:22:20.943root 11241100x8000000000000000335367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b524c9b779d60b62021-12-21 10:22:20.943root 11241100x8000000000000000335368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6280e65f59985ee2021-12-21 10:22:20.943root 11241100x8000000000000000335369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863612f76225d0642021-12-21 10:22:20.943root 11241100x8000000000000000335370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55617a0012d488d2021-12-21 10:22:20.943root 11241100x8000000000000000335371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3ce94bd997e2de2021-12-21 10:22:20.943root 11241100x8000000000000000335372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9ab691449d2a452021-12-21 10:22:20.943root 11241100x8000000000000000335373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82df39545c5aa5122021-12-21 10:22:20.944root 11241100x8000000000000000335374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91fa5e751610b1f2021-12-21 10:22:20.944root 11241100x8000000000000000335375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48582eb92993dd8a2021-12-21 10:22:20.944root 11241100x8000000000000000335376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb9d691d6afefd92021-12-21 10:22:20.944root 11241100x8000000000000000335377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc42adff89ab32412021-12-21 10:22:20.944root 354300x8000000000000000335378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.136{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47002-false10.0.1.12-8000- 11241100x8000000000000000335379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e9a96d66d62a5b2021-12-21 10:22:21.443root 11241100x8000000000000000335380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.698c0559b5e1d9ec2021-12-21 10:22:21.443root 11241100x8000000000000000335381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f324331143dddf2021-12-21 10:22:21.443root 11241100x8000000000000000335382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd78a81c12700a682021-12-21 10:22:21.443root 11241100x8000000000000000335383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f71a448f99e47b2021-12-21 10:22:21.443root 11241100x8000000000000000335384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2cffa671cddec902021-12-21 10:22:21.443root 11241100x8000000000000000335385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be5d2e9e15cdf8b2021-12-21 10:22:21.443root 11241100x8000000000000000335386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e9ab85fb8705172021-12-21 10:22:21.443root 11241100x8000000000000000335387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9f1f2bcb523c8d2021-12-21 10:22:21.444root 11241100x8000000000000000335388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b967e04f2ba5137a2021-12-21 10:22:21.444root 11241100x8000000000000000335389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5714b04f8e522662021-12-21 10:22:21.444root 11241100x8000000000000000335390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da668913682773862021-12-21 10:22:21.444root 11241100x8000000000000000335391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66fcf97c61a265262021-12-21 10:22:21.444root 11241100x8000000000000000335392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1753a1a48c9e77bc2021-12-21 10:22:21.943root 11241100x8000000000000000335393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf27f468050974c2021-12-21 10:22:21.943root 11241100x8000000000000000335394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05141fe3d0778c0d2021-12-21 10:22:21.943root 11241100x8000000000000000335395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534054ad30c8ad962021-12-21 10:22:21.943root 11241100x8000000000000000335396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c78186d2c7f14b02021-12-21 10:22:21.943root 11241100x8000000000000000335397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bb3831c0adb9982021-12-21 10:22:21.943root 11241100x8000000000000000335398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2745d632e4b57e42021-12-21 10:22:21.943root 11241100x8000000000000000335399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302a90e9b032a79f2021-12-21 10:22:21.943root 11241100x8000000000000000335400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5964ddab7d61483e2021-12-21 10:22:21.944root 11241100x8000000000000000335401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2188b447705ad5452021-12-21 10:22:21.944root 11241100x8000000000000000335402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dce5e740e4b39012021-12-21 10:22:21.944root 11241100x8000000000000000335403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2951fe8dad415ed2021-12-21 10:22:21.944root 11241100x8000000000000000335404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73936e8d8a55f1742021-12-21 10:22:21.944root 11241100x8000000000000000335405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a2aa801c8c3a0c2021-12-21 10:22:22.443root 11241100x8000000000000000335406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5f5bbf8f11b1772021-12-21 10:22:22.443root 11241100x8000000000000000335407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5edc77885f76a0c2021-12-21 10:22:22.443root 11241100x8000000000000000335408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fd25cc2a2e88f42021-12-21 10:22:22.443root 11241100x8000000000000000335409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e0aa1e55bdef452021-12-21 10:22:22.443root 11241100x8000000000000000335410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b34ac8dbd57a6e92021-12-21 10:22:22.443root 11241100x8000000000000000335411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2a9fca9591d0eb2021-12-21 10:22:22.443root 11241100x8000000000000000335412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e3d6b94a9f30ce2021-12-21 10:22:22.443root 11241100x8000000000000000335413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b05401480e17042021-12-21 10:22:22.444root 11241100x8000000000000000335414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ecdd37cc6ef1522021-12-21 10:22:22.444root 11241100x8000000000000000335415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e88de3f8d5f3c22021-12-21 10:22:22.444root 11241100x8000000000000000335416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8fb8f307a0cd9272021-12-21 10:22:22.444root 11241100x8000000000000000335417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e49194dd9d3f2b22021-12-21 10:22:22.444root 11241100x8000000000000000335418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9596eaea0ccfa82021-12-21 10:22:22.942root 11241100x8000000000000000335419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b8331827bbb7232021-12-21 10:22:22.943root 11241100x8000000000000000335420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907815e44523649b2021-12-21 10:22:22.943root 11241100x8000000000000000335421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77112ad11a38f93b2021-12-21 10:22:22.943root 11241100x8000000000000000335422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3631799423dce32021-12-21 10:22:22.943root 11241100x8000000000000000335423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006c9a49cb0c6f522021-12-21 10:22:22.944root 11241100x8000000000000000335424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6507aa1440a8022021-12-21 10:22:22.944root 11241100x8000000000000000335425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32b6e0378cc21bd2021-12-21 10:22:22.944root 11241100x8000000000000000335426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c63b2d7243dd8f2021-12-21 10:22:22.944root 11241100x8000000000000000335427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b566801b3bf083112021-12-21 10:22:22.945root 11241100x8000000000000000335428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc44fe53d305a572021-12-21 10:22:22.945root 11241100x8000000000000000335429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26caab3700f020e42021-12-21 10:22:22.945root 11241100x8000000000000000335430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0803719b26294e2021-12-21 10:22:22.945root 11241100x8000000000000000335431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9bea045ec462232021-12-21 10:22:22.945root 11241100x8000000000000000335432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae73407e5e152e652021-12-21 10:22:22.945root 11241100x8000000000000000335433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb06d5ef612b3e632021-12-21 10:22:22.945root 11241100x8000000000000000335434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9dda773ae2991b52021-12-21 10:22:22.945root 11241100x8000000000000000335435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a64cbcf1d5ab3d2021-12-21 10:22:22.945root 11241100x8000000000000000335436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1f80cc8c02c1802021-12-21 10:22:23.443root 11241100x8000000000000000335437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de009bc13a7debd2021-12-21 10:22:23.443root 11241100x8000000000000000335438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765e94afd33b9fa52021-12-21 10:22:23.443root 11241100x8000000000000000335439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323c047cbdbb9c992021-12-21 10:22:23.444root 11241100x8000000000000000335440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165917946ee2dbb62021-12-21 10:22:23.444root 11241100x8000000000000000335441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2669bd7750b9d52021-12-21 10:22:23.444root 11241100x8000000000000000335442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75afcecd2b55f6a72021-12-21 10:22:23.444root 11241100x8000000000000000335443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e22432276ced01a2021-12-21 10:22:23.444root 11241100x8000000000000000335444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f5882ecb0d4fc12021-12-21 10:22:23.444root 11241100x8000000000000000335445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15e5a2a5265d8682021-12-21 10:22:23.444root 11241100x8000000000000000335446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7cce17a77df8e42021-12-21 10:22:23.444root 11241100x8000000000000000335447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06cc46d3ee0269ed2021-12-21 10:22:23.444root 11241100x8000000000000000335448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a968df07684d80442021-12-21 10:22:23.445root 11241100x8000000000000000335449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1c0f3dddd079d32021-12-21 10:22:23.943root 11241100x8000000000000000335450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cbf4ac9917b2a72021-12-21 10:22:23.943root 11241100x8000000000000000335451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f323d8d2a88eb82021-12-21 10:22:23.943root 11241100x8000000000000000335452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04ec3c7c915e8292021-12-21 10:22:23.943root 11241100x8000000000000000335453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05760c26a47471bf2021-12-21 10:22:23.944root 11241100x8000000000000000335454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7de4df320bd6912021-12-21 10:22:23.944root 11241100x8000000000000000335455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15de68d21fd4c8cc2021-12-21 10:22:23.944root 11241100x8000000000000000335456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3502318b4ccf3c582021-12-21 10:22:23.944root 11241100x8000000000000000335457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bed45fcfad3dc052021-12-21 10:22:23.944root 11241100x8000000000000000335458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62caadca307b86ac2021-12-21 10:22:23.944root 11241100x8000000000000000335459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2490b8d51064117d2021-12-21 10:22:23.944root 11241100x8000000000000000335460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f205edd5cd8e88ab2021-12-21 10:22:23.944root 11241100x8000000000000000335461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa7ac34c5eee6b92021-12-21 10:22:23.944root 11241100x8000000000000000335462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15b98d5cf95ab512021-12-21 10:22:24.443root 11241100x8000000000000000335463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da311748b061d6c2021-12-21 10:22:24.443root 11241100x8000000000000000335464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ff73ed99aa71232021-12-21 10:22:24.443root 11241100x8000000000000000335465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35f9f31d86449312021-12-21 10:22:24.443root 11241100x8000000000000000335466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03103116c4411b92021-12-21 10:22:24.443root 11241100x8000000000000000335467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c88872057d1abd2021-12-21 10:22:24.443root 11241100x8000000000000000335468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d626c0575871dc2f2021-12-21 10:22:24.443root 11241100x8000000000000000335469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1db5af461536f32021-12-21 10:22:24.444root 11241100x8000000000000000335470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5132d92b43231a2021-12-21 10:22:24.444root 11241100x8000000000000000335471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9fa3d045478ddb2021-12-21 10:22:24.444root 11241100x8000000000000000335472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92547220e0ea11a2021-12-21 10:22:24.444root 11241100x8000000000000000335473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267c6360a8bc218e2021-12-21 10:22:24.444root 11241100x8000000000000000335474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946041f5a0e56f712021-12-21 10:22:24.444root 11241100x8000000000000000335475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb39e2662032cba32021-12-21 10:22:24.943root 11241100x8000000000000000335476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b904e9ce2ebd19e2021-12-21 10:22:24.943root 11241100x8000000000000000335477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7beab05607de0da12021-12-21 10:22:24.943root 11241100x8000000000000000335478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36642b2050ace5d2021-12-21 10:22:24.943root 11241100x8000000000000000335479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d389b93f4fc5af7c2021-12-21 10:22:24.943root 11241100x8000000000000000335480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f6719ee5f496d12021-12-21 10:22:24.944root 11241100x8000000000000000335481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1ce9e4369658292021-12-21 10:22:24.944root 11241100x8000000000000000335482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b5b664e23685662021-12-21 10:22:24.944root 11241100x8000000000000000335483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da9b29beeac6c242021-12-21 10:22:24.944root 11241100x8000000000000000335484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bc72a6d0f746962021-12-21 10:22:24.944root 11241100x8000000000000000335485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b6c4c2a9f0ddb22021-12-21 10:22:24.944root 11241100x8000000000000000335486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a94a2a0b70e8392021-12-21 10:22:24.944root 11241100x8000000000000000335487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0192e832c966bd2021-12-21 10:22:24.945root 354300x8000000000000000335488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.076{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-34068-false10.0.1.12-8089- 11241100x8000000000000000335489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b1033bbc04bb372021-12-21 10:22:25.443root 11241100x8000000000000000335490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962044bd819d1ffc2021-12-21 10:22:25.443root 11241100x8000000000000000335491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54460e25dd693d672021-12-21 10:22:25.443root 11241100x8000000000000000335492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0b953ad2b426232021-12-21 10:22:25.443root 11241100x8000000000000000335493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671e4eded1d93aab2021-12-21 10:22:25.443root 11241100x8000000000000000335494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9421cb70f8b19d3c2021-12-21 10:22:25.443root 11241100x8000000000000000335495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e85166c50c198282021-12-21 10:22:25.443root 11241100x8000000000000000335496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7d210bbb40dd672021-12-21 10:22:25.444root 11241100x8000000000000000335497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2977651b87bcbf12021-12-21 10:22:25.444root 11241100x8000000000000000335498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f6a1a0e7f924192021-12-21 10:22:25.444root 11241100x8000000000000000335499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2241157b83af3982021-12-21 10:22:25.444root 11241100x8000000000000000335500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50d0b3cf0a05e982021-12-21 10:22:25.444root 11241100x8000000000000000335501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee68c77b7bf96b72021-12-21 10:22:25.444root 11241100x8000000000000000335502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae1c1b8e28479db2021-12-21 10:22:25.444root 11241100x8000000000000000335503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e44f8a0114c40db2021-12-21 10:22:25.943root 11241100x8000000000000000335504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.079e997c4a9a05c12021-12-21 10:22:25.943root 11241100x8000000000000000335505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d5e8f13540f8132021-12-21 10:22:25.943root 11241100x8000000000000000335506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796222041f87581a2021-12-21 10:22:25.943root 11241100x8000000000000000335507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e5494aae6699532021-12-21 10:22:25.943root 11241100x8000000000000000335508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c0a3eccf26fcab2021-12-21 10:22:25.943root 11241100x8000000000000000335509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c56a8489f8865de2021-12-21 10:22:25.944root 11241100x8000000000000000335510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412e49ab7fc90c282021-12-21 10:22:25.944root 11241100x8000000000000000335511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56070b7cec610a42021-12-21 10:22:25.944root 11241100x8000000000000000335512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9ed5d6d27541c52021-12-21 10:22:25.944root 11241100x8000000000000000335513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a75b576a87edf732021-12-21 10:22:25.944root 11241100x8000000000000000335514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb54dd619e379742021-12-21 10:22:25.944root 11241100x8000000000000000335515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade7587ac919ca732021-12-21 10:22:25.944root 11241100x8000000000000000335516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c112841f0a048c2021-12-21 10:22:25.944root 11241100x8000000000000000335517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca35dc126d66cf8f2021-12-21 10:22:26.443root 11241100x8000000000000000335518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad383adba44741ff2021-12-21 10:22:26.443root 11241100x8000000000000000335519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbaa87ad08022062021-12-21 10:22:26.443root 11241100x8000000000000000335520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d23a6aba51a8ef2021-12-21 10:22:26.444root 11241100x8000000000000000335521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b9db813e8de4ba2021-12-21 10:22:26.444root 11241100x8000000000000000335522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9306195f74463e4c2021-12-21 10:22:26.444root 11241100x8000000000000000335523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80509fd8938cbb0c2021-12-21 10:22:26.444root 11241100x8000000000000000335524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a801a5a120f3b0932021-12-21 10:22:26.444root 11241100x8000000000000000335525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3294279418b2aa782021-12-21 10:22:26.444root 11241100x8000000000000000335526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9791383f6c4323cf2021-12-21 10:22:26.444root 11241100x8000000000000000335527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f7dde873f6a9542021-12-21 10:22:26.444root 11241100x8000000000000000335528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150f6d12583844132021-12-21 10:22:26.445root 11241100x8000000000000000335529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51bff928a0cce072021-12-21 10:22:26.445root 11241100x8000000000000000335530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375ab629a734ecdf2021-12-21 10:22:26.445root 11241100x8000000000000000335531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9dfb271b99d4902021-12-21 10:22:26.943root 11241100x8000000000000000335532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58bebe105bf8d242021-12-21 10:22:26.943root 11241100x8000000000000000335533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af458a97302f4762021-12-21 10:22:26.943root 11241100x8000000000000000335534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67fff824257a6e8b2021-12-21 10:22:26.943root 11241100x8000000000000000335535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60211f5089fc2b82021-12-21 10:22:26.943root 11241100x8000000000000000335536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10068ba947f12982021-12-21 10:22:26.944root 11241100x8000000000000000335537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713f719ce51e36222021-12-21 10:22:26.944root 11241100x8000000000000000335538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13076b04f916219e2021-12-21 10:22:26.944root 11241100x8000000000000000335539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68637071511c86c62021-12-21 10:22:26.944root 11241100x8000000000000000335540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e33712bb5bccfb2021-12-21 10:22:26.944root 11241100x8000000000000000335541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1258e729fe7c7e492021-12-21 10:22:26.944root 11241100x8000000000000000335542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33fabeb9e74a4f692021-12-21 10:22:26.944root 11241100x8000000000000000335543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18849aacccfde89a2021-12-21 10:22:26.944root 11241100x8000000000000000335544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e174cac6263ae1342021-12-21 10:22:26.944root 354300x8000000000000000335545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.048{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47006-false10.0.1.12-8000- 11241100x8000000000000000335546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f88b541028211542021-12-21 10:22:27.443root 11241100x8000000000000000335547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7749b05eefb976562021-12-21 10:22:27.443root 11241100x8000000000000000335548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8825cc65de8634702021-12-21 10:22:27.443root 11241100x8000000000000000335549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0391fd81531961a32021-12-21 10:22:27.443root 11241100x8000000000000000335550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831359f59728b1d82021-12-21 10:22:27.443root 11241100x8000000000000000335551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cae096566f43a922021-12-21 10:22:27.444root 11241100x8000000000000000335552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4539b1a8976b918e2021-12-21 10:22:27.444root 11241100x8000000000000000335553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5982cd68aa7a1a82021-12-21 10:22:27.444root 11241100x8000000000000000335554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8677133db5a54eaf2021-12-21 10:22:27.444root 11241100x8000000000000000335555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc38dc27561760602021-12-21 10:22:27.444root 11241100x8000000000000000335556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402a3e531410781c2021-12-21 10:22:27.444root 11241100x8000000000000000335557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a97b8636ab89132021-12-21 10:22:27.444root 11241100x8000000000000000335558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375fc8009ac9b1e92021-12-21 10:22:27.444root 11241100x8000000000000000335559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de238dc7d372f5d12021-12-21 10:22:27.444root 11241100x8000000000000000335560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5476f036714765422021-12-21 10:22:27.444root 11241100x8000000000000000335561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b402aeb008d9e512021-12-21 10:22:27.943root 11241100x8000000000000000335562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47aa391cc58e2a4c2021-12-21 10:22:27.943root 11241100x8000000000000000335563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c62d3b3ecb9a7d2021-12-21 10:22:27.943root 11241100x8000000000000000335564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6fae2864c810b942021-12-21 10:22:27.943root 11241100x8000000000000000335565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26f239f23c3d1b92021-12-21 10:22:27.943root 11241100x8000000000000000335566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2bd4bfec922ebe2021-12-21 10:22:27.943root 11241100x8000000000000000335567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70967d3d0aeac0f02021-12-21 10:22:27.943root 11241100x8000000000000000335568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab9d993488fbebd2021-12-21 10:22:27.944root 11241100x8000000000000000335569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2225746268c1b60d2021-12-21 10:22:27.944root 11241100x8000000000000000335570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8356be79991d252021-12-21 10:22:27.944root 11241100x8000000000000000335571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46339ba35a2f6d222021-12-21 10:22:27.944root 11241100x8000000000000000335572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e680c10c9de657e2021-12-21 10:22:27.944root 11241100x8000000000000000335573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99646865d44e6f872021-12-21 10:22:27.944root 11241100x8000000000000000335574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6de34cc64cffed42021-12-21 10:22:27.944root 11241100x8000000000000000335575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4a52f860284d6f2021-12-21 10:22:27.944root 11241100x8000000000000000335576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe7ff41b9a7a2262021-12-21 10:22:28.443root 11241100x8000000000000000335577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f10602374ef25dd2021-12-21 10:22:28.443root 11241100x8000000000000000335578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f20d83eab8a59d2021-12-21 10:22:28.443root 11241100x8000000000000000335579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5712d4310d2237c32021-12-21 10:22:28.443root 11241100x8000000000000000335580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0fb50f6ad0da4e2021-12-21 10:22:28.443root 11241100x8000000000000000335581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ed9398f49467e02021-12-21 10:22:28.443root 11241100x8000000000000000335582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9fa0ac8ff2b3e92021-12-21 10:22:28.444root 11241100x8000000000000000335583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99b4229213838542021-12-21 10:22:28.444root 11241100x8000000000000000335584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35fb5ecda075d7292021-12-21 10:22:28.444root 11241100x8000000000000000335585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6205d7b77c1484d2021-12-21 10:22:28.444root 11241100x8000000000000000335586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b429c592bb3b8a12021-12-21 10:22:28.444root 11241100x8000000000000000335587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b7eb7119c13efd2021-12-21 10:22:28.444root 11241100x8000000000000000335588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d929cdb6155f1c982021-12-21 10:22:28.444root 11241100x8000000000000000335589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e434c427e6b9372021-12-21 10:22:28.444root 11241100x8000000000000000335590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28fe0124fcbf96832021-12-21 10:22:28.444root 11241100x8000000000000000335591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9770244e7b5abe2021-12-21 10:22:28.943root 11241100x8000000000000000335592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cab76c3b90e9c7b2021-12-21 10:22:28.943root 11241100x8000000000000000335593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070c530024f7f29d2021-12-21 10:22:28.943root 11241100x8000000000000000335594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78490a38fc7d329c2021-12-21 10:22:28.943root 11241100x8000000000000000335595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9dd5d328d1eb382021-12-21 10:22:28.943root 11241100x8000000000000000335596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8c25e11a1f28252021-12-21 10:22:28.943root 11241100x8000000000000000335597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d0df28d01f38702021-12-21 10:22:28.944root 11241100x8000000000000000335598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ff503b984584b82021-12-21 10:22:28.944root 11241100x8000000000000000335599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff30859283c2c0372021-12-21 10:22:28.944root 11241100x8000000000000000335600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe50da8fbfbc5842021-12-21 10:22:28.944root 11241100x8000000000000000335601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d859ad5ca0b9bebc2021-12-21 10:22:28.944root 11241100x8000000000000000335602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008e73a9ac99fd992021-12-21 10:22:28.944root 11241100x8000000000000000335603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792ce953067c8a622021-12-21 10:22:28.944root 11241100x8000000000000000335604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35df62854af7deac2021-12-21 10:22:28.944root 11241100x8000000000000000335605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4742fdbb29f52d2021-12-21 10:22:28.944root 11241100x8000000000000000335606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f662ab5d70857f82021-12-21 10:22:29.443root 11241100x8000000000000000335607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a01ee85b62aba12021-12-21 10:22:29.443root 11241100x8000000000000000335608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12b2ac26117864e2021-12-21 10:22:29.443root 11241100x8000000000000000335609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600d0409dd6fa2e62021-12-21 10:22:29.443root 11241100x8000000000000000335610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0533b7f180962e952021-12-21 10:22:29.443root 11241100x8000000000000000335611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20de7a714edc5f1f2021-12-21 10:22:29.444root 11241100x8000000000000000335612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54376e8fb2dd43d02021-12-21 10:22:29.444root 11241100x8000000000000000335613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c43e3b0c3948f02021-12-21 10:22:29.444root 11241100x8000000000000000335614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bb4a315d9da15e2021-12-21 10:22:29.444root 11241100x8000000000000000335615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0800ec055eb91ac32021-12-21 10:22:29.444root 11241100x8000000000000000335616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5afd8a2106b3b382021-12-21 10:22:29.444root 11241100x8000000000000000335617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29a93783564a8fb2021-12-21 10:22:29.444root 11241100x8000000000000000335618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56d469c431500e92021-12-21 10:22:29.444root 11241100x8000000000000000335619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18949c116fd199d92021-12-21 10:22:29.444root 11241100x8000000000000000335620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e5ac49b76bc9e92021-12-21 10:22:29.444root 11241100x8000000000000000335621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9298516831edf852021-12-21 10:22:29.943root 11241100x8000000000000000335622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04693ff7710d9ec42021-12-21 10:22:29.943root 11241100x8000000000000000335623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b13090accf43e42021-12-21 10:22:29.943root 11241100x8000000000000000335624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e608c10f33e74f2021-12-21 10:22:29.943root 11241100x8000000000000000335625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d81b4da6ffc3152021-12-21 10:22:29.943root 11241100x8000000000000000335626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3565c2c7e7e338cd2021-12-21 10:22:29.944root 11241100x8000000000000000335627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd219a81e4f039cb2021-12-21 10:22:29.944root 11241100x8000000000000000335628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d2517f8171c8282021-12-21 10:22:29.944root 11241100x8000000000000000335629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94483703498bafd2021-12-21 10:22:29.944root 11241100x8000000000000000335630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528d3576271557052021-12-21 10:22:29.945root 11241100x8000000000000000335631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2981d91c8a3ad1df2021-12-21 10:22:29.945root 11241100x8000000000000000335632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466c0903f6c633492021-12-21 10:22:29.945root 11241100x8000000000000000335633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d4a4ba43cfb9242021-12-21 10:22:29.945root 11241100x8000000000000000335634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbb0662884989892021-12-21 10:22:29.945root 11241100x8000000000000000335635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db43454c292d724b2021-12-21 10:22:29.945root 11241100x8000000000000000335636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b36313f4ce50962021-12-21 10:22:30.443root 11241100x8000000000000000335637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4afbe577114807432021-12-21 10:22:30.443root 11241100x8000000000000000335638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23cffe4502c35502021-12-21 10:22:30.443root 11241100x8000000000000000335639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d84b5b06529f182021-12-21 10:22:30.443root 11241100x8000000000000000335640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5f2c623bf553542021-12-21 10:22:30.443root 11241100x8000000000000000335641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c3f563e85e346c2021-12-21 10:22:30.443root 11241100x8000000000000000335642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4d35e0bdd927452021-12-21 10:22:30.443root 11241100x8000000000000000335643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70e8e07dc03beb82021-12-21 10:22:30.444root 11241100x8000000000000000335644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065c593e32d75e402021-12-21 10:22:30.444root 11241100x8000000000000000335645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd929e92840a20eb2021-12-21 10:22:30.444root 11241100x8000000000000000335646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374245c8dffef52f2021-12-21 10:22:30.444root 11241100x8000000000000000335647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8eeb95577717d22021-12-21 10:22:30.444root 11241100x8000000000000000335648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11ed5a4ec3a85952021-12-21 10:22:30.444root 11241100x8000000000000000335649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d6b09b5acb60012021-12-21 10:22:30.444root 11241100x8000000000000000335650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbe37fc3dcc0d972021-12-21 10:22:30.444root 11241100x8000000000000000335651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a0b9d5391828bf2021-12-21 10:22:30.943root 11241100x8000000000000000335652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245277fa8ae9d1b12021-12-21 10:22:30.943root 11241100x8000000000000000335653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64704641764f58c92021-12-21 10:22:30.943root 11241100x8000000000000000335654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d9b6c1326ac6b32021-12-21 10:22:30.943root 11241100x8000000000000000335655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1479ab72ebcb6a42021-12-21 10:22:30.943root 11241100x8000000000000000335656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e21087beab3de6f2021-12-21 10:22:30.943root 11241100x8000000000000000335657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1590ecc33d3bffa2021-12-21 10:22:30.943root 11241100x8000000000000000335658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae021d71ace84462021-12-21 10:22:30.943root 11241100x8000000000000000335659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77e267f471c6f1d2021-12-21 10:22:30.944root 11241100x8000000000000000335660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755d83185135cd6d2021-12-21 10:22:30.944root 11241100x8000000000000000335661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b751cdd94cb7c602021-12-21 10:22:30.944root 11241100x8000000000000000335662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af254ffa1ca79bba2021-12-21 10:22:30.944root 11241100x8000000000000000335663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513994569ebb91632021-12-21 10:22:30.944root 11241100x8000000000000000335664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56c34a346c99c8c2021-12-21 10:22:30.944root 11241100x8000000000000000335665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4852cb012cadd662021-12-21 10:22:30.944root 11241100x8000000000000000335666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9a09ed7dec1ddb2021-12-21 10:22:31.443root 11241100x8000000000000000335667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff66c469cd5dc4b2021-12-21 10:22:31.443root 11241100x8000000000000000335668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93aaec61a26cfd22021-12-21 10:22:31.444root 11241100x8000000000000000335669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88860ba61716aa672021-12-21 10:22:31.444root 11241100x8000000000000000335670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da48e0f1ca23ba92021-12-21 10:22:31.444root 11241100x8000000000000000335671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f99d4d66f800f52021-12-21 10:22:31.445root 11241100x8000000000000000335672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591aebeb7f5da93a2021-12-21 10:22:31.445root 11241100x8000000000000000335673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85b62842b155c1e2021-12-21 10:22:31.445root 11241100x8000000000000000335674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5707fe59c7675a82021-12-21 10:22:31.445root 11241100x8000000000000000335675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f410ae663d280fe42021-12-21 10:22:31.445root 11241100x8000000000000000335676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b0b36dbec182c32021-12-21 10:22:31.445root 11241100x8000000000000000335677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ecfab2b5f0b50dd2021-12-21 10:22:31.446root 11241100x8000000000000000335678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abb8ab3ff3bb3a32021-12-21 10:22:31.446root 11241100x8000000000000000335679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2799cb47e7bce29b2021-12-21 10:22:31.446root 11241100x8000000000000000335680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0165768209cc0ee2021-12-21 10:22:31.446root 11241100x8000000000000000335681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b778369b8c1313f2021-12-21 10:22:31.943root 11241100x8000000000000000335682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc9da189f79ac4d2021-12-21 10:22:31.943root 11241100x8000000000000000335683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f431ce41f564d96c2021-12-21 10:22:31.943root 11241100x8000000000000000335684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf034b90ec8a44c2021-12-21 10:22:31.943root 11241100x8000000000000000335685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5859624d67237932021-12-21 10:22:31.943root 11241100x8000000000000000335686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2040d5c3a3767d6f2021-12-21 10:22:31.943root 11241100x8000000000000000335687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c7ce6b36ab2ac62021-12-21 10:22:31.943root 11241100x8000000000000000335688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad806f2614873cb2021-12-21 10:22:31.943root 11241100x8000000000000000335689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceea7d155958b3fc2021-12-21 10:22:31.944root 11241100x8000000000000000335690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcddfcb2cf6958132021-12-21 10:22:31.944root 11241100x8000000000000000335691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207e90867be6d5b02021-12-21 10:22:31.944root 11241100x8000000000000000335692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1568b185685d5ff32021-12-21 10:22:31.944root 11241100x8000000000000000335693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a686b094de976302021-12-21 10:22:31.944root 11241100x8000000000000000335694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f61a921d0959982021-12-21 10:22:31.944root 11241100x8000000000000000335695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac44d500e00404e02021-12-21 10:22:31.944root 11241100x8000000000000000335696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50eea1ef5e3384d22021-12-21 10:22:32.443root 11241100x8000000000000000335697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83efbe8ff601926e2021-12-21 10:22:32.443root 11241100x8000000000000000335698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978a717f6d6784e42021-12-21 10:22:32.443root 11241100x8000000000000000335699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6a5af1cdc5658d2021-12-21 10:22:32.443root 11241100x8000000000000000335700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228896f332eeeb712021-12-21 10:22:32.443root 11241100x8000000000000000335701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca15acf1355058e22021-12-21 10:22:32.443root 11241100x8000000000000000335702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d846509a5d409be72021-12-21 10:22:32.443root 11241100x8000000000000000335703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2f4fc21d87edcf2021-12-21 10:22:32.444root 11241100x8000000000000000335704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53896646f4d85352021-12-21 10:22:32.444root 11241100x8000000000000000335705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa62d069e3e56dbd2021-12-21 10:22:32.444root 11241100x8000000000000000335706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581c0630edfb77162021-12-21 10:22:32.444root 11241100x8000000000000000335707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae7d9ddac0692af2021-12-21 10:22:32.444root 11241100x8000000000000000335708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f11079104aa0f42021-12-21 10:22:32.444root 11241100x8000000000000000335709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97e5e8b06b750092021-12-21 10:22:32.444root 11241100x8000000000000000335710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5806edb7a671aa2021-12-21 10:22:32.444root 11241100x8000000000000000335711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48bbf487b9c8063b2021-12-21 10:22:32.943root 11241100x8000000000000000335712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0d72360a9ad9c72021-12-21 10:22:32.943root 11241100x8000000000000000335713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9560272f2f515252021-12-21 10:22:32.943root 11241100x8000000000000000335714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82379402cc8248db2021-12-21 10:22:32.943root 11241100x8000000000000000335715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c720d5eb91d490292021-12-21 10:22:32.943root 11241100x8000000000000000335716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a5db7abbcfd64d2021-12-21 10:22:32.943root 11241100x8000000000000000335717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b15cd375d81c8d2021-12-21 10:22:32.944root 11241100x8000000000000000335718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f008844dbd9b3a352021-12-21 10:22:32.944root 11241100x8000000000000000335719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba7f9656d9a5adc2021-12-21 10:22:32.944root 11241100x8000000000000000335720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb085c0543eece202021-12-21 10:22:32.944root 11241100x8000000000000000335721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab24040b8d63fe22021-12-21 10:22:32.944root 11241100x8000000000000000335722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56415224f76e80d22021-12-21 10:22:32.944root 11241100x8000000000000000335723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3ba7c0249a9fe92021-12-21 10:22:32.944root 11241100x8000000000000000335724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b3c7712361a3012021-12-21 10:22:32.944root 11241100x8000000000000000335725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766b70e1bc6d373a2021-12-21 10:22:32.944root 354300x8000000000000000335726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.016{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47008-false10.0.1.12-8000- 11241100x8000000000000000335727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ac4811eb8335cb2021-12-21 10:22:33.443root 11241100x8000000000000000335728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20682997866d66692021-12-21 10:22:33.443root 11241100x8000000000000000335729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82c16f28f19e5cc2021-12-21 10:22:33.444root 11241100x8000000000000000335730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ed53dbf28365dc2021-12-21 10:22:33.444root 11241100x8000000000000000335731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee9f15785289ebf2021-12-21 10:22:33.444root 11241100x8000000000000000335732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4151d77fe6ff1f92021-12-21 10:22:33.445root 11241100x8000000000000000335733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045e9eb5296723252021-12-21 10:22:33.445root 11241100x8000000000000000335734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669490fcb82bb3742021-12-21 10:22:33.445root 11241100x8000000000000000335735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8e99f4ca72745d2021-12-21 10:22:33.445root 11241100x8000000000000000335736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f6ec13e175391a2021-12-21 10:22:33.445root 11241100x8000000000000000335737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454cc4d3f0b595d72021-12-21 10:22:33.445root 11241100x8000000000000000335738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db89139ec3af128d2021-12-21 10:22:33.445root 11241100x8000000000000000335739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e98ab76d7928852021-12-21 10:22:33.445root 11241100x8000000000000000335740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c102f1e88690d42021-12-21 10:22:33.445root 11241100x8000000000000000335741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54ae220363ec5952021-12-21 10:22:33.445root 11241100x8000000000000000335742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a056a1a8cab7922021-12-21 10:22:33.446root 11241100x8000000000000000335743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7bbeb237da1f642021-12-21 10:22:33.943root 11241100x8000000000000000335744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c980aa469a342e2021-12-21 10:22:33.943root 11241100x8000000000000000335745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a37b1c4c34bf062021-12-21 10:22:33.943root 11241100x8000000000000000335746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a951c2fc251b7e2021-12-21 10:22:33.943root 11241100x8000000000000000335747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd86ee4bc8d551052021-12-21 10:22:33.943root 11241100x8000000000000000335748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eedefd02848419692021-12-21 10:22:33.943root 11241100x8000000000000000335749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8d502ef4717d2f2021-12-21 10:22:33.944root 11241100x8000000000000000335750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5e9eb466e694782021-12-21 10:22:33.944root 11241100x8000000000000000335751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b36a931c912e142021-12-21 10:22:33.944root 11241100x8000000000000000335752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d7ced154b11a102021-12-21 10:22:33.944root 11241100x8000000000000000335753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e98dbf6d26f0752021-12-21 10:22:33.944root 11241100x8000000000000000335754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44d518b8b5b039c2021-12-21 10:22:33.944root 11241100x8000000000000000335755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51777f9a2b9e10422021-12-21 10:22:33.944root 11241100x8000000000000000335756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ed8b5ff477f8ab2021-12-21 10:22:33.944root 11241100x8000000000000000335757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b7727f4de4fbbf2021-12-21 10:22:33.944root 11241100x8000000000000000335758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c46a12460a2a0f2021-12-21 10:22:33.944root 11241100x8000000000000000335759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406aefeea0c04b672021-12-21 10:22:34.443root 11241100x8000000000000000335760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e143291b660e20b2021-12-21 10:22:34.443root 11241100x8000000000000000335761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6a05cdaf56395f2021-12-21 10:22:34.443root 11241100x8000000000000000335762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9a5601edb7f8292021-12-21 10:22:34.443root 11241100x8000000000000000335763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c51ab131f397692021-12-21 10:22:34.444root 11241100x8000000000000000335764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864cfa9318955d3b2021-12-21 10:22:34.444root 11241100x8000000000000000335765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eed1e3f0fd74f2c2021-12-21 10:22:34.444root 11241100x8000000000000000335766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a794bce116038b2021-12-21 10:22:34.444root 11241100x8000000000000000335767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134dc69c68d90e2e2021-12-21 10:22:34.444root 11241100x8000000000000000335768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e114f91502c8c1132021-12-21 10:22:34.444root 11241100x8000000000000000335769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f0896082c73bcb2021-12-21 10:22:34.444root 11241100x8000000000000000335770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48b8c435bc0fe282021-12-21 10:22:34.444root 11241100x8000000000000000335771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e06d4ca0b2eb02c2021-12-21 10:22:34.444root 11241100x8000000000000000335772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869ac183abd1c8262021-12-21 10:22:34.444root 11241100x8000000000000000335773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe55cc7c351eb1c2021-12-21 10:22:34.445root 11241100x8000000000000000335774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb8ab84267834fb2021-12-21 10:22:34.445root 11241100x8000000000000000335775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7266d702a6a85d032021-12-21 10:22:34.943root 11241100x8000000000000000335776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ed536ade6bb04c2021-12-21 10:22:34.943root 11241100x8000000000000000335777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2ba245d6d1d0982021-12-21 10:22:34.943root 11241100x8000000000000000335778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c04485347c9d5422021-12-21 10:22:34.944root 11241100x8000000000000000335779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f20178cba3328c2021-12-21 10:22:34.944root 11241100x8000000000000000335780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46c31843b1113fd2021-12-21 10:22:34.944root 11241100x8000000000000000335781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b83b106596c1ed2021-12-21 10:22:34.944root 11241100x8000000000000000335782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec16d964d3766522021-12-21 10:22:34.944root 11241100x8000000000000000335783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2e9d7b0c9f7e832021-12-21 10:22:34.944root 11241100x8000000000000000335784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015adda349bf358d2021-12-21 10:22:34.944root 11241100x8000000000000000335785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa107b9c7af376d2021-12-21 10:22:34.944root 11241100x8000000000000000335786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338f62525bf2c1a42021-12-21 10:22:34.944root 11241100x8000000000000000335787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041b59ea959040792021-12-21 10:22:34.945root 11241100x8000000000000000335788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59b8b6ded51238a2021-12-21 10:22:34.945root 11241100x8000000000000000335789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486c227fa93283692021-12-21 10:22:34.945root 11241100x8000000000000000335790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed6006dfa5e21232021-12-21 10:22:34.945root 11241100x8000000000000000335791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad627c975a47ba22021-12-21 10:22:35.443root 11241100x8000000000000000335792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b3118eda44c7592021-12-21 10:22:35.443root 11241100x8000000000000000335793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8e0cfb676290012021-12-21 10:22:35.443root 11241100x8000000000000000335794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603ecadeb48a3d332021-12-21 10:22:35.443root 11241100x8000000000000000335795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2883a1dd12521a2021-12-21 10:22:35.444root 11241100x8000000000000000335796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7ac8b4ab9e19fd2021-12-21 10:22:35.444root 11241100x8000000000000000335797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff61db768bf17b222021-12-21 10:22:35.444root 11241100x8000000000000000335798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdd054432282fbd2021-12-21 10:22:35.444root 11241100x8000000000000000335799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1b61f17535fb3d2021-12-21 10:22:35.444root 11241100x8000000000000000335800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02cace661d37ff362021-12-21 10:22:35.444root 11241100x8000000000000000335801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2ed9c6e16e0f9f2021-12-21 10:22:35.444root 11241100x8000000000000000335802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b7f9e5fe47365c2021-12-21 10:22:35.444root 11241100x8000000000000000335803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c6d847e23f01612021-12-21 10:22:35.444root 11241100x8000000000000000335804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc034335b1ca84f2021-12-21 10:22:35.445root 11241100x8000000000000000335805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228d157fc1e2deb52021-12-21 10:22:35.445root 11241100x8000000000000000335806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f833387833c7542021-12-21 10:22:35.445root 11241100x8000000000000000335807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68101d2c32fd6c92021-12-21 10:22:35.943root 11241100x8000000000000000335808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b34de5df5e7e6302021-12-21 10:22:35.943root 11241100x8000000000000000335809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f49d2ede4884a62021-12-21 10:22:35.943root 11241100x8000000000000000335810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e7a5b0542cbf432021-12-21 10:22:35.943root 11241100x8000000000000000335811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbecebd46047a562021-12-21 10:22:35.944root 11241100x8000000000000000335812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a25cc7664c55682021-12-21 10:22:35.944root 11241100x8000000000000000335813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656db4d1d84a47092021-12-21 10:22:35.944root 11241100x8000000000000000335814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ba7df3c20b6c152021-12-21 10:22:35.944root 11241100x8000000000000000335815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad333e55b914f9d42021-12-21 10:22:35.944root 11241100x8000000000000000335816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16a0bae592fae8a2021-12-21 10:22:35.944root 11241100x8000000000000000335817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c501ab3ebd25fdb52021-12-21 10:22:35.944root 11241100x8000000000000000335818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8902599d40d3a32021-12-21 10:22:35.944root 11241100x8000000000000000335819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b21fce7fc59e2fd2021-12-21 10:22:35.944root 11241100x8000000000000000335820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00bfe491ace628602021-12-21 10:22:35.945root 11241100x8000000000000000335821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11b0c503854b1aa2021-12-21 10:22:35.945root 11241100x8000000000000000335822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97dc53c836a55c32021-12-21 10:22:35.945root 11241100x8000000000000000335823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7373781d751871a2021-12-21 10:22:36.443root 11241100x8000000000000000335824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28379df79a9a2f742021-12-21 10:22:36.443root 11241100x8000000000000000335825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6649ea37115c592021-12-21 10:22:36.443root 11241100x8000000000000000335826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd901a4f0d61b562021-12-21 10:22:36.443root 11241100x8000000000000000335827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b34683f1a9adea2021-12-21 10:22:36.444root 11241100x8000000000000000335828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fdf662ed56e23c52021-12-21 10:22:36.444root 11241100x8000000000000000335829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2461ab6d224eb22021-12-21 10:22:36.444root 11241100x8000000000000000335830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891308877e26dcde2021-12-21 10:22:36.444root 11241100x8000000000000000335831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f1aae198a259d22021-12-21 10:22:36.444root 11241100x8000000000000000335832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e5b67f1e91d6522021-12-21 10:22:36.444root 11241100x8000000000000000335833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc11af7e5cdf57cd2021-12-21 10:22:36.444root 11241100x8000000000000000335834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3882234ee8af8822021-12-21 10:22:36.444root 11241100x8000000000000000335835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed2873ad961da0d2021-12-21 10:22:36.445root 11241100x8000000000000000335836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a32f44093cc38132021-12-21 10:22:36.445root 11241100x8000000000000000335837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419e3c2b3a6dbd162021-12-21 10:22:36.445root 11241100x8000000000000000335838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1149a829fa848a752021-12-21 10:22:36.445root 11241100x8000000000000000335839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.520{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:22:36.520root 11241100x8000000000000000335840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9512f28590de70ca2021-12-21 10:22:36.943root 11241100x8000000000000000335841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88368969fac1e8522021-12-21 10:22:36.943root 11241100x8000000000000000335842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae77d3d223023df2021-12-21 10:22:36.943root 11241100x8000000000000000335843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d103ffc348e92d2021-12-21 10:22:36.944root 11241100x8000000000000000335844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85024592897c22e82021-12-21 10:22:36.944root 11241100x8000000000000000335845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f6e7b4da99d0fb2021-12-21 10:22:36.944root 11241100x8000000000000000335846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f378ed3e213e7a9c2021-12-21 10:22:36.944root 11241100x8000000000000000335847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c637c8ce6c3a0ce42021-12-21 10:22:36.944root 11241100x8000000000000000335848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe2e6b9ae53582a2021-12-21 10:22:36.944root 11241100x8000000000000000335849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae73819db0f63e42021-12-21 10:22:36.944root 11241100x8000000000000000335850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2051fda8d73f462021-12-21 10:22:36.945root 11241100x8000000000000000335851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f366af9dfce72e2021-12-21 10:22:36.945root 11241100x8000000000000000335852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacd1bafbb06ddf52021-12-21 10:22:36.945root 11241100x8000000000000000335853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9aa00a46f437c4e2021-12-21 10:22:36.945root 11241100x8000000000000000335854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf72e5cf426772322021-12-21 10:22:36.945root 11241100x8000000000000000335855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7207ef14db82a4162021-12-21 10:22:36.945root 11241100x8000000000000000335856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:36.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4a7821be2931a52021-12-21 10:22:36.945root 11241100x8000000000000000335857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b97ca4c75794892021-12-21 10:22:37.443root 11241100x8000000000000000335858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aedca08da66fc212021-12-21 10:22:37.443root 11241100x8000000000000000335859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30240998615a03332021-12-21 10:22:37.443root 11241100x8000000000000000335860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd54947b8a95f6f2021-12-21 10:22:37.444root 11241100x8000000000000000335861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f801af766ec439a92021-12-21 10:22:37.444root 11241100x8000000000000000335862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c70c8f7c6c7a582021-12-21 10:22:37.444root 11241100x8000000000000000335863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce37ce7e68418ba2021-12-21 10:22:37.444root 11241100x8000000000000000335864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef505a87e29eb942021-12-21 10:22:37.444root 11241100x8000000000000000335865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641560a6be3f9cad2021-12-21 10:22:37.444root 11241100x8000000000000000335866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c67180657b98312021-12-21 10:22:37.444root 11241100x8000000000000000335867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11013741284541692021-12-21 10:22:37.444root 11241100x8000000000000000335868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cda57885b663fca2021-12-21 10:22:37.444root 11241100x8000000000000000335869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2c9a620444600d2021-12-21 10:22:37.444root 11241100x8000000000000000335870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49bf2e73d9a3858d2021-12-21 10:22:37.445root 11241100x8000000000000000335871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4d132deee1e2ec2021-12-21 10:22:37.445root 11241100x8000000000000000335872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e422969d9947359e2021-12-21 10:22:37.445root 11241100x8000000000000000335873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2c518b1e4c8da92021-12-21 10:22:37.445root 11241100x8000000000000000335874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e17363ab2c85e0b2021-12-21 10:22:37.943root 11241100x8000000000000000335875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15057ad649b13cfd2021-12-21 10:22:37.943root 11241100x8000000000000000335876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea08c9be68bbabd2021-12-21 10:22:37.943root 11241100x8000000000000000335877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7332b386e4639b302021-12-21 10:22:37.943root 11241100x8000000000000000335878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44fffe63ba56abbe2021-12-21 10:22:37.944root 11241100x8000000000000000335879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ca4feebe908a1b2021-12-21 10:22:37.944root 11241100x8000000000000000335880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d5b0fa78d42e7e2021-12-21 10:22:37.944root 11241100x8000000000000000335881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6c0c3ad06a3fa72021-12-21 10:22:37.944root 11241100x8000000000000000335882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338ee6a15d19b8872021-12-21 10:22:37.944root 11241100x8000000000000000335883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44fb598766340b2c2021-12-21 10:22:37.944root 11241100x8000000000000000335884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f78b22d0acec392021-12-21 10:22:37.944root 11241100x8000000000000000335885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6acecc46004bb2ce2021-12-21 10:22:37.944root 11241100x8000000000000000335886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93caf4ea3d4516f52021-12-21 10:22:37.944root 11241100x8000000000000000335887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd0e5aae89d836b2021-12-21 10:22:37.945root 11241100x8000000000000000335888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db641716572cf4be2021-12-21 10:22:37.945root 11241100x8000000000000000335889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4747b5d7518980892021-12-21 10:22:37.945root 11241100x8000000000000000335890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:37.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e7360a40610ca92021-12-21 10:22:37.945root 354300x8000000000000000335891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.100{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47010-false10.0.1.12-8000- 11241100x8000000000000000335892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7128ae9de430f3022021-12-21 10:22:38.443root 11241100x8000000000000000335893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b020520ed2f2d42021-12-21 10:22:38.444root 11241100x8000000000000000335894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5af4bcf8ca9214c2021-12-21 10:22:38.444root 11241100x8000000000000000335895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db7b2c3d05740c82021-12-21 10:22:38.444root 11241100x8000000000000000335896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864f0c8a9b9aa3ba2021-12-21 10:22:38.444root 11241100x8000000000000000335897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90edb7529d5c51fc2021-12-21 10:22:38.444root 11241100x8000000000000000335898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29b2a69a6c4c2d82021-12-21 10:22:38.444root 11241100x8000000000000000335899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff680e3cd4a85a2d2021-12-21 10:22:38.445root 11241100x8000000000000000335900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2575aa1774166c42021-12-21 10:22:38.445root 11241100x8000000000000000335901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368b17f06e516f982021-12-21 10:22:38.445root 11241100x8000000000000000335902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8a24987908bc2a2021-12-21 10:22:38.445root 11241100x8000000000000000335903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db7986f580b5a8b2021-12-21 10:22:38.445root 11241100x8000000000000000335904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5b616a416ac2422021-12-21 10:22:38.445root 11241100x8000000000000000335905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792a0c2578910dd32021-12-21 10:22:38.445root 11241100x8000000000000000335906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e1c364ceb171a72021-12-21 10:22:38.446root 11241100x8000000000000000335907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54876d59ec2c37b92021-12-21 10:22:38.446root 11241100x8000000000000000335908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431e512168d88ed32021-12-21 10:22:38.446root 11241100x8000000000000000335909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6cc826a7344c4a82021-12-21 10:22:38.446root 11241100x8000000000000000335910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6a7ed761b292fd2021-12-21 10:22:38.943root 11241100x8000000000000000335911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7747fddfdf46352021-12-21 10:22:38.943root 11241100x8000000000000000335912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db38d6e4d39e33f2021-12-21 10:22:38.943root 11241100x8000000000000000335913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753fc78f6aa7aac02021-12-21 10:22:38.943root 11241100x8000000000000000335914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd6da8cd5b960162021-12-21 10:22:38.944root 11241100x8000000000000000335915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d5e713d93a70512021-12-21 10:22:38.944root 11241100x8000000000000000335916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82baeb5dd45c8a52021-12-21 10:22:38.944root 11241100x8000000000000000335917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbcffa92721475422021-12-21 10:22:38.944root 11241100x8000000000000000335918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9372b724575d4692021-12-21 10:22:38.944root 11241100x8000000000000000335919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e867b1f86ee4bb52021-12-21 10:22:38.944root 11241100x8000000000000000335920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62feaf5597d048182021-12-21 10:22:38.944root 11241100x8000000000000000335921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e60053a412d48d2021-12-21 10:22:38.944root 11241100x8000000000000000335922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03e8356e2c87bd42021-12-21 10:22:38.944root 11241100x8000000000000000335923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea2a82a1bdf7afa2021-12-21 10:22:38.944root 11241100x8000000000000000335924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99b31a14cdff4a72021-12-21 10:22:38.945root 11241100x8000000000000000335925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8da08b69942abd92021-12-21 10:22:38.945root 11241100x8000000000000000335926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c71f82fb50217942021-12-21 10:22:38.945root 11241100x8000000000000000335927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f14cb82aa3111d12021-12-21 10:22:38.945root 11241100x8000000000000000335928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290df4770ce4e8af2021-12-21 10:22:39.443root 11241100x8000000000000000335929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42227c64daf85f982021-12-21 10:22:39.444root 11241100x8000000000000000335930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247a199e556c9d092021-12-21 10:22:39.444root 11241100x8000000000000000335931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47de9b6442b188c2021-12-21 10:22:39.444root 11241100x8000000000000000335932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb600475aebc7b32021-12-21 10:22:39.444root 11241100x8000000000000000335933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaad611aa2561c592021-12-21 10:22:39.444root 11241100x8000000000000000335934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7b75a10a249e062021-12-21 10:22:39.444root 11241100x8000000000000000335935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da4c70eac1e030e62021-12-21 10:22:39.444root 11241100x8000000000000000335936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b8e72031e406742021-12-21 10:22:39.444root 11241100x8000000000000000335937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5421dade173f4ce2021-12-21 10:22:39.444root 11241100x8000000000000000335938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058dec23343036982021-12-21 10:22:39.444root 11241100x8000000000000000335939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d11e870a133c292021-12-21 10:22:39.444root 11241100x8000000000000000335940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa78d895f2a79a0d2021-12-21 10:22:39.445root 11241100x8000000000000000335941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35123e456d04d4472021-12-21 10:22:39.445root 11241100x8000000000000000335942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31db31a45ed8d75b2021-12-21 10:22:39.445root 11241100x8000000000000000335943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10abb1e801b388b42021-12-21 10:22:39.445root 11241100x8000000000000000335944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54999d45e11dc8d2021-12-21 10:22:39.445root 11241100x8000000000000000335945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d8e923e7540c382021-12-21 10:22:39.445root 23542300x8000000000000000335946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.521{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000335947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f73f9f3d3299bd2021-12-21 10:22:39.943root 11241100x8000000000000000335948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3926174c1d296f2021-12-21 10:22:39.943root 11241100x8000000000000000335949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297d25929a0456802021-12-21 10:22:39.943root 11241100x8000000000000000335950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0cc09ecf5021ca2021-12-21 10:22:39.943root 11241100x8000000000000000335951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6736fedbac7ee4072021-12-21 10:22:39.943root 11241100x8000000000000000335952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626b375b480aada62021-12-21 10:22:39.944root 11241100x8000000000000000335953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398ccf972f4136572021-12-21 10:22:39.944root 11241100x8000000000000000335954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a352677908fbf1812021-12-21 10:22:39.944root 11241100x8000000000000000335955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304b778d68370acf2021-12-21 10:22:39.944root 11241100x8000000000000000335956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67de354f9ea1c6232021-12-21 10:22:39.944root 11241100x8000000000000000335957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e231b67e3c0257692021-12-21 10:22:39.944root 11241100x8000000000000000335958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa7124572dc4dd62021-12-21 10:22:39.944root 11241100x8000000000000000335959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f953371545e97f2021-12-21 10:22:39.944root 11241100x8000000000000000335960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34695a8402cc67892021-12-21 10:22:39.944root 11241100x8000000000000000335961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ffd58c68bcd63742021-12-21 10:22:39.944root 11241100x8000000000000000335962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11590fe58a4285f72021-12-21 10:22:39.945root 11241100x8000000000000000335963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234925e8010e83172021-12-21 10:22:39.945root 11241100x8000000000000000335964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2482003f91a24fc72021-12-21 10:22:39.945root 11241100x8000000000000000335965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:39.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2130d8dc6a13ed9f2021-12-21 10:22:39.945root 11241100x8000000000000000335966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da8e80085052f952021-12-21 10:22:40.443root 11241100x8000000000000000335967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ad73e880533e622021-12-21 10:22:40.443root 11241100x8000000000000000335968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9741006cb83ce2e52021-12-21 10:22:40.443root 11241100x8000000000000000335969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202ff43fb33e63882021-12-21 10:22:40.444root 11241100x8000000000000000335970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47a17a1c5ad18752021-12-21 10:22:40.444root 11241100x8000000000000000335971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1867968a3142b0062021-12-21 10:22:40.444root 11241100x8000000000000000335972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a57a7e08cf188c2021-12-21 10:22:40.444root 11241100x8000000000000000335973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04896d1c960f5692021-12-21 10:22:40.444root 11241100x8000000000000000335974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17e2d51e6d75a8f2021-12-21 10:22:40.444root 11241100x8000000000000000335975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb74d1f54e9b8392021-12-21 10:22:40.444root 11241100x8000000000000000335976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf19aa0d653e3fb42021-12-21 10:22:40.444root 11241100x8000000000000000335977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f08112bfd018ec62021-12-21 10:22:40.444root 11241100x8000000000000000335978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1870e3863cf88a852021-12-21 10:22:40.444root 11241100x8000000000000000335979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94dcf74fb61bf342021-12-21 10:22:40.444root 11241100x8000000000000000335980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfffa37812561af72021-12-21 10:22:40.445root 11241100x8000000000000000335981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d39d6414db966c2021-12-21 10:22:40.445root 11241100x8000000000000000335982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c501c66aabca8b42021-12-21 10:22:40.445root 11241100x8000000000000000335983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f10d89a84bb1a772021-12-21 10:22:40.445root 11241100x8000000000000000335984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9ad119f77868c52021-12-21 10:22:40.445root 11241100x8000000000000000335985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d4e1791b90a4a62021-12-21 10:22:40.943root 11241100x8000000000000000335986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984f269278b980422021-12-21 10:22:40.944root 11241100x8000000000000000335987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4534dc53597ef9672021-12-21 10:22:40.944root 11241100x8000000000000000335988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe310afa2dce5a72021-12-21 10:22:40.944root 11241100x8000000000000000335989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45c790013d326a42021-12-21 10:22:40.944root 11241100x8000000000000000335990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbc41713ff1b9512021-12-21 10:22:40.944root 11241100x8000000000000000335991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f157cc9a4ba5365e2021-12-21 10:22:40.945root 11241100x8000000000000000335992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.524d5fd4885784a12021-12-21 10:22:40.945root 11241100x8000000000000000335993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d380c4eb849e502021-12-21 10:22:40.945root 11241100x8000000000000000335994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64aa0b8f54fe361e2021-12-21 10:22:40.945root 11241100x8000000000000000335995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302c6854ad9d93322021-12-21 10:22:40.945root 11241100x8000000000000000335996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c3d7117da559722021-12-21 10:22:40.945root 11241100x8000000000000000335997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6aa1f825b1c31d62021-12-21 10:22:40.945root 11241100x8000000000000000335998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8c1c106e83d0ca2021-12-21 10:22:40.945root 11241100x8000000000000000335999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0afd01d2f7e3f82021-12-21 10:22:40.945root 11241100x8000000000000000336000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2fe73b958ca8912021-12-21 10:22:40.945root 11241100x8000000000000000336001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1112908e15856e2021-12-21 10:22:40.945root 11241100x8000000000000000336002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc37b2ddc96832852021-12-21 10:22:40.945root 11241100x8000000000000000336003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:40.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30de68171677fd12021-12-21 10:22:40.946root 11241100x8000000000000000336004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4defd99743b53ff62021-12-21 10:22:41.443root 11241100x8000000000000000336005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b464b69aa62cb72021-12-21 10:22:41.443root 11241100x8000000000000000336006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c003d5491589d852021-12-21 10:22:41.443root 11241100x8000000000000000336007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d57fcb7ff08d9b2021-12-21 10:22:41.443root 11241100x8000000000000000336008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0558ebd7d28682e2021-12-21 10:22:41.444root 11241100x8000000000000000336009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610e351752cdcaef2021-12-21 10:22:41.444root 11241100x8000000000000000336010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d5144c83f4e6b92021-12-21 10:22:41.444root 11241100x8000000000000000336011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0316be7fabde1a9e2021-12-21 10:22:41.444root 11241100x8000000000000000336012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275954b09da002742021-12-21 10:22:41.444root 11241100x8000000000000000336013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.245efa0f8e9334232021-12-21 10:22:41.444root 11241100x8000000000000000336014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2492b402c942612021-12-21 10:22:41.444root 11241100x8000000000000000336015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b328878eb17679052021-12-21 10:22:41.444root 11241100x8000000000000000336016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc3bfc7657f8f3a2021-12-21 10:22:41.444root 11241100x8000000000000000336017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327057cf1faa5c5a2021-12-21 10:22:41.444root 11241100x8000000000000000336018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030e66ac39e823752021-12-21 10:22:41.444root 11241100x8000000000000000336019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195df4e6cc2c47152021-12-21 10:22:41.445root 11241100x8000000000000000336020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8902bc63af19109f2021-12-21 10:22:41.445root 11241100x8000000000000000336021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39817a9d94b15dca2021-12-21 10:22:41.445root 11241100x8000000000000000336022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec71e7431cc9a2a52021-12-21 10:22:41.445root 11241100x8000000000000000336023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34918d12788a3122021-12-21 10:22:41.943root 11241100x8000000000000000336024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8019b3725560822021-12-21 10:22:41.943root 11241100x8000000000000000336025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c43607b573dbb052021-12-21 10:22:41.944root 11241100x8000000000000000336026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1c3dbae9d508672021-12-21 10:22:41.944root 11241100x8000000000000000336027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be10759e7e26ece22021-12-21 10:22:41.944root 11241100x8000000000000000336028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6ede0f1fb9bb332021-12-21 10:22:41.944root 11241100x8000000000000000336029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de1b1716c2a04682021-12-21 10:22:41.944root 11241100x8000000000000000336030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97bd4304023c8472021-12-21 10:22:41.944root 11241100x8000000000000000336031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b07835ca7ade122021-12-21 10:22:41.944root 11241100x8000000000000000336032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95cd03eca6dae83d2021-12-21 10:22:41.944root 11241100x8000000000000000336033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169721caa6ec3eb92021-12-21 10:22:41.944root 11241100x8000000000000000336034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c2b489f566520c2021-12-21 10:22:41.944root 11241100x8000000000000000336035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabc773e4b6676fc2021-12-21 10:22:41.945root 11241100x8000000000000000336036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ba724c4f43d2f02021-12-21 10:22:41.945root 11241100x8000000000000000336037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba78bad816b584dd2021-12-21 10:22:41.945root 11241100x8000000000000000336038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66fcb969db1711672021-12-21 10:22:41.945root 11241100x8000000000000000336039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0238f26e9b6eaa9f2021-12-21 10:22:41.945root 11241100x8000000000000000336040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6357742fa29746f2021-12-21 10:22:41.945root 11241100x8000000000000000336041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:41.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4214c4effdd4bbd12021-12-21 10:22:41.945root 11241100x8000000000000000336042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71c97af93dd25e92021-12-21 10:22:42.443root 11241100x8000000000000000336043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e2cf43f56fa0762021-12-21 10:22:42.443root 11241100x8000000000000000336044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576c7907525b607a2021-12-21 10:22:42.443root 11241100x8000000000000000336045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d836d57b3e6a5c9a2021-12-21 10:22:42.443root 11241100x8000000000000000336046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ecc459502dd6502021-12-21 10:22:42.444root 11241100x8000000000000000336047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d84b6e1f7d731d2021-12-21 10:22:42.444root 11241100x8000000000000000336048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abcbacbf7e1ec802021-12-21 10:22:42.444root 11241100x8000000000000000336049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7cf953cf6dadb192021-12-21 10:22:42.444root 11241100x8000000000000000336050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9c0ecf82b3b6a92021-12-21 10:22:42.444root 11241100x8000000000000000336051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96764abf648835742021-12-21 10:22:42.444root 11241100x8000000000000000336052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9455adf5a64e3f52021-12-21 10:22:42.444root 11241100x8000000000000000336053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b943be55c6cece2021-12-21 10:22:42.444root 11241100x8000000000000000336054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5991cfdd8eac21492021-12-21 10:22:42.444root 11241100x8000000000000000336055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7ac18acf2624752021-12-21 10:22:42.444root 11241100x8000000000000000336056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410e452ef85265262021-12-21 10:22:42.444root 11241100x8000000000000000336057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0fcc551127932ab2021-12-21 10:22:42.444root 11241100x8000000000000000336058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c860b0cfbdde722021-12-21 10:22:42.444root 11241100x8000000000000000336059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cea9cd1af7933052021-12-21 10:22:42.444root 11241100x8000000000000000336060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32814854b7654e432021-12-21 10:22:42.444root 11241100x8000000000000000336061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b09b924639bb2d2021-12-21 10:22:42.943root 11241100x8000000000000000336062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cef2190047f2bce2021-12-21 10:22:42.943root 11241100x8000000000000000336063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d66b46debb16122021-12-21 10:22:42.943root 11241100x8000000000000000336064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9fbbd9f58bf02f62021-12-21 10:22:42.943root 11241100x8000000000000000336065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1cc6de847c3b70e2021-12-21 10:22:42.944root 11241100x8000000000000000336066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74a11cdbf2f49382021-12-21 10:22:42.944root 11241100x8000000000000000336067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b962cd82a6c2f5c72021-12-21 10:22:42.944root 11241100x8000000000000000336068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c088da3e58f603cc2021-12-21 10:22:42.944root 11241100x8000000000000000336069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c36512cc2c141372021-12-21 10:22:42.944root 11241100x8000000000000000336070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7e7b00975db0962021-12-21 10:22:42.944root 11241100x8000000000000000336071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6984c79945326b2021-12-21 10:22:42.944root 11241100x8000000000000000336072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c9b8c33248d6092021-12-21 10:22:42.944root 11241100x8000000000000000336073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0e90b3ebda6ab22021-12-21 10:22:42.944root 11241100x8000000000000000336074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43788cca29934fc2021-12-21 10:22:42.944root 11241100x8000000000000000336075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e3b6e8ce0fe13e2021-12-21 10:22:42.944root 11241100x8000000000000000336076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9202c175dc29c02021-12-21 10:22:42.944root 11241100x8000000000000000336077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289b7da402e5e6712021-12-21 10:22:42.944root 11241100x8000000000000000336078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f155345286eaba32021-12-21 10:22:42.944root 11241100x8000000000000000336079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a934b68867c20182021-12-21 10:22:42.945root 11241100x8000000000000000336080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f565af2c1f25292021-12-21 10:22:43.443root 11241100x8000000000000000336081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52961609f36e1d9e2021-12-21 10:22:43.443root 11241100x8000000000000000336082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2779875363d66372021-12-21 10:22:43.444root 11241100x8000000000000000336083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c301ba528934ad2021-12-21 10:22:43.444root 11241100x8000000000000000336084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8be3d0d060db672021-12-21 10:22:43.444root 11241100x8000000000000000336085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4190681ecc5c5e722021-12-21 10:22:43.444root 11241100x8000000000000000336086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f684e90b476f589f2021-12-21 10:22:43.444root 11241100x8000000000000000336087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad57baf4941868cd2021-12-21 10:22:43.444root 11241100x8000000000000000336088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1b27c205e2d0292021-12-21 10:22:43.444root 11241100x8000000000000000336089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5616fc24b0afbc332021-12-21 10:22:43.444root 11241100x8000000000000000336090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc9fa84eb932dcb2021-12-21 10:22:43.444root 11241100x8000000000000000336091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbc350d2b8376432021-12-21 10:22:43.444root 11241100x8000000000000000336092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f16161cb51fe8312021-12-21 10:22:43.445root 11241100x8000000000000000336093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b511572177a1752021-12-21 10:22:43.445root 11241100x8000000000000000336094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4a08fc8a348c302021-12-21 10:22:43.445root 11241100x8000000000000000336095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f3ba6a5a7fec642021-12-21 10:22:43.445root 11241100x8000000000000000336096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145571031fb893e82021-12-21 10:22:43.447root 11241100x8000000000000000336097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6c444802e9915a2021-12-21 10:22:43.447root 11241100x8000000000000000336098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34aba9263d8361072021-12-21 10:22:43.447root 11241100x8000000000000000336099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302aa029d36e80562021-12-21 10:22:43.943root 11241100x8000000000000000336100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3914c937691b6ba62021-12-21 10:22:43.943root 11241100x8000000000000000336101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a26be070ef239452021-12-21 10:22:43.943root 11241100x8000000000000000336102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee468a64d175dd6b2021-12-21 10:22:43.944root 11241100x8000000000000000336103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a75657c9a4e2f02021-12-21 10:22:43.944root 11241100x8000000000000000336104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62612c8bd68b6592021-12-21 10:22:43.944root 11241100x8000000000000000336105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80e84a7f5de94492021-12-21 10:22:43.944root 11241100x8000000000000000336106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e0d35182576eac2021-12-21 10:22:43.944root 11241100x8000000000000000336107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6792718f486f61142021-12-21 10:22:43.944root 11241100x8000000000000000336108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57604c23343e46a72021-12-21 10:22:43.944root 11241100x8000000000000000336109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71407a8cf3b0efdc2021-12-21 10:22:43.944root 11241100x8000000000000000336110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a26baf35761c89502021-12-21 10:22:43.944root 11241100x8000000000000000336111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c047ec827b65c1672021-12-21 10:22:43.944root 11241100x8000000000000000336112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf3a7265a5feaf82021-12-21 10:22:43.944root 11241100x8000000000000000336113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17b7a7fa947d75a2021-12-21 10:22:43.944root 11241100x8000000000000000336114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4ccb1a2ff3625d2021-12-21 10:22:43.944root 11241100x8000000000000000336115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f790f8eca6f970c42021-12-21 10:22:43.945root 11241100x8000000000000000336116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff4cee952ed15e12021-12-21 10:22:43.945root 11241100x8000000000000000336117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9029b7e8bc57290d2021-12-21 10:22:43.945root 354300x8000000000000000336118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.029{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47012-false10.0.1.12-8000- 11241100x8000000000000000336119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed386cc8b2bf7cc2021-12-21 10:22:44.443root 11241100x8000000000000000336120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb3ef6eba35f6b22021-12-21 10:22:44.443root 11241100x8000000000000000336121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f16613cb69772b62021-12-21 10:22:44.443root 11241100x8000000000000000336122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8965238055b1fde2021-12-21 10:22:44.443root 11241100x8000000000000000336123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a7cc30acbef8222021-12-21 10:22:44.444root 11241100x8000000000000000336124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169a2cfa5833a7e52021-12-21 10:22:44.444root 11241100x8000000000000000336125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031b886433165efa2021-12-21 10:22:44.444root 11241100x8000000000000000336126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef92606037232a1a2021-12-21 10:22:44.444root 11241100x8000000000000000336127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a19ab83b3c998a2021-12-21 10:22:44.444root 11241100x8000000000000000336128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ababb53d433b4a542021-12-21 10:22:44.444root 11241100x8000000000000000336129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202ebcc85329f0782021-12-21 10:22:44.444root 11241100x8000000000000000336130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0993a8d1c1731c822021-12-21 10:22:44.444root 11241100x8000000000000000336131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e06d96100447712021-12-21 10:22:44.444root 11241100x8000000000000000336132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e816c435aea9e662021-12-21 10:22:44.444root 11241100x8000000000000000336133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9187b46c2f2c6aa2021-12-21 10:22:44.444root 11241100x8000000000000000336134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfddac00a6013b02021-12-21 10:22:44.444root 11241100x8000000000000000336135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83cdc7e181904ab92021-12-21 10:22:44.444root 11241100x8000000000000000336136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482212252b6e3a5a2021-12-21 10:22:44.444root 11241100x8000000000000000336137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce23fe128c0bd6f2021-12-21 10:22:44.444root 11241100x8000000000000000336138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db71fce9183530d12021-12-21 10:22:44.445root 11241100x8000000000000000336139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9acfb85d0c4f9362021-12-21 10:22:44.943root 11241100x8000000000000000336140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11d33a7eb34d90a2021-12-21 10:22:44.943root 11241100x8000000000000000336141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0b41fa291456952021-12-21 10:22:44.943root 11241100x8000000000000000336142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4c242c9d7b90d62021-12-21 10:22:44.944root 11241100x8000000000000000336143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ff5cfbf66b34112021-12-21 10:22:44.944root 11241100x8000000000000000336144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd8326c36ad36402021-12-21 10:22:44.944root 11241100x8000000000000000336145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7037a1afd7529602021-12-21 10:22:44.944root 11241100x8000000000000000336146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08eb828b01bb10092021-12-21 10:22:44.944root 11241100x8000000000000000336147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57ae1350c3fb3b22021-12-21 10:22:44.944root 11241100x8000000000000000336148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bdd93c6b5f55d2c2021-12-21 10:22:44.945root 11241100x8000000000000000336149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6e722b794d81cd2021-12-21 10:22:44.945root 11241100x8000000000000000336150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1238a6a8da236c292021-12-21 10:22:44.945root 11241100x8000000000000000336151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d518f59ecd292d2021-12-21 10:22:44.945root 11241100x8000000000000000336152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a99aad85e30c5afc2021-12-21 10:22:44.945root 11241100x8000000000000000336153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014f4fd440496e042021-12-21 10:22:44.946root 11241100x8000000000000000336154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c019b429bbf53c412021-12-21 10:22:44.946root 11241100x8000000000000000336155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b3218f51fe070f2021-12-21 10:22:44.946root 11241100x8000000000000000336156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2206356c70888602021-12-21 10:22:44.946root 11241100x8000000000000000336157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f166860c66d845dd2021-12-21 10:22:44.946root 11241100x8000000000000000336158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157a187eda0a26572021-12-21 10:22:44.946root 11241100x8000000000000000336159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317296840c13963c2021-12-21 10:22:45.443root 11241100x8000000000000000336160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39865320f406dad12021-12-21 10:22:45.444root 11241100x8000000000000000336161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09a30df6a5793f62021-12-21 10:22:45.444root 11241100x8000000000000000336162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720337069cb2faa32021-12-21 10:22:45.444root 11241100x8000000000000000336163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1642992d4c297fda2021-12-21 10:22:45.444root 11241100x8000000000000000336164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30336279249da8f92021-12-21 10:22:45.444root 11241100x8000000000000000336165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9130e5e9c5c3b8192021-12-21 10:22:45.445root 11241100x8000000000000000336166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49b0601b9f4f0cc2021-12-21 10:22:45.445root 11241100x8000000000000000336167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9721409ffa455dc42021-12-21 10:22:45.445root 11241100x8000000000000000336168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83af6b6d3169d2732021-12-21 10:22:45.445root 11241100x8000000000000000336169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbee632b245706372021-12-21 10:22:45.445root 11241100x8000000000000000336170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c647c5dd8d23db72021-12-21 10:22:45.445root 11241100x8000000000000000336171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3898b77b337e323a2021-12-21 10:22:45.445root 11241100x8000000000000000336172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c30095148bf3fd2021-12-21 10:22:45.445root 11241100x8000000000000000336173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbfbff89b979b932021-12-21 10:22:45.445root 11241100x8000000000000000336174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0c55630e299ae22021-12-21 10:22:45.446root 11241100x8000000000000000336175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dea57028523b6362021-12-21 10:22:45.446root 11241100x8000000000000000336176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876fdc92563785e32021-12-21 10:22:45.446root 11241100x8000000000000000336177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081da435be2715822021-12-21 10:22:45.446root 11241100x8000000000000000336178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4fe89aa23ff5542021-12-21 10:22:45.446root 11241100x8000000000000000336179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3af95323035c70d2021-12-21 10:22:45.943root 11241100x8000000000000000336180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69712ffe474980ca2021-12-21 10:22:45.943root 11241100x8000000000000000336181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669b73e6d8975f2f2021-12-21 10:22:45.943root 11241100x8000000000000000336182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5a10569ed737a12021-12-21 10:22:45.944root 11241100x8000000000000000336183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2215060843b72fc92021-12-21 10:22:45.944root 11241100x8000000000000000336184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e64b6e2fbd006342021-12-21 10:22:45.944root 11241100x8000000000000000336185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d294e2d0946c7162021-12-21 10:22:45.944root 11241100x8000000000000000336186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547cf0d8e18d6e242021-12-21 10:22:45.944root 11241100x8000000000000000336187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2269d514a742032021-12-21 10:22:45.944root 11241100x8000000000000000336188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ae68584558e12b2021-12-21 10:22:45.944root 11241100x8000000000000000336189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0facbc055bc1e55d2021-12-21 10:22:45.944root 11241100x8000000000000000336190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66987e11a80a2022021-12-21 10:22:45.944root 11241100x8000000000000000336191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c90968e536e16b092021-12-21 10:22:45.944root 11241100x8000000000000000336192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de836c1457bc5f52021-12-21 10:22:45.944root 11241100x8000000000000000336193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650340b86930c4512021-12-21 10:22:45.944root 11241100x8000000000000000336194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc710d54acdfeb42021-12-21 10:22:45.944root 11241100x8000000000000000336195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8329ceb7cd0ea5782021-12-21 10:22:45.944root 11241100x8000000000000000336196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc836531ae2b7b532021-12-21 10:22:45.945root 11241100x8000000000000000336197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c97dd1aaaaf7dcc2021-12-21 10:22:45.945root 11241100x8000000000000000336198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e7f61a308f8fb02021-12-21 10:22:45.945root 11241100x8000000000000000336199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9311fc64a61bd6912021-12-21 10:22:46.443root 11241100x8000000000000000336200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68419c5209ddc1392021-12-21 10:22:46.443root 11241100x8000000000000000336201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6c0eb28645394a2021-12-21 10:22:46.443root 11241100x8000000000000000336202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2683d965a9466f302021-12-21 10:22:46.443root 11241100x8000000000000000336203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17e16bc6c8a653b2021-12-21 10:22:46.443root 11241100x8000000000000000336204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd65d55846f48b52021-12-21 10:22:46.444root 11241100x8000000000000000336205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ff490f491b982e2021-12-21 10:22:46.444root 11241100x8000000000000000336206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25b7a0c4dd3fd412021-12-21 10:22:46.444root 11241100x8000000000000000336207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a38df8d43b8fea22021-12-21 10:22:46.444root 11241100x8000000000000000336208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73022cf7fe3ad392021-12-21 10:22:46.444root 11241100x8000000000000000336209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66d18ca24bc92d42021-12-21 10:22:46.444root 11241100x8000000000000000336210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad33d461f00158c2021-12-21 10:22:46.444root 11241100x8000000000000000336211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d0c4454f00686b2021-12-21 10:22:46.444root 11241100x8000000000000000336212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e99e0d9defb6ae02021-12-21 10:22:46.444root 11241100x8000000000000000336213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d0272f8b3aefa42021-12-21 10:22:46.444root 11241100x8000000000000000336214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd564ec03c3299f2021-12-21 10:22:46.444root 11241100x8000000000000000336215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f17ee95feb9bb0a2021-12-21 10:22:46.444root 11241100x8000000000000000336216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b26ff0617aaf3972021-12-21 10:22:46.444root 11241100x8000000000000000336217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d618954ef3925a2021-12-21 10:22:46.444root 11241100x8000000000000000336218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135933f05e52d2f52021-12-21 10:22:46.445root 11241100x8000000000000000336219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7336fec1e12a6f722021-12-21 10:22:46.943root 11241100x8000000000000000336220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3ab1100151bc1e2021-12-21 10:22:46.943root 11241100x8000000000000000336221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cadf8888da101b922021-12-21 10:22:46.944root 11241100x8000000000000000336222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8364aa3ec96f26a32021-12-21 10:22:46.944root 11241100x8000000000000000336223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a417eaac7c7d2c02021-12-21 10:22:46.944root 11241100x8000000000000000336224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fab09c0a3bfdc382021-12-21 10:22:46.944root 11241100x8000000000000000336225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c148fb8274a1d1a62021-12-21 10:22:46.944root 11241100x8000000000000000336226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6095ce2fb33d0ae2021-12-21 10:22:46.944root 11241100x8000000000000000336227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004ced11983f24ca2021-12-21 10:22:46.944root 11241100x8000000000000000336228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd7ac02d3b6a92e2021-12-21 10:22:46.944root 11241100x8000000000000000336229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5231235a31997f952021-12-21 10:22:46.944root 11241100x8000000000000000336230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c0ff99ec65fab72021-12-21 10:22:46.944root 11241100x8000000000000000336231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f19eef8f70b9822021-12-21 10:22:46.944root 11241100x8000000000000000336232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43cb79792a567e22021-12-21 10:22:46.945root 11241100x8000000000000000336233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566f26daee22c5792021-12-21 10:22:46.945root 11241100x8000000000000000336234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c04cc71abd101c2021-12-21 10:22:46.945root 11241100x8000000000000000336235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eabdc10c587d6e262021-12-21 10:22:46.945root 11241100x8000000000000000336236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cd967403e781d82021-12-21 10:22:46.945root 11241100x8000000000000000336237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9f482e16acbc632021-12-21 10:22:46.945root 11241100x8000000000000000336238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b737edad01532d2021-12-21 10:22:46.945root 11241100x8000000000000000336239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c36cd1c387729472021-12-21 10:22:47.443root 11241100x8000000000000000336240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f0d512f5e0d4432021-12-21 10:22:47.443root 11241100x8000000000000000336241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1449434f70f8b12021-12-21 10:22:47.443root 11241100x8000000000000000336242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62dc98c9015046552021-12-21 10:22:47.444root 11241100x8000000000000000336243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519f6976b486eb762021-12-21 10:22:47.444root 11241100x8000000000000000336244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd3b237f647e4f52021-12-21 10:22:47.444root 11241100x8000000000000000336245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12b788cff474c012021-12-21 10:22:47.444root 11241100x8000000000000000336246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e8855bf78ed9a82021-12-21 10:22:47.444root 11241100x8000000000000000336247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d14f4e1686fea32021-12-21 10:22:47.444root 11241100x8000000000000000336248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6d5b5576335f212021-12-21 10:22:47.444root 11241100x8000000000000000336249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190f969678c9f4a42021-12-21 10:22:47.444root 11241100x8000000000000000336250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903e223f174d9f0d2021-12-21 10:22:47.444root 11241100x8000000000000000336251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61199e7fd7ca62c72021-12-21 10:22:47.444root 11241100x8000000000000000336252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638ff401ec7fd3972021-12-21 10:22:47.445root 11241100x8000000000000000336253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620f8266d3b79d6c2021-12-21 10:22:47.445root 11241100x8000000000000000336254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc8ad75c80fe37c2021-12-21 10:22:47.445root 11241100x8000000000000000336255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f88ae4186e7bf202021-12-21 10:22:47.445root 11241100x8000000000000000336256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404015198484a1b12021-12-21 10:22:47.445root 11241100x8000000000000000336257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a931facc7c953fd52021-12-21 10:22:47.445root 11241100x8000000000000000336258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32084f2da6c2e8c2021-12-21 10:22:47.445root 11241100x8000000000000000336259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bacd3495f5a0ca8c2021-12-21 10:22:47.943root 11241100x8000000000000000336260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b40e2bf74c46e32021-12-21 10:22:47.943root 11241100x8000000000000000336261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045d3c8744a334072021-12-21 10:22:47.944root 11241100x8000000000000000336262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6c53cf94d8bd932021-12-21 10:22:47.944root 11241100x8000000000000000336263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3472fb4a7e712ef82021-12-21 10:22:47.944root 11241100x8000000000000000336264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca368d7f924e1dd2021-12-21 10:22:47.945root 11241100x8000000000000000336265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f39bb16ecad92262021-12-21 10:22:47.945root 11241100x8000000000000000336266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8ac2a3202eeb962021-12-21 10:22:47.945root 11241100x8000000000000000336267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e53c1c19f86ec62021-12-21 10:22:47.945root 11241100x8000000000000000336268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6850682361961302021-12-21 10:22:47.946root 11241100x8000000000000000336269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e3fb30dc4679912021-12-21 10:22:47.946root 11241100x8000000000000000336270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad357edac8712cf2021-12-21 10:22:47.946root 11241100x8000000000000000336271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fad34514054861f2021-12-21 10:22:47.946root 11241100x8000000000000000336272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3541d0599396e1d22021-12-21 10:22:47.946root 11241100x8000000000000000336273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a235fce48b630092021-12-21 10:22:47.947root 11241100x8000000000000000336274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfe9790ab1f4a5e2021-12-21 10:22:47.947root 11241100x8000000000000000336275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b0ddc05acbdeac2021-12-21 10:22:47.947root 11241100x8000000000000000336276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965cc8fa60cd08692021-12-21 10:22:47.947root 11241100x8000000000000000336277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccd9eef1025c1562021-12-21 10:22:47.947root 11241100x8000000000000000336278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f07d7eb682d2f22021-12-21 10:22:47.947root 11241100x8000000000000000336279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c801743f428f6632021-12-21 10:22:47.947root 11241100x8000000000000000336280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736a803523cabefc2021-12-21 10:22:47.948root 11241100x8000000000000000336281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09c3f545fdc115c2021-12-21 10:22:47.948root 11241100x8000000000000000336282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5544b56d0bec752021-12-21 10:22:47.948root 11241100x8000000000000000336283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21eed2dfdca3758d2021-12-21 10:22:47.948root 11241100x8000000000000000336284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7b03207f9976fc2021-12-21 10:22:48.443root 11241100x8000000000000000336285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d54126a647fd58a2021-12-21 10:22:48.443root 11241100x8000000000000000336286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4627e9972915cb7b2021-12-21 10:22:48.443root 11241100x8000000000000000336287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8bdfa178eaf5132021-12-21 10:22:48.444root 11241100x8000000000000000336288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd00ce16c3aaf2392021-12-21 10:22:48.444root 11241100x8000000000000000336289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095550f074124ed42021-12-21 10:22:48.444root 11241100x8000000000000000336290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4843618093722c4f2021-12-21 10:22:48.444root 11241100x8000000000000000336291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da28af36257d8d302021-12-21 10:22:48.444root 11241100x8000000000000000336292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b72428e89bfc22b2021-12-21 10:22:48.444root 11241100x8000000000000000336293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760e28136df16fbb2021-12-21 10:22:48.444root 11241100x8000000000000000336294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c19720946a7b1f22021-12-21 10:22:48.444root 11241100x8000000000000000336295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca53ee6f9c6b6d42021-12-21 10:22:48.444root 11241100x8000000000000000336296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c8b0feee21bdfa2021-12-21 10:22:48.444root 11241100x8000000000000000336297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e834f0934bf6e8a2021-12-21 10:22:48.444root 11241100x8000000000000000336298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5b3d1fca57258f2021-12-21 10:22:48.444root 11241100x8000000000000000336299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e34a6753ae15fba2021-12-21 10:22:48.444root 11241100x8000000000000000336300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca72575178dade12021-12-21 10:22:48.445root 11241100x8000000000000000336301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc862f4e1e2f4a12021-12-21 10:22:48.445root 11241100x8000000000000000336302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba9cc22963d5a5f2021-12-21 10:22:48.445root 11241100x8000000000000000336303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8678b4850f3670702021-12-21 10:22:48.445root 11241100x8000000000000000336304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67eb2faad1d6d69f2021-12-21 10:22:48.943root 11241100x8000000000000000336305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abfa14796267c212021-12-21 10:22:48.943root 11241100x8000000000000000336306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e8a38cc40389f12021-12-21 10:22:48.943root 11241100x8000000000000000336307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c0a71bc1b985942021-12-21 10:22:48.944root 11241100x8000000000000000336308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5583d69128932572021-12-21 10:22:48.944root 11241100x8000000000000000336309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc91020b6fe85802021-12-21 10:22:48.944root 11241100x8000000000000000336310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d7d4c8620d99d692021-12-21 10:22:48.944root 11241100x8000000000000000336311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7c27751d6d24e72021-12-21 10:22:48.944root 11241100x8000000000000000336312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ca1866a5f9a7cf2021-12-21 10:22:48.944root 11241100x8000000000000000336313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1273accdb021083d2021-12-21 10:22:48.944root 11241100x8000000000000000336314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e135f7f01c6ad62021-12-21 10:22:48.944root 11241100x8000000000000000336315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b363d0872c44a9702021-12-21 10:22:48.944root 11241100x8000000000000000336316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c00cb3176c95b62021-12-21 10:22:48.944root 11241100x8000000000000000336317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa26e49e55cbf4d2021-12-21 10:22:48.945root 11241100x8000000000000000336318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14c61d52f002b982021-12-21 10:22:48.945root 11241100x8000000000000000336319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8299034f815088232021-12-21 10:22:48.945root 11241100x8000000000000000336320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8af865be56fe172021-12-21 10:22:48.945root 11241100x8000000000000000336321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b768186ed9efd7722021-12-21 10:22:48.945root 11241100x8000000000000000336322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e7edc6a612f69b2021-12-21 10:22:48.945root 11241100x8000000000000000336323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3deb6bdd89d32d4e2021-12-21 10:22:48.945root 354300x8000000000000000336324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.202{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47014-false10.0.1.12-8000- 11241100x8000000000000000336325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3378b2144d8e3fe2021-12-21 10:22:49.203root 11241100x8000000000000000336326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80efbfb7369d7f952021-12-21 10:22:49.203root 11241100x8000000000000000336327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164bf9888a6a8c4f2021-12-21 10:22:49.204root 11241100x8000000000000000336328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25363438e34e29e62021-12-21 10:22:49.204root 11241100x8000000000000000336329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac6f066f58e565d2021-12-21 10:22:49.204root 11241100x8000000000000000336330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d04b17e8089ddc2021-12-21 10:22:49.204root 11241100x8000000000000000336331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8d28386ea34e5b2021-12-21 10:22:49.204root 11241100x8000000000000000336332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8a7394a04a1a4a2021-12-21 10:22:49.205root 11241100x8000000000000000336333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d5b23eabbf9e742021-12-21 10:22:49.205root 11241100x8000000000000000336334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab37192dc11c1b2c2021-12-21 10:22:49.205root 11241100x8000000000000000336335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b0273d2f7292562021-12-21 10:22:49.205root 11241100x8000000000000000336336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b124d9109ef4f5cd2021-12-21 10:22:49.205root 11241100x8000000000000000336337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7866a2936934b172021-12-21 10:22:49.205root 11241100x8000000000000000336338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9f1fe5b8f4ecff2021-12-21 10:22:49.205root 11241100x8000000000000000336339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4be469d1c311e22021-12-21 10:22:49.205root 11241100x8000000000000000336340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c4f8813f7240782021-12-21 10:22:49.205root 11241100x8000000000000000336341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1942ad3e69de752021-12-21 10:22:49.205root 11241100x8000000000000000336342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec0be94c3eef0382021-12-21 10:22:49.205root 11241100x8000000000000000336343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b13a8bc8a9d9592021-12-21 10:22:49.206root 11241100x8000000000000000336344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c95ae72b7e2c33f2021-12-21 10:22:49.206root 11241100x8000000000000000336345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d1e1579f0f274f2021-12-21 10:22:49.206root 11241100x8000000000000000336346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37a7567f12f9cad2021-12-21 10:22:49.206root 11241100x8000000000000000336347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271c1c9165629b232021-12-21 10:22:49.693root 11241100x8000000000000000336348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3376cfab9b735b3e2021-12-21 10:22:49.693root 11241100x8000000000000000336349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77fdfd321dffea572021-12-21 10:22:49.694root 11241100x8000000000000000336350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a252a77de4ff1afa2021-12-21 10:22:49.694root 11241100x8000000000000000336351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c31f6a8a86102aa2021-12-21 10:22:49.694root 11241100x8000000000000000336352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48db780e959e1efb2021-12-21 10:22:49.695root 11241100x8000000000000000336353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1404e5541fd2412021-12-21 10:22:49.695root 11241100x8000000000000000336354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b0d171b01588a92021-12-21 10:22:49.695root 11241100x8000000000000000336355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386865ad33d50be12021-12-21 10:22:49.695root 11241100x8000000000000000336356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82637b3fd718a7d2021-12-21 10:22:49.695root 11241100x8000000000000000336357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a978b24746a0ab0c2021-12-21 10:22:49.695root 11241100x8000000000000000336358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e82e11a810740e2021-12-21 10:22:49.696root 11241100x8000000000000000336359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c57a0b0978bb772021-12-21 10:22:49.696root 11241100x8000000000000000336360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777a66d958fc975b2021-12-21 10:22:49.696root 11241100x8000000000000000336361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e415c544939721452021-12-21 10:22:49.696root 11241100x8000000000000000336362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eedf3f0471739d22021-12-21 10:22:49.696root 11241100x8000000000000000336363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52feecb100251ffc2021-12-21 10:22:49.696root 11241100x8000000000000000336364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4da71225d9fd3742021-12-21 10:22:49.696root 11241100x8000000000000000336365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b851bcfbacbcae462021-12-21 10:22:49.696root 11241100x8000000000000000336366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9297be461c15532021-12-21 10:22:49.696root 11241100x8000000000000000336367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:49.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9db4e276004be12021-12-21 10:22:49.697root 11241100x8000000000000000336368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f952975b5dcbc5c2021-12-21 10:22:50.192root 11241100x8000000000000000336369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645964de9248ba6e2021-12-21 10:22:50.193root 11241100x8000000000000000336370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aff09803209c4a62021-12-21 10:22:50.193root 11241100x8000000000000000336371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf75d8be59a3d04b2021-12-21 10:22:50.193root 11241100x8000000000000000336372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5fa990e52fd8972021-12-21 10:22:50.193root 11241100x8000000000000000336373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa69b73c781fe9e22021-12-21 10:22:50.193root 11241100x8000000000000000336374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f37ed645526ab42021-12-21 10:22:50.193root 11241100x8000000000000000336375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6982f6c252e060e2021-12-21 10:22:50.193root 11241100x8000000000000000336376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e80038182cc26e2021-12-21 10:22:50.194root 11241100x8000000000000000336377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ac05e22e58c9802021-12-21 10:22:50.194root 11241100x8000000000000000336378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0ac7c01455d2a52021-12-21 10:22:50.194root 11241100x8000000000000000336379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be8c32eaea5eae92021-12-21 10:22:50.194root 11241100x8000000000000000336380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc7a2ab7d37815d2021-12-21 10:22:50.194root 11241100x8000000000000000336381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98b41a291a14b552021-12-21 10:22:50.194root 11241100x8000000000000000336382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14262ab0f798af7c2021-12-21 10:22:50.195root 11241100x8000000000000000336383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b33fb6ad253ffbc2021-12-21 10:22:50.195root 11241100x8000000000000000336384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7980a505e61624f42021-12-21 10:22:50.195root 11241100x8000000000000000336385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c230d373ffbb992021-12-21 10:22:50.195root 11241100x8000000000000000336386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b13c137134fa012021-12-21 10:22:50.195root 11241100x8000000000000000336387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0b24077beba37b2021-12-21 10:22:50.195root 11241100x8000000000000000336388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb3feece80655312021-12-21 10:22:50.195root 11241100x8000000000000000336389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c71e12ea33c8f942021-12-21 10:22:50.195root 11241100x8000000000000000336390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4b3a4b8980aa8a2021-12-21 10:22:50.195root 11241100x8000000000000000336391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d721f27cc8a68612021-12-21 10:22:50.196root 11241100x8000000000000000336392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487456b3996664592021-12-21 10:22:50.196root 11241100x8000000000000000336393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7d02cfa2721c6e2021-12-21 10:22:50.196root 11241100x8000000000000000336394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbb30cec37b5bc32021-12-21 10:22:50.196root 11241100x8000000000000000336395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6802b80070a17f2021-12-21 10:22:50.196root 11241100x8000000000000000336396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c125b20adad06b52021-12-21 10:22:50.196root 11241100x8000000000000000336397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6e27320470748f2021-12-21 10:22:50.196root 11241100x8000000000000000336398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060147d5776a82cf2021-12-21 10:22:50.693root 11241100x8000000000000000336399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ccc06557f1978732021-12-21 10:22:50.693root 11241100x8000000000000000336400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a71886e538787752021-12-21 10:22:50.693root 11241100x8000000000000000336401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a5fac12720ae7e2021-12-21 10:22:50.694root 11241100x8000000000000000336402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e754c1f0df145f22021-12-21 10:22:50.694root 11241100x8000000000000000336403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a4052dddf9de302021-12-21 10:22:50.694root 11241100x8000000000000000336404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6610bf7ba53ac12021-12-21 10:22:50.694root 11241100x8000000000000000336405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d33eecaecfb66af2021-12-21 10:22:50.694root 11241100x8000000000000000336406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57d53cc8e1ba1d02021-12-21 10:22:50.694root 11241100x8000000000000000336407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584a935b6f4c51dd2021-12-21 10:22:50.694root 11241100x8000000000000000336408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080d3c357e0703d22021-12-21 10:22:50.694root 11241100x8000000000000000336409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f742749e4822fd112021-12-21 10:22:50.694root 11241100x8000000000000000336410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aec12c2134328ec2021-12-21 10:22:50.694root 11241100x8000000000000000336411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0c111f9353fd682021-12-21 10:22:50.694root 11241100x8000000000000000336412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04cc83c99d9d6af2021-12-21 10:22:50.695root 11241100x8000000000000000336413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90061af5225c9bdb2021-12-21 10:22:50.695root 11241100x8000000000000000336414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0236810d2c0ef962021-12-21 10:22:50.695root 11241100x8000000000000000336415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eceacad91b2ceda22021-12-21 10:22:50.695root 11241100x8000000000000000336416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c0ca5e6a2266f42021-12-21 10:22:50.695root 11241100x8000000000000000336417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0d45f20d67831c2021-12-21 10:22:50.695root 11241100x8000000000000000336418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e746e709fcfce9d42021-12-21 10:22:50.695root 11241100x8000000000000000336419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef5a2614763667d2021-12-21 10:22:51.193root 11241100x8000000000000000336420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c94ab5d81648802021-12-21 10:22:51.193root 11241100x8000000000000000336421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2eb3bd268dbb272021-12-21 10:22:51.194root 11241100x8000000000000000336422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd32e89916e8d72d2021-12-21 10:22:51.194root 11241100x8000000000000000336423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d01de277b3b9fc12021-12-21 10:22:51.194root 11241100x8000000000000000336424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd241ebd33d7fdf2021-12-21 10:22:51.194root 11241100x8000000000000000336425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541977628c44ddd92021-12-21 10:22:51.194root 11241100x8000000000000000336426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3ef54bd661273b2021-12-21 10:22:51.194root 11241100x8000000000000000336427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9b68a76426c1322021-12-21 10:22:51.194root 11241100x8000000000000000336428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6ac0b04a97e0872021-12-21 10:22:51.194root 11241100x8000000000000000336429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd949a4360f429e22021-12-21 10:22:51.194root 11241100x8000000000000000336430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48837b75730c506c2021-12-21 10:22:51.195root 11241100x8000000000000000336431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d952e3e14efc622021-12-21 10:22:51.195root 11241100x8000000000000000336432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60fe7150472e23982021-12-21 10:22:51.195root 11241100x8000000000000000336433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3300647057cfcefd2021-12-21 10:22:51.195root 11241100x8000000000000000336434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c0e400414f90ca2021-12-21 10:22:51.195root 11241100x8000000000000000336435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203e5f9fe70d21c52021-12-21 10:22:51.195root 11241100x8000000000000000336436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d525b51b09f061ca2021-12-21 10:22:51.195root 11241100x8000000000000000336437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95708df48835d54d2021-12-21 10:22:51.196root 11241100x8000000000000000336438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d1877d17c320512021-12-21 10:22:51.196root 11241100x8000000000000000336439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d129cc50fb1b31b42021-12-21 10:22:51.196root 11241100x8000000000000000336440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b05a72b76de04c2021-12-21 10:22:51.693root 11241100x8000000000000000336441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56335c77b75cadd62021-12-21 10:22:51.694root 11241100x8000000000000000336442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21fc103e64da67f22021-12-21 10:22:51.694root 11241100x8000000000000000336443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1cebca899fbfa732021-12-21 10:22:51.694root 11241100x8000000000000000336444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f2977b7fbf63182021-12-21 10:22:51.694root 11241100x8000000000000000336445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84c3f27f0739e762021-12-21 10:22:51.695root 11241100x8000000000000000336446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcbcf864da2e756e2021-12-21 10:22:51.695root 11241100x8000000000000000336447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b386b57abed44d202021-12-21 10:22:51.695root 11241100x8000000000000000336448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d63ce36d076ff62021-12-21 10:22:51.695root 11241100x8000000000000000336449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e0ad2c9d456bcf2021-12-21 10:22:51.695root 11241100x8000000000000000336450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b1fed94f31ff202021-12-21 10:22:51.695root 11241100x8000000000000000336451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961509a483b506c52021-12-21 10:22:51.695root 11241100x8000000000000000336452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b176926f7808a112021-12-21 10:22:51.696root 11241100x8000000000000000336453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936a0e29b7dd20622021-12-21 10:22:51.696root 11241100x8000000000000000336454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a9e460227606fd2021-12-21 10:22:51.696root 11241100x8000000000000000336455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c3e8f01831cfd62021-12-21 10:22:51.696root 11241100x8000000000000000336456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07cdecf7c3a2daf2021-12-21 10:22:51.696root 11241100x8000000000000000336457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17bd0c613d1459c2021-12-21 10:22:51.696root 11241100x8000000000000000336458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf0318bc7fae7df2021-12-21 10:22:51.696root 11241100x8000000000000000336459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2106272a370332f42021-12-21 10:22:51.696root 11241100x8000000000000000336460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df99c92504c77fa2021-12-21 10:22:51.697root 11241100x8000000000000000336461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b841ba07febf1aed2021-12-21 10:22:52.192root 11241100x8000000000000000336462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b37119ac6126052021-12-21 10:22:52.193root 11241100x8000000000000000336463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a702ef8ff952836c2021-12-21 10:22:52.193root 11241100x8000000000000000336464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435e6d4df747e8ee2021-12-21 10:22:52.193root 11241100x8000000000000000336465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5665588500ab6e4c2021-12-21 10:22:52.193root 11241100x8000000000000000336466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65b6ee7953ad0782021-12-21 10:22:52.193root 11241100x8000000000000000336467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d85fda9e369d442021-12-21 10:22:52.194root 11241100x8000000000000000336468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2bcb569ce92887e2021-12-21 10:22:52.194root 11241100x8000000000000000336469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be75ea43367224882021-12-21 10:22:52.194root 11241100x8000000000000000336470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf48f0588b01bb72021-12-21 10:22:52.194root 11241100x8000000000000000336471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcebc295b8718adf2021-12-21 10:22:52.195root 11241100x8000000000000000336472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0611a9f1659d8d9f2021-12-21 10:22:52.195root 11241100x8000000000000000336473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaed21f2246c4c662021-12-21 10:22:52.195root 11241100x8000000000000000336474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39a32a03e6872262021-12-21 10:22:52.195root 11241100x8000000000000000336475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddd902e943e5c0a2021-12-21 10:22:52.195root 11241100x8000000000000000336476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8150b1f88c90472021-12-21 10:22:52.195root 11241100x8000000000000000336477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625ad217da80deec2021-12-21 10:22:52.196root 11241100x8000000000000000336478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fecbf3b0f1ff3d9c2021-12-21 10:22:52.196root 11241100x8000000000000000336479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38e033bfed047f62021-12-21 10:22:52.196root 11241100x8000000000000000336480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c9f4ffb305f9142021-12-21 10:22:52.196root 11241100x8000000000000000336481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fce107d7d7d48e2021-12-21 10:22:52.197root 11241100x8000000000000000336482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb33c682ac5ae742021-12-21 10:22:52.197root 11241100x8000000000000000336483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2eff1d65680c342021-12-21 10:22:52.197root 11241100x8000000000000000336484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3151df7e4d2bcc12021-12-21 10:22:52.197root 11241100x8000000000000000336485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9188cff87fc264a32021-12-21 10:22:52.197root 11241100x8000000000000000336486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff7ea61e0ada0092021-12-21 10:22:52.693root 11241100x8000000000000000336487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312cba5be89c81172021-12-21 10:22:52.693root 11241100x8000000000000000336488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14107ef54a512512021-12-21 10:22:52.693root 11241100x8000000000000000336489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26049144e11cbd2c2021-12-21 10:22:52.694root 11241100x8000000000000000336490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79728e5b296ef47e2021-12-21 10:22:52.694root 11241100x8000000000000000336491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07393844bc8b77df2021-12-21 10:22:52.694root 11241100x8000000000000000336492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9b8b67bd1154162021-12-21 10:22:52.694root 11241100x8000000000000000336493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2554602bbd8d9ef02021-12-21 10:22:52.694root 11241100x8000000000000000336494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aacb5030f391bbd02021-12-21 10:22:52.694root 11241100x8000000000000000336495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647a167859b0d9b02021-12-21 10:22:52.694root 11241100x8000000000000000336496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3615420b5dcc32c72021-12-21 10:22:52.694root 11241100x8000000000000000336497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901db0f9ec5802f82021-12-21 10:22:52.694root 11241100x8000000000000000336498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef5c034a10391092021-12-21 10:22:52.695root 11241100x8000000000000000336499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dcb03a877d6acb12021-12-21 10:22:52.695root 11241100x8000000000000000336500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042bb0d8a6b87a3d2021-12-21 10:22:52.695root 11241100x8000000000000000336501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97e2e395341fd5f2021-12-21 10:22:52.695root 11241100x8000000000000000336502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267ab0d4ea5bf3a52021-12-21 10:22:52.695root 11241100x8000000000000000336503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dfc830ac34a955a2021-12-21 10:22:52.695root 11241100x8000000000000000336504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588293b224a1971d2021-12-21 10:22:52.695root 11241100x8000000000000000336505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ece69fd2e3b3d72021-12-21 10:22:52.696root 11241100x8000000000000000336506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9c2fd47cedd1d02021-12-21 10:22:52.696root 11241100x8000000000000000336507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01aa98d0a00feb62021-12-21 10:22:52.696root 11241100x8000000000000000336508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:52.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f01bd1fe2c9c0f22021-12-21 10:22:52.696root 11241100x8000000000000000336509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6d36ca7dd70c702021-12-21 10:22:53.193root 11241100x8000000000000000336510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764dfa1c1fe19e202021-12-21 10:22:53.193root 11241100x8000000000000000336511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a528f95d5378b22021-12-21 10:22:53.193root 11241100x8000000000000000336512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f438c33ee73a1372021-12-21 10:22:53.194root 11241100x8000000000000000336513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7e2c5347dd419d2021-12-21 10:22:53.194root 11241100x8000000000000000336514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1e15c231c675712021-12-21 10:22:53.194root 11241100x8000000000000000336515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc797f69d777066b2021-12-21 10:22:53.194root 11241100x8000000000000000336516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edcf2d9b3da76cd62021-12-21 10:22:53.194root 11241100x8000000000000000336517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292cc52e805211092021-12-21 10:22:53.194root 11241100x8000000000000000336518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde7b25bbf18ab1b2021-12-21 10:22:53.194root 11241100x8000000000000000336519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b004de730515002021-12-21 10:22:53.194root 11241100x8000000000000000336520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57703aeb5d3f977d2021-12-21 10:22:53.194root 11241100x8000000000000000336521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737a2d4e7d0d92192021-12-21 10:22:53.194root 11241100x8000000000000000336522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c000b3325431d92021-12-21 10:22:53.195root 11241100x8000000000000000336523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d978106d6773c63b2021-12-21 10:22:53.195root 11241100x8000000000000000336524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafd88e49be7d9602021-12-21 10:22:53.195root 11241100x8000000000000000336525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd59ebab212c491f2021-12-21 10:22:53.195root 11241100x8000000000000000336526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c313376c7648ec2021-12-21 10:22:53.195root 11241100x8000000000000000336527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac3394ecbe57f662021-12-21 10:22:53.195root 11241100x8000000000000000336528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e788df324be6d6662021-12-21 10:22:53.195root 11241100x8000000000000000336529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215cb7ca67930ec62021-12-21 10:22:53.196root 11241100x8000000000000000336530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e3dcd3bd28d8dd2021-12-21 10:22:53.693root 11241100x8000000000000000336531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0aac84213f9ca42021-12-21 10:22:53.693root 11241100x8000000000000000336532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98e93c313fe25aa2021-12-21 10:22:53.694root 11241100x8000000000000000336533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bbfa37c057fee82021-12-21 10:22:53.694root 11241100x8000000000000000336534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac70895cb6d3e012021-12-21 10:22:53.694root 11241100x8000000000000000336535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1fffa74ad3936a2021-12-21 10:22:53.694root 11241100x8000000000000000336536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab39497a1942237f2021-12-21 10:22:53.694root 11241100x8000000000000000336537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0e84bc9c6101402021-12-21 10:22:53.694root 11241100x8000000000000000336538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ec7dc1c19b7ef22021-12-21 10:22:53.695root 11241100x8000000000000000336539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677caf2cdb6feae32021-12-21 10:22:53.695root 11241100x8000000000000000336540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fa96dc5076b31c2021-12-21 10:22:53.695root 11241100x8000000000000000336541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308b4f668edf9f762021-12-21 10:22:53.695root 11241100x8000000000000000336542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c130f3b46bfc382021-12-21 10:22:53.695root 11241100x8000000000000000336543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f2b6f203e3f74a2021-12-21 10:22:53.696root 11241100x8000000000000000336544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8e74ef6d9bfdaf2021-12-21 10:22:53.696root 11241100x8000000000000000336545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410302e717c7165b2021-12-21 10:22:53.696root 11241100x8000000000000000336546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa8f007604ea5522021-12-21 10:22:53.696root 11241100x8000000000000000336547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08b0bba36707ca82021-12-21 10:22:53.696root 11241100x8000000000000000336548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5935a486990498082021-12-21 10:22:53.696root 11241100x8000000000000000336549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f0f1244c17d5682021-12-21 10:22:53.696root 11241100x8000000000000000336550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:53.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e825749dbb43296a2021-12-21 10:22:53.697root 11241100x8000000000000000336551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de602cb7d1dcc8e92021-12-21 10:22:54.192root 11241100x8000000000000000336552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb86741fece78f72021-12-21 10:22:54.193root 11241100x8000000000000000336553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6226b849c55d2e8a2021-12-21 10:22:54.193root 11241100x8000000000000000336554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921ec99c64c920782021-12-21 10:22:54.193root 11241100x8000000000000000336555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be55f28bb9b9a0f32021-12-21 10:22:54.193root 11241100x8000000000000000336556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa95b15b10c15e622021-12-21 10:22:54.193root 11241100x8000000000000000336557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008212f01574f9f32021-12-21 10:22:54.193root 11241100x8000000000000000336558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28973ad1e752b9b62021-12-21 10:22:54.193root 11241100x8000000000000000336559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fbaeecfab212fcc2021-12-21 10:22:54.193root 11241100x8000000000000000336560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aabe6dd67db682d2021-12-21 10:22:54.193root 11241100x8000000000000000336561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.202b78b93f37f1542021-12-21 10:22:54.194root 11241100x8000000000000000336562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6405bf5067172af2021-12-21 10:22:54.194root 11241100x8000000000000000336563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21cb3e0769613b4d2021-12-21 10:22:54.194root 11241100x8000000000000000336564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a00343aca1cef82021-12-21 10:22:54.194root 11241100x8000000000000000336565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490329c08fff88162021-12-21 10:22:54.194root 11241100x8000000000000000336566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac82caf2c1c891a2021-12-21 10:22:54.194root 11241100x8000000000000000336567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688cc1afe89272cf2021-12-21 10:22:54.195root 11241100x8000000000000000336568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22e32f7e89f385d2021-12-21 10:22:54.195root 11241100x8000000000000000336569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41c6743e4985c822021-12-21 10:22:54.195root 11241100x8000000000000000336570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f93d76e598e04df2021-12-21 10:22:54.196root 11241100x8000000000000000336571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbcfeba22aa63e92021-12-21 10:22:54.196root 11241100x8000000000000000336572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d999603294683bf2021-12-21 10:22:54.196root 11241100x8000000000000000336573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b7629bcdb027c12021-12-21 10:22:54.196root 11241100x8000000000000000336574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14bc4cca7d97c7622021-12-21 10:22:54.196root 11241100x8000000000000000336575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b72f92f3f8180f2021-12-21 10:22:54.196root 11241100x8000000000000000336576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8b9c6724b4ebe52021-12-21 10:22:54.197root 11241100x8000000000000000336577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40579347378cfd322021-12-21 10:22:54.197root 11241100x8000000000000000336578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9021256fe6ca9f2021-12-21 10:22:54.197root 11241100x8000000000000000336579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bcef98306de27872021-12-21 10:22:54.197root 11241100x8000000000000000336580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f514ebe08e7446c2021-12-21 10:22:54.692root 11241100x8000000000000000336581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac0be41c3ac01492021-12-21 10:22:54.693root 11241100x8000000000000000336582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605c496fd2c74a942021-12-21 10:22:54.693root 11241100x8000000000000000336583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3b43ffefa8fddb2021-12-21 10:22:54.693root 11241100x8000000000000000336584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88ebbc83adc942c2021-12-21 10:22:54.694root 11241100x8000000000000000336585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9ec85c7254a6952021-12-21 10:22:54.694root 11241100x8000000000000000336586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b76177a517b8832021-12-21 10:22:54.694root 11241100x8000000000000000336587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5fc13d07f5b83e2021-12-21 10:22:54.694root 11241100x8000000000000000336588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179d3aeb470282072021-12-21 10:22:54.695root 11241100x8000000000000000336589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3226476560f4c72021-12-21 10:22:54.695root 11241100x8000000000000000336590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2af4d499c9c0ee2021-12-21 10:22:54.695root 11241100x8000000000000000336591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e298979ad022282021-12-21 10:22:54.695root 11241100x8000000000000000336592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d372c398f1198b2021-12-21 10:22:54.696root 11241100x8000000000000000336593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e503d6e89952924a2021-12-21 10:22:54.696root 11241100x8000000000000000336594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2124491c1fa1ec322021-12-21 10:22:54.696root 11241100x8000000000000000336595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff58250148be8132021-12-21 10:22:54.696root 11241100x8000000000000000336596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb66ea662badfa32021-12-21 10:22:54.696root 11241100x8000000000000000336597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cba2c3ed1d41ba52021-12-21 10:22:54.696root 11241100x8000000000000000336598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb0feabd720fc012021-12-21 10:22:54.696root 11241100x8000000000000000336599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de08d25397dce8722021-12-21 10:22:54.696root 11241100x8000000000000000336600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a069743ceea549d42021-12-21 10:22:54.696root 11241100x8000000000000000336601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfba248eec776b72021-12-21 10:22:54.696root 11241100x8000000000000000336602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5b558ad4554b6e2021-12-21 10:22:54.696root 11241100x8000000000000000336603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfeed679c086d762021-12-21 10:22:54.697root 11241100x8000000000000000336604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4160725717ee89372021-12-21 10:22:54.697root 354300x8000000000000000336605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.130{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47016-false10.0.1.12-8000- 11241100x8000000000000000336606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48cbd3367c86d3c32021-12-21 10:22:55.131root 11241100x8000000000000000336607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5752befe8faad7842021-12-21 10:22:55.131root 11241100x8000000000000000336608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.131{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1bd86bf13c5a532021-12-21 10:22:55.131root 11241100x8000000000000000336609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f984f1718ec4502021-12-21 10:22:55.132root 11241100x8000000000000000336610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27609591e00725172021-12-21 10:22:55.132root 11241100x8000000000000000336611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb018c843f776e422021-12-21 10:22:55.132root 11241100x8000000000000000336612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24176bbcff2d81cb2021-12-21 10:22:55.132root 11241100x8000000000000000336613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944131b276b25f272021-12-21 10:22:55.132root 11241100x8000000000000000336614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962ae53f2f919b8e2021-12-21 10:22:55.132root 11241100x8000000000000000336615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.132{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe3fee7d7cc86662021-12-21 10:22:55.132root 11241100x8000000000000000336616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e74747eb73cebc52021-12-21 10:22:55.133root 11241100x8000000000000000336617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab39a51beb161902021-12-21 10:22:55.133root 11241100x8000000000000000336618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5620e2d649487b2021-12-21 10:22:55.133root 11241100x8000000000000000336619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bc323e2d55fb0b2021-12-21 10:22:55.133root 11241100x8000000000000000336620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e044649962c76e7f2021-12-21 10:22:55.133root 11241100x8000000000000000336621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9c2cdd6fcb9e092021-12-21 10:22:55.133root 11241100x8000000000000000336622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.133{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30857313a6bd14d72021-12-21 10:22:55.133root 11241100x8000000000000000336623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065b42c8536398932021-12-21 10:22:55.134root 11241100x8000000000000000336624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bef1c1f17de43492021-12-21 10:22:55.134root 11241100x8000000000000000336625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410bf1011b32919b2021-12-21 10:22:55.134root 11241100x8000000000000000336626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e94893f4587ec3b2021-12-21 10:22:55.134root 11241100x8000000000000000336627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250939c60f6a40a22021-12-21 10:22:55.134root 11241100x8000000000000000336628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a047960fb5115362021-12-21 10:22:55.134root 11241100x8000000000000000336629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1533d6f1541283672021-12-21 10:22:55.134root 11241100x8000000000000000336630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c3bdbea9bbb2d22021-12-21 10:22:55.134root 11241100x8000000000000000336631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3824e2c8d06e572021-12-21 10:22:55.134root 11241100x8000000000000000336632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.134{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a523009c060bec6b2021-12-21 10:22:55.134root 11241100x8000000000000000336633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d23068f6a575782021-12-21 10:22:55.443root 11241100x8000000000000000336634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b159c8ef485a6ab2021-12-21 10:22:55.444root 11241100x8000000000000000336635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3becf2f8f365e72021-12-21 10:22:55.444root 11241100x8000000000000000336636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33abbd6c33365d62021-12-21 10:22:55.444root 11241100x8000000000000000336637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fec3ca7a7aa81842021-12-21 10:22:55.444root 11241100x8000000000000000336638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9799ac678054a6d42021-12-21 10:22:55.444root 11241100x8000000000000000336639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d050c9c9cdc4b602021-12-21 10:22:55.444root 11241100x8000000000000000336640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489b3e93210157032021-12-21 10:22:55.444root 11241100x8000000000000000336641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcf5200074919442021-12-21 10:22:55.444root 11241100x8000000000000000336642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3008b431485aa0c12021-12-21 10:22:55.444root 11241100x8000000000000000336643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ab2c2a4258f18a2021-12-21 10:22:55.444root 11241100x8000000000000000336644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f73520f52924962021-12-21 10:22:55.445root 11241100x8000000000000000336645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9927556bc7be80d42021-12-21 10:22:55.445root 11241100x8000000000000000336646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac1a51371c2acf42021-12-21 10:22:55.445root 11241100x8000000000000000336647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74977a63f8bdc292021-12-21 10:22:55.445root 11241100x8000000000000000336648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f6f886cefa0d072021-12-21 10:22:55.445root 11241100x8000000000000000336649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d11cb61b69fcc252021-12-21 10:22:55.445root 11241100x8000000000000000336650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7446936fd1e9f8452021-12-21 10:22:55.445root 11241100x8000000000000000336651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a892f3aff72ccd62021-12-21 10:22:55.445root 11241100x8000000000000000336652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1ded4ba4da31132021-12-21 10:22:55.445root 11241100x8000000000000000336653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a1863f4c1dd2172021-12-21 10:22:55.445root 11241100x8000000000000000336654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18b7bf99387db9f2021-12-21 10:22:55.446root 11241100x8000000000000000336655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83529b34593b0cf62021-12-21 10:22:55.943root 11241100x8000000000000000336656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66f45a26c324c5c2021-12-21 10:22:55.943root 11241100x8000000000000000336657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d47a2b9d80e148a2021-12-21 10:22:55.944root 11241100x8000000000000000336658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ee9ce29d31cc582021-12-21 10:22:55.944root 11241100x8000000000000000336659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1e7fd1a23324f72021-12-21 10:22:55.944root 11241100x8000000000000000336660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b19b68d42ea21c2021-12-21 10:22:55.944root 11241100x8000000000000000336661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1226ce89ede1f6c92021-12-21 10:22:55.944root 11241100x8000000000000000336662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd70ca925c4d40f2021-12-21 10:22:55.944root 11241100x8000000000000000336663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5efd71b706f48ad2021-12-21 10:22:55.944root 11241100x8000000000000000336664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29d0f3c427c57c22021-12-21 10:22:55.944root 11241100x8000000000000000336665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b1fe8e64f08f562021-12-21 10:22:55.944root 11241100x8000000000000000336666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8fd670d70e4e102021-12-21 10:22:55.944root 11241100x8000000000000000336667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4997237d7d1ea42021-12-21 10:22:55.944root 11241100x8000000000000000336668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7fa097e914dbf1f2021-12-21 10:22:55.945root 11241100x8000000000000000336669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17c2b94ceff5e722021-12-21 10:22:55.945root 11241100x8000000000000000336670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0925f19e053c15a2021-12-21 10:22:55.945root 11241100x8000000000000000336671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e073ff817889ff622021-12-21 10:22:55.945root 11241100x8000000000000000336672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd5eeaaed34cbc92021-12-21 10:22:55.945root 11241100x8000000000000000336673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab90d2443a590792021-12-21 10:22:55.945root 11241100x8000000000000000336674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7af28c54484df42021-12-21 10:22:55.945root 11241100x8000000000000000336675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7e90f46e7bb8052021-12-21 10:22:55.945root 11241100x8000000000000000336676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951e0518a3d374682021-12-21 10:22:55.945root 11241100x8000000000000000336677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b8cfc668ccda0b2021-12-21 10:22:56.443root 11241100x8000000000000000336678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c2da7868eb38262021-12-21 10:22:56.443root 11241100x8000000000000000336679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d306a9843530dd292021-12-21 10:22:56.443root 11241100x8000000000000000336680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae7fb150bee23c02021-12-21 10:22:56.443root 11241100x8000000000000000336681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10c19b621dded202021-12-21 10:22:56.443root 11241100x8000000000000000336682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af3a9238bc20fbe2021-12-21 10:22:56.443root 11241100x8000000000000000336683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f182a135f980f35c2021-12-21 10:22:56.443root 11241100x8000000000000000336684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd74b01ddda6e7212021-12-21 10:22:56.444root 11241100x8000000000000000336685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd34f2aa0c2a388d2021-12-21 10:22:56.444root 11241100x8000000000000000336686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc2be4f594904c72021-12-21 10:22:56.444root 11241100x8000000000000000336687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e6d834a2ec40912021-12-21 10:22:56.444root 11241100x8000000000000000336688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c02882f8565f372021-12-21 10:22:56.444root 11241100x8000000000000000336689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48c2a0146b3e6592021-12-21 10:22:56.444root 11241100x8000000000000000336690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a349859d1888e4c92021-12-21 10:22:56.444root 11241100x8000000000000000336691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0eab4ee357e1ab12021-12-21 10:22:56.445root 11241100x8000000000000000336692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f524e78e6c4b482e2021-12-21 10:22:56.445root 11241100x8000000000000000336693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82b8fe76e0f2c932021-12-21 10:22:56.445root 11241100x8000000000000000336694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323b540722aa86472021-12-21 10:22:56.445root 11241100x8000000000000000336695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53fe64905f18de5f2021-12-21 10:22:56.445root 11241100x8000000000000000336696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78e01c0eb3afe022021-12-21 10:22:56.445root 11241100x8000000000000000336697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0756884164847b5b2021-12-21 10:22:56.445root 11241100x8000000000000000336698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916238d20bd2fa2a2021-12-21 10:22:56.445root 11241100x8000000000000000336699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2360d4304361ba352021-12-21 10:22:56.446root 11241100x8000000000000000336700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.defca43de62cf3392021-12-21 10:22:56.446root 11241100x8000000000000000336701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ecf651a16000892021-12-21 10:22:56.446root 11241100x8000000000000000336702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54002404df391392021-12-21 10:22:56.446root 11241100x8000000000000000336703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd8ddb4a90afebb2021-12-21 10:22:56.446root 11241100x8000000000000000336704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89eaa8a0942a19182021-12-21 10:22:56.446root 11241100x8000000000000000336705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16979f9befef8fa52021-12-21 10:22:56.446root 11241100x8000000000000000336706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3fff2a0c2dadcf62021-12-21 10:22:56.446root 11241100x8000000000000000336707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3632f70842520e952021-12-21 10:22:56.447root 11241100x8000000000000000336708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b6e678fa93604c2021-12-21 10:22:56.447root 11241100x8000000000000000336709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8767f2cd2f17d5e2021-12-21 10:22:56.447root 11241100x8000000000000000336710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aaa1d1b47b6c8462021-12-21 10:22:56.447root 11241100x8000000000000000336711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e93599ed58df0e42021-12-21 10:22:56.447root 11241100x8000000000000000336712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9e007c24af26df2021-12-21 10:22:56.943root 11241100x8000000000000000336713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39ffb6bd41cfe672021-12-21 10:22:56.943root 11241100x8000000000000000336714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170b0e85d1b8d0ee2021-12-21 10:22:56.943root 11241100x8000000000000000336715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bad5bc490628e352021-12-21 10:22:56.943root 11241100x8000000000000000336716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95eca5488681ef752021-12-21 10:22:56.944root 11241100x8000000000000000336717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d7291e4286dffc2021-12-21 10:22:56.944root 11241100x8000000000000000336718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2a87fa4ce70aa52021-12-21 10:22:56.944root 11241100x8000000000000000336719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66515b8fea1012972021-12-21 10:22:56.944root 11241100x8000000000000000336720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04ca8d59441793a2021-12-21 10:22:56.944root 11241100x8000000000000000336721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525747f71d9265c12021-12-21 10:22:56.944root 11241100x8000000000000000336722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975ae5679da0ae9f2021-12-21 10:22:56.944root 11241100x8000000000000000336723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c90a939486638a32021-12-21 10:22:56.944root 11241100x8000000000000000336724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18cca0a28ee99282021-12-21 10:22:56.944root 11241100x8000000000000000336725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf487b50051d9e22021-12-21 10:22:56.944root 11241100x8000000000000000336726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f1bba3cae686e82021-12-21 10:22:56.945root 11241100x8000000000000000336727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22aa4c74365c305f2021-12-21 10:22:56.945root 11241100x8000000000000000336728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca0dacf97b1eb492021-12-21 10:22:56.945root 11241100x8000000000000000336729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5a22592867ae692021-12-21 10:22:56.945root 11241100x8000000000000000336730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ad4ee70c2743c82021-12-21 10:22:56.945root 11241100x8000000000000000336731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa91bf595a484c942021-12-21 10:22:56.945root 11241100x8000000000000000336732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb78c6fc8beef982021-12-21 10:22:56.945root 11241100x8000000000000000336733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e955acbb458b84322021-12-21 10:22:56.945root 11241100x8000000000000000336734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7a77029a9d01fc2021-12-21 10:22:57.442root 11241100x8000000000000000336735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550e0cdffb44e9b82021-12-21 10:22:57.443root 11241100x8000000000000000336736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daac3ab926d59d3e2021-12-21 10:22:57.443root 11241100x8000000000000000336737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbcc9f7ef2277492021-12-21 10:22:57.443root 11241100x8000000000000000336738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47cb011aac5d69902021-12-21 10:22:57.443root 11241100x8000000000000000336739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819cafb6003a570b2021-12-21 10:22:57.443root 11241100x8000000000000000336740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d86ae1dc570f03a2021-12-21 10:22:57.443root 11241100x8000000000000000336741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ca7f6fdfa206e72021-12-21 10:22:57.444root 11241100x8000000000000000336742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223609f6762202a12021-12-21 10:22:57.444root 11241100x8000000000000000336743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571f144a728e46412021-12-21 10:22:57.444root 11241100x8000000000000000336744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d297837f1f5423d2021-12-21 10:22:57.444root 11241100x8000000000000000336745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38c8ceacb4d70fb2021-12-21 10:22:57.444root 11241100x8000000000000000336746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc053b7d12b36b92021-12-21 10:22:57.444root 11241100x8000000000000000336747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74437afd50fc3f1a2021-12-21 10:22:57.444root 11241100x8000000000000000336748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ea216cdcf66bfb2021-12-21 10:22:57.444root 11241100x8000000000000000336749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ecd7c50f3800192021-12-21 10:22:57.444root 11241100x8000000000000000336750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88603b3e6112a0032021-12-21 10:22:57.444root 11241100x8000000000000000336751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b773dc3873fad61d2021-12-21 10:22:57.445root 11241100x8000000000000000336752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bedc6c064cfc27cb2021-12-21 10:22:57.445root 11241100x8000000000000000336753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d26f386c726aa0f2021-12-21 10:22:57.445root 11241100x8000000000000000336754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d3beccdcd157fe2021-12-21 10:22:57.445root 11241100x8000000000000000336755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55aa669698b9cd42021-12-21 10:22:57.445root 11241100x8000000000000000336756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f3b7878f76baf42021-12-21 10:22:57.446root 11241100x8000000000000000336757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e3ecd4c2e83e5e2021-12-21 10:22:57.446root 11241100x8000000000000000336758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.733ed5a28e18262a2021-12-21 10:22:57.446root 11241100x8000000000000000336759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80da0e45718f5cd32021-12-21 10:22:57.446root 11241100x8000000000000000336760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2696058c08fe7fd92021-12-21 10:22:57.446root 11241100x8000000000000000336761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80ed71e353182c42021-12-21 10:22:57.446root 11241100x8000000000000000336762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373d5dd0f37206072021-12-21 10:22:57.447root 11241100x8000000000000000336763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d74f91e7e3781e52021-12-21 10:22:57.447root 11241100x8000000000000000336764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45dc1b7f24d5a9512021-12-21 10:22:57.447root 11241100x8000000000000000336765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bf6599cff9429c2021-12-21 10:22:57.447root 11241100x8000000000000000336766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f738eb1da1dc32092021-12-21 10:22:57.447root 11241100x8000000000000000336767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6224da38423a3c962021-12-21 10:22:57.447root 11241100x8000000000000000336768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5509bb0c8767c7f52021-12-21 10:22:57.447root 11241100x8000000000000000336769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663a4919131c99fc2021-12-21 10:22:57.447root 11241100x8000000000000000336770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cfb78ca2314c4b2021-12-21 10:22:57.447root 11241100x8000000000000000336771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0225ddcbea94122021-12-21 10:22:57.448root 11241100x8000000000000000336772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a2b00fe43760a92021-12-21 10:22:57.448root 11241100x8000000000000000336773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3942dd8f2a04792021-12-21 10:22:57.448root 11241100x8000000000000000336774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ad0f0c230978df2021-12-21 10:22:57.448root 11241100x8000000000000000336775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c89935dae6bb0f2021-12-21 10:22:57.448root 11241100x8000000000000000336776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa65bdd5ad5ba1e2021-12-21 10:22:57.943root 11241100x8000000000000000336777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc778ac7f46c29df2021-12-21 10:22:57.943root 11241100x8000000000000000336778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d69f86ce85074c92021-12-21 10:22:57.944root 11241100x8000000000000000336779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40fe24c2151cbe12021-12-21 10:22:57.944root 11241100x8000000000000000336780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036b2c5427ae547e2021-12-21 10:22:57.944root 11241100x8000000000000000336781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd264b2f507dd2cc2021-12-21 10:22:57.944root 11241100x8000000000000000336782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92901f56df57dff02021-12-21 10:22:57.944root 11241100x8000000000000000336783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e2c85ce86466332021-12-21 10:22:57.944root 11241100x8000000000000000336784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7322108960e3e32021-12-21 10:22:57.944root 11241100x8000000000000000336785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db10f1197b2f6172021-12-21 10:22:57.945root 11241100x8000000000000000336786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd72a633d9832cb92021-12-21 10:22:57.945root 11241100x8000000000000000336787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2e6a933d6f19ab2021-12-21 10:22:57.945root 11241100x8000000000000000336788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bdac99522a4e4ea2021-12-21 10:22:57.945root 11241100x8000000000000000336789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1a7e6fbf2a66732021-12-21 10:22:57.945root 11241100x8000000000000000336790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe004001a59c6c232021-12-21 10:22:57.945root 11241100x8000000000000000336791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c23f0c4cf4052012021-12-21 10:22:57.946root 11241100x8000000000000000336792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f07688f896260e12021-12-21 10:22:57.946root 11241100x8000000000000000336793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da2a614f33a7cc72021-12-21 10:22:57.946root 11241100x8000000000000000336794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7417b3aae3145f52021-12-21 10:22:57.946root 11241100x8000000000000000336795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b407972e9f59b4592021-12-21 10:22:57.946root 11241100x8000000000000000336796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e4f8272456a80c2021-12-21 10:22:57.946root 11241100x8000000000000000336797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef91cb8068b454cd2021-12-21 10:22:57.946root 11241100x8000000000000000336798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d8c8dc6271ba9c2021-12-21 10:22:57.946root 11241100x8000000000000000336799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d310ead4793390ac2021-12-21 10:22:57.947root 11241100x8000000000000000336800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18c03aeb4c72c292021-12-21 10:22:58.443root 11241100x8000000000000000336801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1961cab289aaec0e2021-12-21 10:22:58.443root 11241100x8000000000000000336802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a49599410a160ee2021-12-21 10:22:58.443root 11241100x8000000000000000336803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3813e18cdc4a3a9b2021-12-21 10:22:58.444root 11241100x8000000000000000336804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111247defd97ad1d2021-12-21 10:22:58.445root 11241100x8000000000000000336805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445ecb05df5ff2d72021-12-21 10:22:58.445root 11241100x8000000000000000336806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c144da62917115c2021-12-21 10:22:58.445root 11241100x8000000000000000336807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e123386fe18a83262021-12-21 10:22:58.445root 11241100x8000000000000000336808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ad6b5654652e6a2021-12-21 10:22:58.446root 11241100x8000000000000000336809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3629c2a2fcdf7c2021-12-21 10:22:58.446root 11241100x8000000000000000336810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e61b67eb9e7731d2021-12-21 10:22:58.446root 11241100x8000000000000000336811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c654e8aa2ceec122021-12-21 10:22:58.447root 11241100x8000000000000000336812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb82ba9c2da7b97b2021-12-21 10:22:58.447root 11241100x8000000000000000336813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb3b40d7466f7032021-12-21 10:22:58.447root 11241100x8000000000000000336814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1821ede13a1e07b02021-12-21 10:22:58.447root 11241100x8000000000000000336815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4f9ebf2fcddd2a2021-12-21 10:22:58.447root 11241100x8000000000000000336816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d4f248e5b8af9f82021-12-21 10:22:58.447root 11241100x8000000000000000336817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c8a3efccc713482021-12-21 10:22:58.448root 11241100x8000000000000000336818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760c9090659a28502021-12-21 10:22:58.448root 11241100x8000000000000000336819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d127f94b9ecf360e2021-12-21 10:22:58.448root 11241100x8000000000000000336820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455a33a5be4a3d842021-12-21 10:22:58.448root 11241100x8000000000000000336821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ccc6c87adb3880f2021-12-21 10:22:58.448root 11241100x8000000000000000336822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd5962c7539529c2021-12-21 10:22:58.448root 11241100x8000000000000000336823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76639f7b35b339cb2021-12-21 10:22:58.448root 11241100x8000000000000000336824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a861c9be1afb91472021-12-21 10:22:58.449root 11241100x8000000000000000336825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d1a0ce22da47622021-12-21 10:22:58.943root 11241100x8000000000000000336826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952c45c980bd0b772021-12-21 10:22:58.943root 11241100x8000000000000000336827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b470b91f14856ab32021-12-21 10:22:58.944root 11241100x8000000000000000336828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fef548623b1a0762021-12-21 10:22:58.944root 11241100x8000000000000000336829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87797dcaf11c6c372021-12-21 10:22:58.944root 11241100x8000000000000000336830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbfea01bb4c03cb02021-12-21 10:22:58.944root 11241100x8000000000000000336831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c4dcf945f13c0c2021-12-21 10:22:58.944root 11241100x8000000000000000336832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c161e2a7add7852021-12-21 10:22:58.944root 11241100x8000000000000000336833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad74c7b1ebd7a8d42021-12-21 10:22:58.944root 11241100x8000000000000000336834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e145a158323d6892021-12-21 10:22:58.944root 11241100x8000000000000000336835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4572416aa88c91b2021-12-21 10:22:58.944root 11241100x8000000000000000336836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53dd2c37184f57842021-12-21 10:22:58.944root 11241100x8000000000000000336837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfb86ce02c8a2882021-12-21 10:22:58.944root 11241100x8000000000000000336838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcdd98bb0bda75bd2021-12-21 10:22:58.944root 11241100x8000000000000000336839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281e54122bc41d682021-12-21 10:22:58.945root 11241100x8000000000000000336840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d481517b30f2dffc2021-12-21 10:22:58.945root 11241100x8000000000000000336841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa7becd359e5fb52021-12-21 10:22:58.945root 11241100x8000000000000000336842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75cec5a2519697d02021-12-21 10:22:58.945root 11241100x8000000000000000336843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3feaa260340da6b2021-12-21 10:22:58.945root 11241100x8000000000000000336844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb06f556f288fc02021-12-21 10:22:58.945root 11241100x8000000000000000336845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc6fddf64299ba02021-12-21 10:22:58.945root 11241100x8000000000000000336846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8579eec6fa87488f2021-12-21 10:22:58.945root 11241100x8000000000000000336847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d2acf43645274c2021-12-21 10:22:59.443root 11241100x8000000000000000336848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a3566becca93562021-12-21 10:22:59.443root 11241100x8000000000000000336849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd425578779725802021-12-21 10:22:59.444root 11241100x8000000000000000336850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2a6fb955d584f72021-12-21 10:22:59.444root 11241100x8000000000000000336851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c666a53d21604be22021-12-21 10:22:59.444root 11241100x8000000000000000336852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e496277d65e5e18a2021-12-21 10:22:59.444root 11241100x8000000000000000336853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1207188699a572e2021-12-21 10:22:59.444root 11241100x8000000000000000336854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a2905db49023802021-12-21 10:22:59.445root 11241100x8000000000000000336855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01084f1192f2c5a12021-12-21 10:22:59.445root 11241100x8000000000000000336856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d0147f32cf66ec2021-12-21 10:22:59.445root 11241100x8000000000000000336857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8921f4180ad736062021-12-21 10:22:59.445root 11241100x8000000000000000336858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ea4168551d0dd82021-12-21 10:22:59.445root 11241100x8000000000000000336859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1428282b593afd2021-12-21 10:22:59.445root 11241100x8000000000000000336860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e786d6d18b98ef0c2021-12-21 10:22:59.445root 11241100x8000000000000000336861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e7fdef0a00fcab2021-12-21 10:22:59.445root 11241100x8000000000000000336862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6422f7625b552ebc2021-12-21 10:22:59.445root 11241100x8000000000000000336863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b18c2876a3735f2021-12-21 10:22:59.445root 11241100x8000000000000000336864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81f57509153ade22021-12-21 10:22:59.446root 11241100x8000000000000000336865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a21c5c9da3ba592021-12-21 10:22:59.446root 11241100x8000000000000000336866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005a7905d70180de2021-12-21 10:22:59.446root 11241100x8000000000000000336867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718271fee3b473352021-12-21 10:22:59.446root 11241100x8000000000000000336868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c230e346b8bc812021-12-21 10:22:59.446root 11241100x8000000000000000336869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65b3134c0abfd002021-12-21 10:22:59.446root 11241100x8000000000000000336870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01127ae340070b32021-12-21 10:22:59.943root 11241100x8000000000000000336871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f433a89734292d72021-12-21 10:22:59.943root 11241100x8000000000000000336872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a4a0983bb7cad62021-12-21 10:22:59.943root 11241100x8000000000000000336873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1681f1e6198b4c582021-12-21 10:22:59.943root 11241100x8000000000000000336874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e50776fb5e8e612021-12-21 10:22:59.944root 11241100x8000000000000000336875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48360ee63beb63562021-12-21 10:22:59.944root 11241100x8000000000000000336876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c5cf10b57ad1162021-12-21 10:22:59.944root 11241100x8000000000000000336877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305b41922379b9eb2021-12-21 10:22:59.944root 11241100x8000000000000000336878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9659a4692dadc3402021-12-21 10:22:59.944root 11241100x8000000000000000336879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b1cee3d3110e772021-12-21 10:22:59.944root 11241100x8000000000000000336880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cbc5ea4c448a102021-12-21 10:22:59.945root 11241100x8000000000000000336881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7e4d81e20c630c2021-12-21 10:22:59.945root 11241100x8000000000000000336882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfde0ab22ba96db2021-12-21 10:22:59.945root 11241100x8000000000000000336883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556d6e93ad6535c22021-12-21 10:22:59.945root 11241100x8000000000000000336884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cde3467069ec092021-12-21 10:22:59.945root 11241100x8000000000000000336885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12f295911afeaf82021-12-21 10:22:59.945root 11241100x8000000000000000336886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a260a154a56e66fb2021-12-21 10:22:59.945root 11241100x8000000000000000336887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7965ed1f11fb45d92021-12-21 10:22:59.946root 11241100x8000000000000000336888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfeb03d993de64b52021-12-21 10:22:59.946root 11241100x8000000000000000336889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800553d7e25439d82021-12-21 10:22:59.946root 11241100x8000000000000000336890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b42daa10f7264632021-12-21 10:22:59.946root 11241100x8000000000000000336891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:22:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48bf588494503b242021-12-21 10:22:59.946root 11241100x8000000000000000336892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd8d9dc417925cf2021-12-21 10:23:00.443root 11241100x8000000000000000336893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955e0b2c02d9ef982021-12-21 10:23:00.443root 11241100x8000000000000000336894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea898f66a7e4bc5a2021-12-21 10:23:00.443root 11241100x8000000000000000336895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c23b9a3c6bb8bb2021-12-21 10:23:00.443root 11241100x8000000000000000336896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0ae101828d9fef2021-12-21 10:23:00.444root 11241100x8000000000000000336897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.284b64737263ac4d2021-12-21 10:23:00.444root 11241100x8000000000000000336898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51fa37c6fe36c7a12021-12-21 10:23:00.444root 11241100x8000000000000000336899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33da95e7fb4b3d652021-12-21 10:23:00.444root 11241100x8000000000000000336900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8ce138ae36ff262021-12-21 10:23:00.444root 11241100x8000000000000000336901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4ec71f6e9e53442021-12-21 10:23:00.444root 11241100x8000000000000000336902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712d3546026c42bb2021-12-21 10:23:00.444root 11241100x8000000000000000336903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61dd74d2cc7e444c2021-12-21 10:23:00.445root 11241100x8000000000000000336904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d9dc39ba4e544e2021-12-21 10:23:00.445root 11241100x8000000000000000336905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9309684a1b96d92021-12-21 10:23:00.445root 11241100x8000000000000000336906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081ac45dbc554ad72021-12-21 10:23:00.445root 11241100x8000000000000000336907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01aaa3c2a629fe342021-12-21 10:23:00.445root 11241100x8000000000000000336908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7674ae41bdececc2021-12-21 10:23:00.445root 11241100x8000000000000000336909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c4f0494f6ab3142021-12-21 10:23:00.446root 11241100x8000000000000000336910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00838d70f9a21b132021-12-21 10:23:00.447root 11241100x8000000000000000336911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd0233b8a8998582021-12-21 10:23:00.447root 11241100x8000000000000000336912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0859bf11e4a82dd2021-12-21 10:23:00.447root 11241100x8000000000000000336913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19350c592a9bc6fd2021-12-21 10:23:00.447root 11241100x8000000000000000336914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76655095093a970a2021-12-21 10:23:00.447root 11241100x8000000000000000336915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b60a41e90b59c52021-12-21 10:23:00.943root 11241100x8000000000000000336916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23aeda116d0294362021-12-21 10:23:00.943root 11241100x8000000000000000336917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f5d307bdb1df6e2021-12-21 10:23:00.944root 11241100x8000000000000000336918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6d2124bb077a762021-12-21 10:23:00.944root 11241100x8000000000000000336919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878414efb5d1213e2021-12-21 10:23:00.944root 11241100x8000000000000000336920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0657d82b3657e7e32021-12-21 10:23:00.945root 11241100x8000000000000000336921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7812d3b3ef1302ac2021-12-21 10:23:00.945root 11241100x8000000000000000336922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68c253c561affd52021-12-21 10:23:00.945root 11241100x8000000000000000336923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5f137ce87abf322021-12-21 10:23:00.945root 11241100x8000000000000000336924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e329dba3ef8e71d2021-12-21 10:23:00.945root 11241100x8000000000000000336925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7991da95118d7c52021-12-21 10:23:00.945root 11241100x8000000000000000336926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c80d67dedf538d82021-12-21 10:23:00.945root 11241100x8000000000000000336927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52b98e027214f0b2021-12-21 10:23:00.945root 11241100x8000000000000000336928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea650059e44e8042021-12-21 10:23:00.945root 11241100x8000000000000000336929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9e594e7daa0c2d2021-12-21 10:23:00.945root 11241100x8000000000000000336930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e5188580dd75862021-12-21 10:23:00.946root 11241100x8000000000000000336931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221641fee8c0c71c2021-12-21 10:23:00.946root 11241100x8000000000000000336932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2af48fc01cd4d582021-12-21 10:23:00.946root 11241100x8000000000000000336933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0fe3659757816c2021-12-21 10:23:00.946root 11241100x8000000000000000336934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c6234e65668ef72021-12-21 10:23:00.946root 11241100x8000000000000000336935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f79cb8de5749c22021-12-21 10:23:00.946root 11241100x8000000000000000336936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa44b7a18a193ac2021-12-21 10:23:00.946root 354300x8000000000000000336937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.074{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47018-false10.0.1.12-8000- 11241100x8000000000000000336938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60ce7494b05951c2021-12-21 10:23:01.443root 11241100x8000000000000000336939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f2b116871ad5852021-12-21 10:23:01.443root 11241100x8000000000000000336940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77da66abcc103d3a2021-12-21 10:23:01.443root 11241100x8000000000000000336941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd9f5410514c0ad2021-12-21 10:23:01.444root 11241100x8000000000000000336942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d465bef47f1958882021-12-21 10:23:01.444root 11241100x8000000000000000336943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c049e4ba7348e5452021-12-21 10:23:01.444root 11241100x8000000000000000336944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8f95d9f8b85dfd2021-12-21 10:23:01.444root 11241100x8000000000000000336945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff59a3cc6a1e2c302021-12-21 10:23:01.444root 11241100x8000000000000000336946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026cc0b9b91f83ad2021-12-21 10:23:01.444root 11241100x8000000000000000336947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a0e7ab9fbbbc362021-12-21 10:23:01.444root 11241100x8000000000000000336948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ccf7b7f131eb162021-12-21 10:23:01.444root 11241100x8000000000000000336949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cda4f5147344e72021-12-21 10:23:01.444root 11241100x8000000000000000336950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bef8bfc72df636b2021-12-21 10:23:01.444root 11241100x8000000000000000336951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.795f0cf352a4d9ae2021-12-21 10:23:01.444root 11241100x8000000000000000336952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9528f66a852263132021-12-21 10:23:01.445root 11241100x8000000000000000336953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fef8f7262024ccd2021-12-21 10:23:01.445root 11241100x8000000000000000336954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ba21a6df4484eb2021-12-21 10:23:01.445root 11241100x8000000000000000336955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa07468fa6a945b2021-12-21 10:23:01.445root 11241100x8000000000000000336956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1a9d7f1e9e30342021-12-21 10:23:01.445root 11241100x8000000000000000336957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ee8250a4ba90152021-12-21 10:23:01.445root 11241100x8000000000000000336958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590c0685d2d2a4562021-12-21 10:23:01.445root 11241100x8000000000000000336959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81f0042a65868572021-12-21 10:23:01.445root 11241100x8000000000000000336960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365c2eaef44326492021-12-21 10:23:01.445root 11241100x8000000000000000336961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6d3fad7ef8b9f22021-12-21 10:23:01.943root 11241100x8000000000000000336962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58a60c65b20732d2021-12-21 10:23:01.943root 11241100x8000000000000000336963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832505377a13b0722021-12-21 10:23:01.944root 11241100x8000000000000000336964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9a16905299083b2021-12-21 10:23:01.944root 11241100x8000000000000000336965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cc5719fffb54cd2021-12-21 10:23:01.944root 11241100x8000000000000000336966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7baf5ba2faba529c2021-12-21 10:23:01.944root 11241100x8000000000000000336967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584faa575866f7d52021-12-21 10:23:01.944root 11241100x8000000000000000336968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1b0a90faff87ad2021-12-21 10:23:01.944root 11241100x8000000000000000336969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce93fdc30ea683c22021-12-21 10:23:01.944root 11241100x8000000000000000336970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ae92116c4218882021-12-21 10:23:01.944root 11241100x8000000000000000336971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011ba6a3c48405282021-12-21 10:23:01.945root 11241100x8000000000000000336972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b3159eb4a4627b2021-12-21 10:23:01.945root 11241100x8000000000000000336973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1e0f228010ead72021-12-21 10:23:01.945root 11241100x8000000000000000336974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57575a75fddcb57c2021-12-21 10:23:01.945root 11241100x8000000000000000336975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86cd21d60d9ee652021-12-21 10:23:01.945root 11241100x8000000000000000336976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fac40f68cbf30522021-12-21 10:23:01.945root 11241100x8000000000000000336977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a44163cc301e1e2021-12-21 10:23:01.945root 11241100x8000000000000000336978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164cc7b905da531b2021-12-21 10:23:01.945root 11241100x8000000000000000336979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1490d0227d6d9c7b2021-12-21 10:23:01.945root 11241100x8000000000000000336980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40c18df909924ac2021-12-21 10:23:01.945root 11241100x8000000000000000336981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0d3213950f11a22021-12-21 10:23:01.945root 11241100x8000000000000000336982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b816cd903f237a92021-12-21 10:23:01.946root 11241100x8000000000000000336983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2a0e7c88db6af62021-12-21 10:23:01.946root 11241100x8000000000000000336984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99905e20bbd57662021-12-21 10:23:01.946root 11241100x8000000000000000336985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45eb4b04179e1392021-12-21 10:23:01.946root 11241100x8000000000000000336986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27f7b15bc5f0ceb2021-12-21 10:23:02.443root 11241100x8000000000000000336987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589d2da1b4d26e142021-12-21 10:23:02.443root 11241100x8000000000000000336988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1c6f9de8dd8f9a2021-12-21 10:23:02.443root 11241100x8000000000000000336989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e905cfd89d0191e02021-12-21 10:23:02.443root 11241100x8000000000000000336990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f629afc3706eb842021-12-21 10:23:02.444root 11241100x8000000000000000336991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46826af85a2e2c692021-12-21 10:23:02.444root 11241100x8000000000000000336992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91ad98b2518adca2021-12-21 10:23:02.444root 11241100x8000000000000000336993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ceed07cb1911f932021-12-21 10:23:02.444root 11241100x8000000000000000336994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f67dd4d2e2adc7c2021-12-21 10:23:02.444root 11241100x8000000000000000336995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a082f2c5206d85492021-12-21 10:23:02.444root 11241100x8000000000000000336996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7db21f0da1fa4832021-12-21 10:23:02.444root 11241100x8000000000000000336997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c54f950216e3c22021-12-21 10:23:02.445root 11241100x8000000000000000336998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5abf4816c86ce42021-12-21 10:23:02.445root 11241100x8000000000000000336999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992f1a28f87bdf9c2021-12-21 10:23:02.445root 11241100x8000000000000000337000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6750cff1a7ba9e2021-12-21 10:23:02.445root 11241100x8000000000000000337001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813c3ac1ee272c9e2021-12-21 10:23:02.445root 11241100x8000000000000000337002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c71c211ebd12d02021-12-21 10:23:02.445root 11241100x8000000000000000337003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3939a222bff3682021-12-21 10:23:02.446root 11241100x8000000000000000337004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b5f69770273e7f2021-12-21 10:23:02.446root 11241100x8000000000000000337005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4e07ad3150eac82021-12-21 10:23:02.446root 11241100x8000000000000000337006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76866e0c226b16402021-12-21 10:23:02.446root 11241100x8000000000000000337007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad74bf81a2a8fb52021-12-21 10:23:02.446root 11241100x8000000000000000337008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6623475c35dd2b02021-12-21 10:23:02.446root 11241100x8000000000000000337009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72435cff6a8fef22021-12-21 10:23:02.943root 11241100x8000000000000000337010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e3fce401e712f02021-12-21 10:23:02.944root 11241100x8000000000000000337011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fff03248e6504cc2021-12-21 10:23:02.944root 11241100x8000000000000000337012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9b36318d4b77042021-12-21 10:23:02.944root 11241100x8000000000000000337013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39e75f0a30c50b62021-12-21 10:23:02.944root 11241100x8000000000000000337014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70bbe49d63e09482021-12-21 10:23:02.944root 11241100x8000000000000000337015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3078d37805fd0692021-12-21 10:23:02.944root 11241100x8000000000000000337016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00df452bba40b5302021-12-21 10:23:02.945root 11241100x8000000000000000337017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f69fecbc22edb562021-12-21 10:23:02.945root 11241100x8000000000000000337018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823555c3385d013c2021-12-21 10:23:02.945root 11241100x8000000000000000337019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d4f985daa9b0d22021-12-21 10:23:02.945root 11241100x8000000000000000337020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49efa347634664b72021-12-21 10:23:02.945root 11241100x8000000000000000337021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf6d25ae1e7c63f2021-12-21 10:23:02.945root 11241100x8000000000000000337022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a5ed3006f04d1892021-12-21 10:23:02.945root 11241100x8000000000000000337023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e2b996b648a28c2021-12-21 10:23:02.946root 11241100x8000000000000000337024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deeb266c010e163a2021-12-21 10:23:02.946root 11241100x8000000000000000337025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32c2eec230e2e312021-12-21 10:23:02.946root 11241100x8000000000000000337026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582e4645ddeb00e12021-12-21 10:23:02.946root 11241100x8000000000000000337027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4663b945bbb04d62021-12-21 10:23:02.946root 11241100x8000000000000000337028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52e3472b3ee30492021-12-21 10:23:02.947root 11241100x8000000000000000337029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82898f5e52b7c6732021-12-21 10:23:02.947root 11241100x8000000000000000337030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7aaa3a63de5b342021-12-21 10:23:02.947root 11241100x8000000000000000337031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e26e4dc1386e802021-12-21 10:23:02.947root 11241100x8000000000000000337032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50001f17e259e8a72021-12-21 10:23:03.442root 11241100x8000000000000000337033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ed2d3bb437bb362021-12-21 10:23:03.443root 11241100x8000000000000000337034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7859c1c723efcb892021-12-21 10:23:03.443root 11241100x8000000000000000337035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3333e122c4bb9f2a2021-12-21 10:23:03.444root 11241100x8000000000000000337036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f472facb89037f682021-12-21 10:23:03.444root 11241100x8000000000000000337037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47567ac876bccbf2021-12-21 10:23:03.444root 11241100x8000000000000000337038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8be3bb6eaa716a2021-12-21 10:23:03.444root 11241100x8000000000000000337039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16384ac46059d5652021-12-21 10:23:03.445root 11241100x8000000000000000337040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dee3866eaabebe3e2021-12-21 10:23:03.445root 11241100x8000000000000000337041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba19b7499fe63f422021-12-21 10:23:03.445root 11241100x8000000000000000337042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19c3e2603e8ce202021-12-21 10:23:03.446root 11241100x8000000000000000337043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d208c1641b6a17da2021-12-21 10:23:03.446root 11241100x8000000000000000337044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25aaaf2b13909b7d2021-12-21 10:23:03.446root 11241100x8000000000000000337045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207d268a13ccbbec2021-12-21 10:23:03.446root 11241100x8000000000000000337046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc963a453fc42492021-12-21 10:23:03.446root 11241100x8000000000000000337047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a614ba38b06bb45b2021-12-21 10:23:03.447root 11241100x8000000000000000337048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a997cc771561f9992021-12-21 10:23:03.447root 11241100x8000000000000000337049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5ab517588e07f52021-12-21 10:23:03.447root 11241100x8000000000000000337050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7fb2e6696c4c632021-12-21 10:23:03.447root 11241100x8000000000000000337051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2094a508acba29322021-12-21 10:23:03.447root 11241100x8000000000000000337052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab11473d2632316f2021-12-21 10:23:03.448root 11241100x8000000000000000337053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153156b1b000ec962021-12-21 10:23:03.448root 11241100x8000000000000000337054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb0cbf4b51d058b2021-12-21 10:23:03.448root 11241100x8000000000000000337055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946aab7d9f4b84422021-12-21 10:23:03.448root 11241100x8000000000000000337056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f395f63ba9f472d42021-12-21 10:23:03.448root 11241100x8000000000000000337057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635befb9ba474f562021-12-21 10:23:03.448root 11241100x8000000000000000337058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4864ebd38324a52021-12-21 10:23:03.448root 11241100x8000000000000000337059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c010ee42523ac4672021-12-21 10:23:03.943root 11241100x8000000000000000337060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac87b484843667a62021-12-21 10:23:03.943root 11241100x8000000000000000337061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ade242c9a025962021-12-21 10:23:03.943root 11241100x8000000000000000337062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc70dfec29639f92021-12-21 10:23:03.943root 11241100x8000000000000000337063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c699fafb85a11ce2021-12-21 10:23:03.943root 11241100x8000000000000000337064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5db1064170d42d42021-12-21 10:23:03.944root 11241100x8000000000000000337065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1549014e31b19672021-12-21 10:23:03.944root 11241100x8000000000000000337066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d870ce8afbcd13282021-12-21 10:23:03.944root 11241100x8000000000000000337067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a3d14a3763c1912021-12-21 10:23:03.944root 11241100x8000000000000000337068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e392fae19ab9542021-12-21 10:23:03.944root 11241100x8000000000000000337069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bf1dfb51df90852021-12-21 10:23:03.944root 11241100x8000000000000000337070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71391140f92ed4f62021-12-21 10:23:03.944root 11241100x8000000000000000337071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33f014610a9b81c2021-12-21 10:23:03.944root 11241100x8000000000000000337072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb486edbb4be34a2021-12-21 10:23:03.944root 11241100x8000000000000000337073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481111f5e2c78ceb2021-12-21 10:23:03.944root 11241100x8000000000000000337074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa410a920a4d41b2021-12-21 10:23:03.945root 11241100x8000000000000000337075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f297866e0b24152021-12-21 10:23:03.945root 11241100x8000000000000000337076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234bd60b19e467b52021-12-21 10:23:03.945root 11241100x8000000000000000337077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce6fce21f5542a82021-12-21 10:23:03.945root 11241100x8000000000000000337078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc223779b8c3e382021-12-21 10:23:03.945root 11241100x8000000000000000337079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39552f23eab7b1202021-12-21 10:23:03.945root 11241100x8000000000000000337080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f39e20ddb36a782021-12-21 10:23:03.945root 11241100x8000000000000000337081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf4f5819c2d15a12021-12-21 10:23:03.945root 11241100x8000000000000000337082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4f385c9dcc48de2021-12-21 10:23:03.946root 11241100x8000000000000000337083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3122777070e717822021-12-21 10:23:04.443root 11241100x8000000000000000337084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48866c5012f9f0852021-12-21 10:23:04.443root 11241100x8000000000000000337085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65afa7ad9374d21c2021-12-21 10:23:04.443root 11241100x8000000000000000337086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0243766732a13d32021-12-21 10:23:04.443root 11241100x8000000000000000337087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73cf39bac0c2a232021-12-21 10:23:04.443root 11241100x8000000000000000337088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3bc462f5b7190912021-12-21 10:23:04.443root 11241100x8000000000000000337089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b4d67622611d132021-12-21 10:23:04.443root 11241100x8000000000000000337090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9bcde91ccb1f4512021-12-21 10:23:04.444root 11241100x8000000000000000337091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b67f354aa14c652021-12-21 10:23:04.444root 11241100x8000000000000000337092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28fe3453e111c792021-12-21 10:23:04.444root 11241100x8000000000000000337093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4a0bef0b12a2222021-12-21 10:23:04.444root 11241100x8000000000000000337094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34a49af9d5eaeb62021-12-21 10:23:04.444root 11241100x8000000000000000337095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad923b2b8a2763b2021-12-21 10:23:04.444root 11241100x8000000000000000337096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e3360107d4a1872021-12-21 10:23:04.444root 11241100x8000000000000000337097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb871adf90313ba2021-12-21 10:23:04.445root 11241100x8000000000000000337098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae67992a21ce8412021-12-21 10:23:04.445root 11241100x8000000000000000337099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b8a851f455531f2021-12-21 10:23:04.445root 11241100x8000000000000000337100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe73db4060054d7e2021-12-21 10:23:04.445root 11241100x8000000000000000337101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ba7b1d3203e0792021-12-21 10:23:04.445root 11241100x8000000000000000337102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42eb78dfcd51cf402021-12-21 10:23:04.445root 11241100x8000000000000000337103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4047a212b15e7a632021-12-21 10:23:04.446root 11241100x8000000000000000337104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58afaf7348b7e922021-12-21 10:23:04.446root 11241100x8000000000000000337105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d9c5aa31c906ed2021-12-21 10:23:04.446root 11241100x8000000000000000337106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703ca094119662b92021-12-21 10:23:04.447root 11241100x8000000000000000337107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00b676d396867772021-12-21 10:23:04.447root 11241100x8000000000000000337108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e142a7dc531ff902021-12-21 10:23:04.447root 11241100x8000000000000000337109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4464c0c9cc8bcb2021-12-21 10:23:04.447root 11241100x8000000000000000337110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee4746f0e0e0db72021-12-21 10:23:04.447root 11241100x8000000000000000337111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa4b18d9f5eeffd2021-12-21 10:23:04.447root 11241100x8000000000000000337112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c1ead4e8c46c672021-12-21 10:23:04.943root 11241100x8000000000000000337113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4a7f0c2e5c299e2021-12-21 10:23:04.943root 11241100x8000000000000000337114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd349c80dedb1e412021-12-21 10:23:04.943root 11241100x8000000000000000337115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bfc1a01fb9921002021-12-21 10:23:04.943root 11241100x8000000000000000337116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883d5a97b1930d352021-12-21 10:23:04.943root 11241100x8000000000000000337117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91050f4e23d41c4d2021-12-21 10:23:04.943root 11241100x8000000000000000337118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd99d2951ffb7f5c2021-12-21 10:23:04.944root 11241100x8000000000000000337119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26c044a6e7fca7b2021-12-21 10:23:04.944root 11241100x8000000000000000337120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b540c0bf72152a62021-12-21 10:23:04.944root 11241100x8000000000000000337121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53892c6778fc5f992021-12-21 10:23:04.944root 11241100x8000000000000000337122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ab25d87bb972a82021-12-21 10:23:04.944root 11241100x8000000000000000337123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7f36287fdb9bc92021-12-21 10:23:04.944root 11241100x8000000000000000337124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a94be086886723e52021-12-21 10:23:04.944root 11241100x8000000000000000337125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62aad24bd7522f2a2021-12-21 10:23:04.944root 11241100x8000000000000000337126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aa8a8d91ca935972021-12-21 10:23:04.944root 11241100x8000000000000000337127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545ce5a0d5edb6312021-12-21 10:23:04.944root 11241100x8000000000000000337128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69138e8891136602021-12-21 10:23:04.944root 11241100x8000000000000000337129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb94d3c6b5c98c42021-12-21 10:23:04.945root 11241100x8000000000000000337130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.636073c91c2d65b22021-12-21 10:23:04.945root 11241100x8000000000000000337131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5b4fc456089b472021-12-21 10:23:04.945root 11241100x8000000000000000337132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec352e0eeee9fe892021-12-21 10:23:04.945root 11241100x8000000000000000337133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8292d53f18d697492021-12-21 10:23:04.945root 11241100x8000000000000000337134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3f0ee8c92b4eae2021-12-21 10:23:04.945root 11241100x8000000000000000337135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bce2d5767873c5c2021-12-21 10:23:05.443root 11241100x8000000000000000337136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e302d5cb3e2ba2212021-12-21 10:23:05.443root 11241100x8000000000000000337137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef8b0f9b42439082021-12-21 10:23:05.444root 11241100x8000000000000000337138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acac9ac0b78ea0cf2021-12-21 10:23:05.444root 11241100x8000000000000000337139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b21e1a500753832021-12-21 10:23:05.444root 11241100x8000000000000000337140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4941cc3835395b2021-12-21 10:23:05.444root 11241100x8000000000000000337141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d62c4f1cfa3e272021-12-21 10:23:05.444root 11241100x8000000000000000337142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e423057b294e06992021-12-21 10:23:05.444root 11241100x8000000000000000337143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08e54b8bd8005362021-12-21 10:23:05.445root 11241100x8000000000000000337144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6bc5930b73ff3e2021-12-21 10:23:05.445root 11241100x8000000000000000337145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25dafeff0090b3f32021-12-21 10:23:05.445root 11241100x8000000000000000337146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d35b5f86f72f8552021-12-21 10:23:05.445root 11241100x8000000000000000337147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8c029dc5a0c29d2021-12-21 10:23:05.446root 11241100x8000000000000000337148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef48d18f02eaf832021-12-21 10:23:05.446root 11241100x8000000000000000337149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a855e26f413ff9e02021-12-21 10:23:05.446root 11241100x8000000000000000337150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f886f0add3e28bb12021-12-21 10:23:05.446root 11241100x8000000000000000337151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f29fbd6cf277f52021-12-21 10:23:05.446root 11241100x8000000000000000337152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b980141865ad61a22021-12-21 10:23:05.446root 11241100x8000000000000000337153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4fa50bf207128e2021-12-21 10:23:05.446root 11241100x8000000000000000337154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48421793b37f0af2021-12-21 10:23:05.446root 11241100x8000000000000000337155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e8ddbd0a395d672021-12-21 10:23:05.447root 11241100x8000000000000000337156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a28cd53d85b71f92021-12-21 10:23:05.448root 11241100x8000000000000000337157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216ad7a14189caba2021-12-21 10:23:05.449root 11241100x8000000000000000337158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb6e5ea47dc02c222021-12-21 10:23:05.449root 11241100x8000000000000000337159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22680a852136fad2021-12-21 10:23:05.943root 11241100x8000000000000000337160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbd2b42cd2f91682021-12-21 10:23:05.943root 11241100x8000000000000000337161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f011a546157105d2021-12-21 10:23:05.944root 11241100x8000000000000000337162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0002b8b35780472021-12-21 10:23:05.944root 11241100x8000000000000000337163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73255cb597d2e832021-12-21 10:23:05.944root 11241100x8000000000000000337164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16dca5842027b2ca2021-12-21 10:23:05.944root 11241100x8000000000000000337165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570d1bdeb51166582021-12-21 10:23:05.944root 11241100x8000000000000000337166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c399a8c344f8942021-12-21 10:23:05.945root 11241100x8000000000000000337167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11af7e571253178e2021-12-21 10:23:05.945root 11241100x8000000000000000337168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70162b85af2ecf12021-12-21 10:23:05.945root 11241100x8000000000000000337169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d081c178d588c6a2021-12-21 10:23:05.945root 11241100x8000000000000000337170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac4f40e8ab07b2e2021-12-21 10:23:05.945root 11241100x8000000000000000337171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512b8e3e52d9adff2021-12-21 10:23:05.946root 11241100x8000000000000000337172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c23574ab4f363a2021-12-21 10:23:05.946root 11241100x8000000000000000337173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7198dab5e40a3172021-12-21 10:23:05.946root 11241100x8000000000000000337174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66c97b82c02d1742021-12-21 10:23:05.946root 11241100x8000000000000000337175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192bb0ef9dc9bc2d2021-12-21 10:23:05.947root 11241100x8000000000000000337176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b1f372e44392fc2021-12-21 10:23:05.947root 11241100x8000000000000000337177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c763233568ab8b9c2021-12-21 10:23:05.947root 11241100x8000000000000000337178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a31c69653ffc762021-12-21 10:23:05.947root 11241100x8000000000000000337179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba484f645c83e5c22021-12-21 10:23:05.948root 11241100x8000000000000000337180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d67a1a00efad962021-12-21 10:23:05.948root 11241100x8000000000000000337181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549a5d2f334e66eb2021-12-21 10:23:05.948root 354300x8000000000000000337182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.087{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47020-false10.0.1.12-8000- 11241100x8000000000000000337183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.350{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:23:06.350root 11241100x8000000000000000337184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8134181f6963a792021-12-21 10:23:06.351root 11241100x8000000000000000337185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6fbd49df02475d2021-12-21 10:23:06.351root 11241100x8000000000000000337186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1b977293645f902021-12-21 10:23:06.351root 11241100x8000000000000000337187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1422523fe2bd60c92021-12-21 10:23:06.351root 11241100x8000000000000000337188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae20365da16492352021-12-21 10:23:06.352root 11241100x8000000000000000337189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8991426c5cd8aab82021-12-21 10:23:06.352root 11241100x8000000000000000337190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d50f082abec6d22021-12-21 10:23:06.352root 11241100x8000000000000000337191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd0c0551883c560b2021-12-21 10:23:06.352root 11241100x8000000000000000337192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3c5d09b171d97b2021-12-21 10:23:06.352root 11241100x8000000000000000337193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe11858bb8abd5fc2021-12-21 10:23:06.352root 11241100x8000000000000000337194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbac6c8e6256f6202021-12-21 10:23:06.352root 11241100x8000000000000000337195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9acad15f6d45dde72021-12-21 10:23:06.353root 11241100x8000000000000000337196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4eec8c686e4db22021-12-21 10:23:06.353root 11241100x8000000000000000337197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6a287be84422bd2021-12-21 10:23:06.353root 11241100x8000000000000000337198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da44e959f18b8b2d2021-12-21 10:23:06.353root 11241100x8000000000000000337199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473f764ad07920e12021-12-21 10:23:06.353root 11241100x8000000000000000337200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad89f87f729b0a562021-12-21 10:23:06.354root 11241100x8000000000000000337201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379f37d187bb90fd2021-12-21 10:23:06.354root 11241100x8000000000000000337202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ceb4b1cfe0b24d12021-12-21 10:23:06.354root 11241100x8000000000000000337203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb4b2bc4f60a64c2021-12-21 10:23:06.354root 11241100x8000000000000000337204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23dbd044989f2cf62021-12-21 10:23:06.355root 11241100x8000000000000000337205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378735e2066997932021-12-21 10:23:06.355root 11241100x8000000000000000337206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d98368bfe16ba52021-12-21 10:23:06.355root 11241100x8000000000000000337207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe70314922157332021-12-21 10:23:06.356root 11241100x8000000000000000337208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd99f6e96af4d15c2021-12-21 10:23:06.356root 11241100x8000000000000000337209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64597f90911f666e2021-12-21 10:23:06.693root 11241100x8000000000000000337210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8d51a33f4f9fc72021-12-21 10:23:06.693root 11241100x8000000000000000337211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e37c9337f3ef73e2021-12-21 10:23:06.693root 11241100x8000000000000000337212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d4c59c54a001662021-12-21 10:23:06.693root 11241100x8000000000000000337213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763ac642fefba8cb2021-12-21 10:23:06.694root 11241100x8000000000000000337214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccce44f20fdb1942021-12-21 10:23:06.694root 11241100x8000000000000000337215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1bd64131d4c7ef2021-12-21 10:23:06.694root 11241100x8000000000000000337216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fde9378f080fe642021-12-21 10:23:06.694root 11241100x8000000000000000337217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b15469d7e29b842021-12-21 10:23:06.694root 11241100x8000000000000000337218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd309df6f88a9702021-12-21 10:23:06.694root 11241100x8000000000000000337219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fadba2584491a3ad2021-12-21 10:23:06.694root 11241100x8000000000000000337220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c69832ab304545d2021-12-21 10:23:06.695root 11241100x8000000000000000337221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bd472e78ed15672021-12-21 10:23:06.695root 11241100x8000000000000000337222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33681173ec64674f2021-12-21 10:23:06.695root 11241100x8000000000000000337223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759f540065f0d37e2021-12-21 10:23:06.695root 11241100x8000000000000000337224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d61929deab4b1b2021-12-21 10:23:06.695root 11241100x8000000000000000337225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed48a347ffa843cb2021-12-21 10:23:06.695root 11241100x8000000000000000337226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7db4b3392c27d32021-12-21 10:23:06.695root 11241100x8000000000000000337227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71960ab210bf0752021-12-21 10:23:06.696root 11241100x8000000000000000337228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28aa72855ee49ec22021-12-21 10:23:06.696root 11241100x8000000000000000337229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de9952da9034d502021-12-21 10:23:06.696root 11241100x8000000000000000337230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4abd61f121949c2021-12-21 10:23:06.696root 11241100x8000000000000000337231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c67d6e38c547b7b2021-12-21 10:23:06.696root 11241100x8000000000000000337232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71841a3c945173792021-12-21 10:23:06.696root 11241100x8000000000000000337233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560d67509550080b2021-12-21 10:23:06.697root 11241100x8000000000000000337234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bdb0a32a79d8d62021-12-21 10:23:07.193root 11241100x8000000000000000337235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc38617f5bc81eac2021-12-21 10:23:07.193root 11241100x8000000000000000337236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be5c45a9cb7f5b62021-12-21 10:23:07.193root 11241100x8000000000000000337237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315f782c2c955e6b2021-12-21 10:23:07.193root 11241100x8000000000000000337238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bef69013fd180d62021-12-21 10:23:07.194root 11241100x8000000000000000337239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14fb6f723233944d2021-12-21 10:23:07.194root 11241100x8000000000000000337240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03bcc2a9504b6b842021-12-21 10:23:07.194root 11241100x8000000000000000337241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9751043baed065e2021-12-21 10:23:07.194root 11241100x8000000000000000337242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e66558594d3cc422021-12-21 10:23:07.194root 11241100x8000000000000000337243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f1da3711a563302021-12-21 10:23:07.194root 11241100x8000000000000000337244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b9bed0add317b52021-12-21 10:23:07.194root 11241100x8000000000000000337245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a393967d0342632021-12-21 10:23:07.194root 11241100x8000000000000000337246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01ef7256980ab1d2021-12-21 10:23:07.195root 11241100x8000000000000000337247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc7b730b19fd1db2021-12-21 10:23:07.195root 11241100x8000000000000000337248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0768c64a7d35f6da2021-12-21 10:23:07.195root 11241100x8000000000000000337249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd15e94dea04618f2021-12-21 10:23:07.195root 11241100x8000000000000000337250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505e6c6800cf89aa2021-12-21 10:23:07.195root 11241100x8000000000000000337251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b009a6561552c42021-12-21 10:23:07.195root 11241100x8000000000000000337252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85bab29aea4742a32021-12-21 10:23:07.195root 11241100x8000000000000000337253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99161f7af058cc0f2021-12-21 10:23:07.195root 11241100x8000000000000000337254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca0569a42de9cec2021-12-21 10:23:07.196root 11241100x8000000000000000337255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c43f9d9d5326aab2021-12-21 10:23:07.196root 11241100x8000000000000000337256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39edb03371f939132021-12-21 10:23:07.196root 11241100x8000000000000000337257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ac28f6da4398912021-12-21 10:23:07.196root 11241100x8000000000000000337258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab6f74d1b2665902021-12-21 10:23:07.196root 11241100x8000000000000000337259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34de293a38ac9dc2021-12-21 10:23:07.196root 11241100x8000000000000000337260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a122940ec6d0c5c2021-12-21 10:23:07.693root 11241100x8000000000000000337261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a684ea41253a23682021-12-21 10:23:07.693root 11241100x8000000000000000337262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aace93eba43c6cd2021-12-21 10:23:07.693root 11241100x8000000000000000337263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44899d8cb817cd202021-12-21 10:23:07.693root 11241100x8000000000000000337264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0d6573590e76e82021-12-21 10:23:07.694root 11241100x8000000000000000337265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51c1183d8377ef82021-12-21 10:23:07.694root 11241100x8000000000000000337266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c9b0a4a01a9c122021-12-21 10:23:07.694root 11241100x8000000000000000337267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddfd31ac3604a752021-12-21 10:23:07.694root 11241100x8000000000000000337268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108fbccbdea1c63e2021-12-21 10:23:07.694root 11241100x8000000000000000337269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c2379fd9aba7b72021-12-21 10:23:07.695root 11241100x8000000000000000337270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3bb97b751e6be82021-12-21 10:23:07.695root 11241100x8000000000000000337271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6f4aaf78aaae442021-12-21 10:23:07.695root 11241100x8000000000000000337272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0029d34b8380312021-12-21 10:23:07.695root 11241100x8000000000000000337273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecfad56093006412021-12-21 10:23:07.695root 11241100x8000000000000000337274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a03735f8dea4b32021-12-21 10:23:07.695root 11241100x8000000000000000337275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4bf94fc00d6c7ca2021-12-21 10:23:07.696root 11241100x8000000000000000337276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841a66bb10853f982021-12-21 10:23:07.696root 11241100x8000000000000000337277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0848e9651f019ac22021-12-21 10:23:07.696root 11241100x8000000000000000337278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671a061188436d5c2021-12-21 10:23:07.696root 11241100x8000000000000000337279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3575061060bc8d662021-12-21 10:23:07.696root 11241100x8000000000000000337280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b258c2c4d6b57e12021-12-21 10:23:07.696root 11241100x8000000000000000337281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ea5fb39914fbce2021-12-21 10:23:07.697root 11241100x8000000000000000337282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5258fe1ae3b8623b2021-12-21 10:23:07.697root 11241100x8000000000000000337283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b700692e5e78baa2021-12-21 10:23:07.697root 11241100x8000000000000000337284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac0af46ab9bc6c92021-12-21 10:23:07.697root 11241100x8000000000000000337285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467d1da48f7d81b82021-12-21 10:23:08.193root 11241100x8000000000000000337286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8897fa0267b3a9592021-12-21 10:23:08.193root 11241100x8000000000000000337287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc0ea33b63830f92021-12-21 10:23:08.193root 11241100x8000000000000000337288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3cc8223c0addd252021-12-21 10:23:08.193root 11241100x8000000000000000337289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9c8a39047413962021-12-21 10:23:08.193root 11241100x8000000000000000337290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92b3b966cf164f92021-12-21 10:23:08.194root 11241100x8000000000000000337291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a4e86d3d4ce89c2021-12-21 10:23:08.194root 11241100x8000000000000000337292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb1dd6018bc1a992021-12-21 10:23:08.194root 11241100x8000000000000000337293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a28ffab089b9382021-12-21 10:23:08.194root 11241100x8000000000000000337294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9332ed3403f0fb2021-12-21 10:23:08.194root 11241100x8000000000000000337295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ebccaa0fbe20762021-12-21 10:23:08.194root 11241100x8000000000000000337296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672582c29a6f73e52021-12-21 10:23:08.194root 11241100x8000000000000000337297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d065d5751c2da0732021-12-21 10:23:08.195root 11241100x8000000000000000337298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997dfbe9afe31c3f2021-12-21 10:23:08.195root 11241100x8000000000000000337299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f994f787011c88d72021-12-21 10:23:08.195root 11241100x8000000000000000337300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95964d1ad81af47d2021-12-21 10:23:08.195root 11241100x8000000000000000337301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358cf563afdfdb542021-12-21 10:23:08.195root 11241100x8000000000000000337302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3776028d68a0aa812021-12-21 10:23:08.195root 11241100x8000000000000000337303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7742b0a4ed9fbda2021-12-21 10:23:08.196root 11241100x8000000000000000337304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e2922a419ee5af2021-12-21 10:23:08.196root 11241100x8000000000000000337305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2aaefafea55400d2021-12-21 10:23:08.196root 11241100x8000000000000000337306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4ecc50509735342021-12-21 10:23:08.196root 11241100x8000000000000000337307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8196d468185572532021-12-21 10:23:08.197root 11241100x8000000000000000337308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c012061aa653973f2021-12-21 10:23:08.197root 11241100x8000000000000000337309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965831e3e8dd24e52021-12-21 10:23:08.197root 11241100x8000000000000000337310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5663e0198ea6bc32021-12-21 10:23:08.198root 11241100x8000000000000000337311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81190b9a66be6c62021-12-21 10:23:08.693root 11241100x8000000000000000337312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613d7dbab06613bc2021-12-21 10:23:08.693root 11241100x8000000000000000337313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd6a74223fb482f2021-12-21 10:23:08.693root 11241100x8000000000000000337314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbccca5838d8d4682021-12-21 10:23:08.693root 11241100x8000000000000000337315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed27628d072fadba2021-12-21 10:23:08.694root 11241100x8000000000000000337316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd51faf08c9f14de2021-12-21 10:23:08.694root 11241100x8000000000000000337317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b084f735fd42a812021-12-21 10:23:08.694root 11241100x8000000000000000337318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c954024cfa2c6d132021-12-21 10:23:08.694root 11241100x8000000000000000337319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42779076b2a8c87b2021-12-21 10:23:08.694root 11241100x8000000000000000337320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f582a843241bc8482021-12-21 10:23:08.694root 11241100x8000000000000000337321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d43d10ee405e6002021-12-21 10:23:08.694root 11241100x8000000000000000337322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f9f661f6162e7b2021-12-21 10:23:08.695root 11241100x8000000000000000337323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd626dc55556b362021-12-21 10:23:08.695root 11241100x8000000000000000337324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c3cec57507adf32021-12-21 10:23:08.695root 11241100x8000000000000000337325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258358a1095923382021-12-21 10:23:08.695root 11241100x8000000000000000337326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a2508d2c62508c2021-12-21 10:23:08.695root 11241100x8000000000000000337327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973dae45834d4b4c2021-12-21 10:23:08.695root 11241100x8000000000000000337328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a10724f1b78ce962021-12-21 10:23:08.696root 11241100x8000000000000000337329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872d825c6259844f2021-12-21 10:23:08.696root 11241100x8000000000000000337330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e71f03930c8cd32021-12-21 10:23:08.696root 11241100x8000000000000000337331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f27d4f05a1b69d62021-12-21 10:23:08.696root 11241100x8000000000000000337332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d66a77da7520f782021-12-21 10:23:08.696root 11241100x8000000000000000337333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8235ec961c498eb2021-12-21 10:23:08.696root 11241100x8000000000000000337334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ea193505b1cc8a2021-12-21 10:23:08.696root 11241100x8000000000000000337335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e555d310b1d703962021-12-21 10:23:08.697root 11241100x8000000000000000337336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264789b9b21264632021-12-21 10:23:08.697root 11241100x8000000000000000337337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f066e5e47023d6372021-12-21 10:23:09.193root 11241100x8000000000000000337338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b472fbbec4f32d2021-12-21 10:23:09.193root 11241100x8000000000000000337339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f33ff5341c9e7882021-12-21 10:23:09.193root 11241100x8000000000000000337340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b28facca80089b42021-12-21 10:23:09.193root 11241100x8000000000000000337341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12385896651713ec2021-12-21 10:23:09.193root 11241100x8000000000000000337342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6b321bb528f1ea2021-12-21 10:23:09.194root 11241100x8000000000000000337343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54aae65ecee835a12021-12-21 10:23:09.194root 11241100x8000000000000000337344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08bcf1a1fc9e0872021-12-21 10:23:09.194root 11241100x8000000000000000337345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e7d148e9685d5d2021-12-21 10:23:09.194root 11241100x8000000000000000337346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca797c4a08b5cc02021-12-21 10:23:09.194root 11241100x8000000000000000337347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ab7ba5954769272021-12-21 10:23:09.194root 11241100x8000000000000000337348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06e3f9545875cab2021-12-21 10:23:09.194root 11241100x8000000000000000337349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7ba976cf496c192021-12-21 10:23:09.195root 11241100x8000000000000000337350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60dac4b590331d662021-12-21 10:23:09.195root 11241100x8000000000000000337351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59505aae95fd27d92021-12-21 10:23:09.195root 11241100x8000000000000000337352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e105975fd4a86762021-12-21 10:23:09.195root 11241100x8000000000000000337353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cfbc8fa954b9d832021-12-21 10:23:09.195root 11241100x8000000000000000337354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a024101167075082021-12-21 10:23:09.196root 11241100x8000000000000000337355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a99164d67e1bf22021-12-21 10:23:09.196root 11241100x8000000000000000337356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384de25b1240bf322021-12-21 10:23:09.196root 11241100x8000000000000000337357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5bd2850741fcf82021-12-21 10:23:09.196root 11241100x8000000000000000337358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f17fd8b9dffe952021-12-21 10:23:09.196root 11241100x8000000000000000337359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ddbeb5c000465f72021-12-21 10:23:09.196root 11241100x8000000000000000337360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220989281b5c0c422021-12-21 10:23:09.197root 11241100x8000000000000000337361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b3a1f30961077f2021-12-21 10:23:09.197root 11241100x8000000000000000337362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85a81a7d550218d62021-12-21 10:23:09.197root 23542300x8000000000000000337363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.351{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000337364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa3a4bc4f113e8f2021-12-21 10:23:09.694root 11241100x8000000000000000337365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9585dd23fc276202021-12-21 10:23:09.695root 11241100x8000000000000000337366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46faabb913adc4f72021-12-21 10:23:09.695root 11241100x8000000000000000337367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788d7ab60ed1913a2021-12-21 10:23:09.695root 11241100x8000000000000000337368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a7fb57bdaf7a822021-12-21 10:23:09.695root 11241100x8000000000000000337369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5ddfcbcd91bcda2021-12-21 10:23:09.695root 11241100x8000000000000000337370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abfc5afb17dea0cf2021-12-21 10:23:09.695root 11241100x8000000000000000337371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3264818ecbd6eb02021-12-21 10:23:09.695root 11241100x8000000000000000337372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec1fd4ab56dd73f2021-12-21 10:23:09.695root 11241100x8000000000000000337373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a18cdff5fc1d6992021-12-21 10:23:09.695root 11241100x8000000000000000337374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e968082f540616c62021-12-21 10:23:09.695root 11241100x8000000000000000337375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe46416bbc0347dd2021-12-21 10:23:09.695root 11241100x8000000000000000337376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e4ed8b5880cf612021-12-21 10:23:09.696root 11241100x8000000000000000337377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7bbfdf8c200bac2021-12-21 10:23:09.696root 11241100x8000000000000000337378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8975315586ac55be2021-12-21 10:23:09.696root 11241100x8000000000000000337379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ef711b422e97442021-12-21 10:23:09.696root 11241100x8000000000000000337380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae2126841d370242021-12-21 10:23:09.696root 11241100x8000000000000000337381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904ea29e5a8311642021-12-21 10:23:09.696root 11241100x8000000000000000337382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4ec060deb809fc2021-12-21 10:23:09.696root 11241100x8000000000000000337383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7479b7cac1fd30ff2021-12-21 10:23:09.696root 11241100x8000000000000000337384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a840628b518e74c2021-12-21 10:23:09.696root 11241100x8000000000000000337385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cd96950db9941d2021-12-21 10:23:09.696root 11241100x8000000000000000337386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233a916af6edacfb2021-12-21 10:23:09.696root 11241100x8000000000000000337387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993ef9075cfc88402021-12-21 10:23:09.697root 11241100x8000000000000000337388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3228d33a4bd9cc2021-12-21 10:23:09.697root 11241100x8000000000000000337389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b4ba3a6fe4c8802021-12-21 10:23:09.697root 11241100x8000000000000000337390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e61fbb11d55fadb2021-12-21 10:23:09.697root 11241100x8000000000000000337391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb99bffa4b6f1fc72021-12-21 10:23:09.697root 11241100x8000000000000000337392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748cf3dd56fca01f2021-12-21 10:23:10.193root 11241100x8000000000000000337393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fa6fadab4878f82021-12-21 10:23:10.194root 11241100x8000000000000000337394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ea504ab050b80d2021-12-21 10:23:10.194root 11241100x8000000000000000337395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d9a96707e242132021-12-21 10:23:10.195root 11241100x8000000000000000337396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71ef3e8d00e941e2021-12-21 10:23:10.195root 11241100x8000000000000000337397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32f9246660367862021-12-21 10:23:10.195root 11241100x8000000000000000337398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e2ab1f689f7f162021-12-21 10:23:10.195root 11241100x8000000000000000337399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6eb5337333ba6442021-12-21 10:23:10.196root 11241100x8000000000000000337400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d8d465a513c4042021-12-21 10:23:10.196root 11241100x8000000000000000337401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafc627bee1292ea2021-12-21 10:23:10.196root 11241100x8000000000000000337402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c3e6cfd4a907e72021-12-21 10:23:10.197root 11241100x8000000000000000337403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e7145c9da4daff2021-12-21 10:23:10.197root 11241100x8000000000000000337404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d012d19ddb809f22021-12-21 10:23:10.197root 11241100x8000000000000000337405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6075901dc3306f2021-12-21 10:23:10.198root 11241100x8000000000000000337406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80df2ae975b74e4d2021-12-21 10:23:10.198root 11241100x8000000000000000337407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60248bb437e56942021-12-21 10:23:10.198root 11241100x8000000000000000337408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a03acce31f338a02021-12-21 10:23:10.198root 11241100x8000000000000000337409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d98cafe6aefba92021-12-21 10:23:10.199root 11241100x8000000000000000337410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89869ed17a672a7f2021-12-21 10:23:10.199root 11241100x8000000000000000337411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2304d4c33adadc22021-12-21 10:23:10.199root 11241100x8000000000000000337412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0010c3416f1a583d2021-12-21 10:23:10.199root 11241100x8000000000000000337413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2afba4c35998ac2021-12-21 10:23:10.199root 11241100x8000000000000000337414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40760bbeb44606732021-12-21 10:23:10.200root 11241100x8000000000000000337415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7d9366e170dac52021-12-21 10:23:10.200root 11241100x8000000000000000337416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37bd82fbe76a5eb62021-12-21 10:23:10.200root 11241100x8000000000000000337417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa276e53454960f82021-12-21 10:23:10.200root 11241100x8000000000000000337418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5955168a677fcfe22021-12-21 10:23:10.693root 11241100x8000000000000000337419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b716e2c76a6172552021-12-21 10:23:10.693root 11241100x8000000000000000337420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef2684ae8e98c5ea2021-12-21 10:23:10.693root 11241100x8000000000000000337421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f10a58462d812832021-12-21 10:23:10.693root 11241100x8000000000000000337422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e2b10e4e867c982021-12-21 10:23:10.693root 11241100x8000000000000000337423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273b50933501e8952021-12-21 10:23:10.693root 11241100x8000000000000000337424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d8122b709d93742021-12-21 10:23:10.693root 11241100x8000000000000000337425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce0d5117a6d0ad42021-12-21 10:23:10.693root 11241100x8000000000000000337426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dddd67200dfa6f272021-12-21 10:23:10.694root 11241100x8000000000000000337427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227b6709d1722ef22021-12-21 10:23:10.694root 11241100x8000000000000000337428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f924ef0aaa6cb2112021-12-21 10:23:10.694root 11241100x8000000000000000337429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e563a28d39d11942021-12-21 10:23:10.694root 11241100x8000000000000000337430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2fa1c393f5e14782021-12-21 10:23:10.694root 11241100x8000000000000000337431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c5981ffebdc2ea2021-12-21 10:23:10.694root 11241100x8000000000000000337432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35861ddb7a2f67ad2021-12-21 10:23:10.694root 11241100x8000000000000000337433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd3fc77d84803e22021-12-21 10:23:10.694root 11241100x8000000000000000337434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14bdf8923c89c6992021-12-21 10:23:10.695root 11241100x8000000000000000337435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb4686912fb6ae32021-12-21 10:23:10.695root 11241100x8000000000000000337436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98f9f14d60435c82021-12-21 10:23:10.695root 11241100x8000000000000000337437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b847e2c7a69de5622021-12-21 10:23:10.695root 11241100x8000000000000000337438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caabaff1af6b25612021-12-21 10:23:10.695root 11241100x8000000000000000337439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d333166a8032297b2021-12-21 10:23:10.695root 11241100x8000000000000000337440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f9b8739dcea4b02021-12-21 10:23:10.695root 11241100x8000000000000000337441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b7716d1098486b2021-12-21 10:23:10.695root 11241100x8000000000000000337442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cc9f27eae6cd402021-12-21 10:23:10.695root 11241100x8000000000000000337443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050116cdbb3e7abc2021-12-21 10:23:10.696root 11241100x8000000000000000337444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c357fe6f786714f2021-12-21 10:23:10.696root 11241100x8000000000000000337445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4acb6ee3dbc98f2021-12-21 10:23:11.193root 11241100x8000000000000000337446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb9f14ab2d49ab52021-12-21 10:23:11.193root 11241100x8000000000000000337447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c33a9643ad3a14a2021-12-21 10:23:11.193root 11241100x8000000000000000337448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3678bf129846fa82021-12-21 10:23:11.193root 11241100x8000000000000000337449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5274764f0315a02021-12-21 10:23:11.193root 11241100x8000000000000000337450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1bc1eb52a2967e2021-12-21 10:23:11.194root 11241100x8000000000000000337451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6564b94c0c4370cc2021-12-21 10:23:11.194root 11241100x8000000000000000337452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68345d1a6afcfe192021-12-21 10:23:11.194root 11241100x8000000000000000337453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf09fb4279ca3dc2021-12-21 10:23:11.194root 11241100x8000000000000000337454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689fa93bf538a7362021-12-21 10:23:11.194root 11241100x8000000000000000337455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2019ef7bb1363d2021-12-21 10:23:11.194root 11241100x8000000000000000337456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0644ae8e120a843d2021-12-21 10:23:11.194root 11241100x8000000000000000337457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5e34e187d01e612021-12-21 10:23:11.195root 11241100x8000000000000000337458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319d6638c5e8df222021-12-21 10:23:11.195root 11241100x8000000000000000337459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd9834259f4d8642021-12-21 10:23:11.195root 11241100x8000000000000000337460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0df7d6885ccb492021-12-21 10:23:11.195root 11241100x8000000000000000337461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe21f7d6b4517be62021-12-21 10:23:11.195root 11241100x8000000000000000337462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4da023459309f22021-12-21 10:23:11.195root 11241100x8000000000000000337463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36d7b0be985bf972021-12-21 10:23:11.195root 11241100x8000000000000000337464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186369dc3eeb77d02021-12-21 10:23:11.196root 11241100x8000000000000000337465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064d5d256a2635762021-12-21 10:23:11.196root 11241100x8000000000000000337466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8900364480f137d72021-12-21 10:23:11.196root 11241100x8000000000000000337467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0fabb2bb442820a2021-12-21 10:23:11.196root 11241100x8000000000000000337468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b297eb26c54e9d22021-12-21 10:23:11.196root 11241100x8000000000000000337469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3b6660c2658ac82021-12-21 10:23:11.196root 11241100x8000000000000000337470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e1d8923bfe98dc2021-12-21 10:23:11.196root 11241100x8000000000000000337471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b42357345309bad2021-12-21 10:23:11.196root 11241100x8000000000000000337472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c18f48c82ce2802021-12-21 10:23:11.693root 11241100x8000000000000000337473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f95623f9f4312322021-12-21 10:23:11.693root 11241100x8000000000000000337474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ddc5944d2c43c12021-12-21 10:23:11.694root 11241100x8000000000000000337475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac67e01e92c54ae72021-12-21 10:23:11.694root 11241100x8000000000000000337476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759acdf60c7d7c2c2021-12-21 10:23:11.694root 11241100x8000000000000000337477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cacf23a8b2669f562021-12-21 10:23:11.694root 11241100x8000000000000000337478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf22b4ae78bc78b2021-12-21 10:23:11.694root 11241100x8000000000000000337479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3497c2090e7a862021-12-21 10:23:11.694root 11241100x8000000000000000337480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64e2b436752e4f52021-12-21 10:23:11.694root 11241100x8000000000000000337481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da69b5f84f720182021-12-21 10:23:11.695root 11241100x8000000000000000337482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfe8412b3e108e12021-12-21 10:23:11.695root 11241100x8000000000000000337483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36a61373861f8a02021-12-21 10:23:11.695root 11241100x8000000000000000337484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c9f79432b9dd122021-12-21 10:23:11.695root 11241100x8000000000000000337485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf29409382b395d12021-12-21 10:23:11.695root 11241100x8000000000000000337486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37131836326bc97a2021-12-21 10:23:11.695root 11241100x8000000000000000337487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5af4fe6a4756a62021-12-21 10:23:11.695root 11241100x8000000000000000337488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007f9d1edfdd4e532021-12-21 10:23:11.695root 11241100x8000000000000000337489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7daca9a9f1f1a2212021-12-21 10:23:11.696root 11241100x8000000000000000337490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d9c7fa45e7479e2021-12-21 10:23:11.696root 11241100x8000000000000000337491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030c9b15381442852021-12-21 10:23:11.696root 11241100x8000000000000000337492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1532e6b1534249d42021-12-21 10:23:11.696root 11241100x8000000000000000337493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2729946f73c20a2021-12-21 10:23:11.696root 11241100x8000000000000000337494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e172b5437616792021-12-21 10:23:11.696root 11241100x8000000000000000337495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5524602ed741b82021-12-21 10:23:11.697root 11241100x8000000000000000337496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61eaf088cc2c7cd12021-12-21 10:23:11.697root 11241100x8000000000000000337497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:11.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75aecfd6d686a89a2021-12-21 10:23:11.697root 154100x8000000000000000337498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.019{ec2b6afe-ab10-61c1-68e4-31a9ee550000}5692/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 11241100x8000000000000000337499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e196d4a906c46a4f2021-12-21 10:23:12.022root 11241100x8000000000000000337500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27dd5dc412b2d762021-12-21 10:23:12.022root 11241100x8000000000000000337501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b87a524b23473332021-12-21 10:23:12.022root 11241100x8000000000000000337502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bfb1cb5f5405d052021-12-21 10:23:12.022root 11241100x8000000000000000337503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97dd0d8b898667812021-12-21 10:23:12.022root 11241100x8000000000000000337504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d0a189e10d14ba2021-12-21 10:23:12.022root 11241100x8000000000000000337505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5d0a03bc902d252021-12-21 10:23:12.023root 11241100x8000000000000000337506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fe66b7519e69082021-12-21 10:23:12.023root 11241100x8000000000000000337507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d651eed9a5431262021-12-21 10:23:12.023root 11241100x8000000000000000337508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef6211180909af82021-12-21 10:23:12.023root 11241100x8000000000000000337509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8de2edfe1b1c76b2021-12-21 10:23:12.023root 11241100x8000000000000000337510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.023{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a40fa11374bf2242021-12-21 10:23:12.023root 11241100x8000000000000000337511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d25b4940dbe0a02021-12-21 10:23:12.024root 11241100x8000000000000000337512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2441a5853247a622021-12-21 10:23:12.024root 11241100x8000000000000000337513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2007356cfabac33f2021-12-21 10:23:12.024root 11241100x8000000000000000337514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f85749fb42b40c62021-12-21 10:23:12.024root 11241100x8000000000000000337515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45caf9facd789882021-12-21 10:23:12.024root 11241100x8000000000000000337516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.024{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24f5944348c31f92021-12-21 10:23:12.024root 11241100x8000000000000000337517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d602bb78f6de1b2021-12-21 10:23:12.025root 11241100x8000000000000000337518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3235cb73e724f66b2021-12-21 10:23:12.025root 11241100x8000000000000000337519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7594e4b09977a68e2021-12-21 10:23:12.025root 11241100x8000000000000000337520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c14d65b27bdf1d2021-12-21 10:23:12.025root 11241100x8000000000000000337521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c11cc97a702a522021-12-21 10:23:12.025root 11241100x8000000000000000337522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.025{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875b8b758693d3fb2021-12-21 10:23:12.025root 11241100x8000000000000000337523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2fac8860fe218b02021-12-21 10:23:12.026root 11241100x8000000000000000337524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6a4144dcfbb5392021-12-21 10:23:12.026root 11241100x8000000000000000337525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ea7316f66c4d822021-12-21 10:23:12.026root 11241100x8000000000000000337526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdca0077c84dd792021-12-21 10:23:12.026root 11241100x8000000000000000337527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1419bb548892dcf62021-12-21 10:23:12.026root 11241100x8000000000000000337528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.026{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce73ff7ba61dd5672021-12-21 10:23:12.026root 11241100x8000000000000000337529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.027{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20090a261db19e52021-12-21 10:23:12.027root 11241100x8000000000000000337530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.027{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d3474a3e4efa252021-12-21 10:23:12.027root 11241100x8000000000000000337531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032c600a7131dfaa2021-12-21 10:23:12.028root 11241100x8000000000000000337532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e5d2aa177d3f6e2021-12-21 10:23:12.028root 11241100x8000000000000000337533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179619c7a143f5862021-12-21 10:23:12.028root 11241100x8000000000000000337534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0210667bcad167c2021-12-21 10:23:12.028root 11241100x8000000000000000337535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256601568b93e3822021-12-21 10:23:12.028root 11241100x8000000000000000337536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.028{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa59e5de6cb399f2021-12-21 10:23:12.028root 11241100x8000000000000000337537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8ccef67de8399c2021-12-21 10:23:12.029root 11241100x8000000000000000337538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04f3b34044730d42021-12-21 10:23:12.029root 11241100x8000000000000000337539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f103ddc450a9f78a2021-12-21 10:23:12.029root 11241100x8000000000000000337540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba0c7a4757d72522021-12-21 10:23:12.029root 11241100x8000000000000000337541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.029{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fc431cfd4eff952021-12-21 10:23:12.029root 11241100x8000000000000000337542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.030{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232376c243d8202f2021-12-21 10:23:12.030root 534500x8000000000000000337543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.034{ec2b6afe-ab10-61c1-68e4-31a9ee550000}5692/bin/psroot 354300x8000000000000000337544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.037{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47022-false10.0.1.12-8000- 11241100x8000000000000000337545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3bde0d092d2eebd2021-12-21 10:23:12.442root 11241100x8000000000000000337546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b028ce8e6aa37d382021-12-21 10:23:12.443root 11241100x8000000000000000337547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfec786a027b39fb2021-12-21 10:23:12.443root 11241100x8000000000000000337548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442619478be3da8a2021-12-21 10:23:12.443root 11241100x8000000000000000337549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d07e7f271754162021-12-21 10:23:12.443root 11241100x8000000000000000337550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a63d85571be1f292021-12-21 10:23:12.443root 11241100x8000000000000000337551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b717a30555f8fd5a2021-12-21 10:23:12.443root 11241100x8000000000000000337552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8bf7d039b515fe22021-12-21 10:23:12.443root 11241100x8000000000000000337553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8943018546c5979b2021-12-21 10:23:12.444root 11241100x8000000000000000337554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d25edd6260f462d2021-12-21 10:23:12.444root 11241100x8000000000000000337555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77dfe62beb2ca2b42021-12-21 10:23:12.444root 11241100x8000000000000000337556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656247fbf29cfba22021-12-21 10:23:12.444root 11241100x8000000000000000337557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379ab5cf501d4b2d2021-12-21 10:23:12.444root 11241100x8000000000000000337558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d17d64efaf66342021-12-21 10:23:12.444root 11241100x8000000000000000337559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0defefd444514ad82021-12-21 10:23:12.444root 11241100x8000000000000000337560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7705cf1459d485f2021-12-21 10:23:12.445root 11241100x8000000000000000337561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e18131258b679392021-12-21 10:23:12.445root 11241100x8000000000000000337562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094d0340ade1e24c2021-12-21 10:23:12.445root 11241100x8000000000000000337563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01814dbab5696b142021-12-21 10:23:12.445root 11241100x8000000000000000337564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b782b4feff98dfb62021-12-21 10:23:12.445root 11241100x8000000000000000337565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec23131be0fd3ad2021-12-21 10:23:12.445root 11241100x8000000000000000337566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc588e97ed9ff7442021-12-21 10:23:12.445root 11241100x8000000000000000337567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34877bcf78d939b2021-12-21 10:23:12.446root 11241100x8000000000000000337568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8101ccd4d498ee322021-12-21 10:23:12.446root 11241100x8000000000000000337569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a76cbbd6a972ab552021-12-21 10:23:12.446root 11241100x8000000000000000337570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5ba100a5c8d9bf2021-12-21 10:23:12.446root 11241100x8000000000000000337571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dba860ef1e3f6462021-12-21 10:23:12.447root 11241100x8000000000000000337572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9989753cb55e9a2021-12-21 10:23:12.447root 11241100x8000000000000000337573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159084d96029ee4f2021-12-21 10:23:12.447root 11241100x8000000000000000337574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cecf4819d37a482021-12-21 10:23:12.447root 11241100x8000000000000000337575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c733994cc4c6068c2021-12-21 10:23:12.447root 11241100x8000000000000000337576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ecc333baedb9a22021-12-21 10:23:12.447root 11241100x8000000000000000337577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b970e02fa098d42021-12-21 10:23:12.447root 11241100x8000000000000000337578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699782e0feec32d02021-12-21 10:23:12.943root 11241100x8000000000000000337579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef13c3d7a2f8f7f92021-12-21 10:23:12.943root 11241100x8000000000000000337580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc33f010f3a1bdf22021-12-21 10:23:12.943root 11241100x8000000000000000337581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f08a6a011cf5e4f2021-12-21 10:23:12.943root 11241100x8000000000000000337582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfbd1f8f17508cb2021-12-21 10:23:12.944root 11241100x8000000000000000337583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e78db329ed9a642021-12-21 10:23:12.944root 11241100x8000000000000000337584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f9c7a156ba71852021-12-21 10:23:12.944root 11241100x8000000000000000337585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f66de87c7f0c2a2021-12-21 10:23:12.944root 11241100x8000000000000000337586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcdc5cd7dcd73762021-12-21 10:23:12.945root 11241100x8000000000000000337587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad08d0575dae1622021-12-21 10:23:12.945root 11241100x8000000000000000337588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cbef03b18dfc9f52021-12-21 10:23:12.945root 11241100x8000000000000000337589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ca5738c06060422021-12-21 10:23:12.945root 11241100x8000000000000000337590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31db47eabd78b1902021-12-21 10:23:12.945root 11241100x8000000000000000337591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b300662831aca59e2021-12-21 10:23:12.945root 11241100x8000000000000000337592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a690d51da370cfc2021-12-21 10:23:12.945root 11241100x8000000000000000337593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac6b0d49a6b3e462021-12-21 10:23:12.946root 11241100x8000000000000000337594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7976106e73a689c52021-12-21 10:23:12.946root 11241100x8000000000000000337595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7d24f2c8e979552021-12-21 10:23:12.946root 11241100x8000000000000000337596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907d91cb9ac3c1cb2021-12-21 10:23:12.946root 11241100x8000000000000000337597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3bb6ddfbd95e562021-12-21 10:23:12.946root 11241100x8000000000000000337598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f706ba579e64cd8d2021-12-21 10:23:12.946root 11241100x8000000000000000337599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4114614c9c071302021-12-21 10:23:12.946root 11241100x8000000000000000337600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6f87088c3e91362021-12-21 10:23:12.946root 11241100x8000000000000000337601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2919ef227b1324862021-12-21 10:23:12.947root 11241100x8000000000000000337602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5efff3332d3e2b042021-12-21 10:23:12.947root 11241100x8000000000000000337603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86db4dd4f2878be72021-12-21 10:23:12.947root 11241100x8000000000000000337604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a755b9a55aede82021-12-21 10:23:12.947root 11241100x8000000000000000337605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b30d99586071d832021-12-21 10:23:12.947root 11241100x8000000000000000337606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc05e4d106d24e362021-12-21 10:23:12.947root 11241100x8000000000000000337607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b44199ba8a49ff2021-12-21 10:23:13.443root 11241100x8000000000000000337608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac205cd931644a992021-12-21 10:23:13.443root 11241100x8000000000000000337609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac8d9baf67710f12021-12-21 10:23:13.444root 11241100x8000000000000000337610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa07f9e9d7951b1f2021-12-21 10:23:13.444root 11241100x8000000000000000337611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0aa8aad4bf6baf2021-12-21 10:23:13.444root 11241100x8000000000000000337612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752cd07d451330782021-12-21 10:23:13.445root 11241100x8000000000000000337613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e423539b27caf02021-12-21 10:23:13.445root 11241100x8000000000000000337614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6636cc5fccb38b2021-12-21 10:23:13.445root 11241100x8000000000000000337615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4945dfa398f543242021-12-21 10:23:13.445root 11241100x8000000000000000337616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30e3a0767a200862021-12-21 10:23:13.445root 11241100x8000000000000000337617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86961cebca12286c2021-12-21 10:23:13.445root 11241100x8000000000000000337618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89816c0bfbf24c032021-12-21 10:23:13.446root 11241100x8000000000000000337619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a415e2ea462972112021-12-21 10:23:13.446root 11241100x8000000000000000337620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99da6c4f56fa42492021-12-21 10:23:13.446root 11241100x8000000000000000337621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52800076ab7ac6372021-12-21 10:23:13.446root 11241100x8000000000000000337622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c03f21c89629e1c2021-12-21 10:23:13.446root 11241100x8000000000000000337623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ae2c20c10889442021-12-21 10:23:13.446root 11241100x8000000000000000337624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34c5af6c2b38f432021-12-21 10:23:13.446root 11241100x8000000000000000337625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289585e10aac3d892021-12-21 10:23:13.447root 11241100x8000000000000000337626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9628610fd7587bbd2021-12-21 10:23:13.447root 11241100x8000000000000000337627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8989a4b30dc1ac2021-12-21 10:23:13.447root 11241100x8000000000000000337628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f161e2b1fe6cc51c2021-12-21 10:23:13.447root 11241100x8000000000000000337629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcebd94df9e7a85c2021-12-21 10:23:13.447root 11241100x8000000000000000337630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f9a2ea5b534e552021-12-21 10:23:13.448root 11241100x8000000000000000337631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32541d05f205ebeb2021-12-21 10:23:13.448root 11241100x8000000000000000337632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bda4391798887402021-12-21 10:23:13.448root 11241100x8000000000000000337633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219018bbf65b1acf2021-12-21 10:23:13.448root 11241100x8000000000000000337634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae6e4a4bcb9ce3f2021-12-21 10:23:13.448root 11241100x8000000000000000337635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d51a464b1692ab2021-12-21 10:23:13.448root 11241100x8000000000000000337636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a910c3db97364882021-12-21 10:23:13.448root 11241100x8000000000000000337637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dcaf637b6069f6b2021-12-21 10:23:13.448root 11241100x8000000000000000337638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89309082619ef8e72021-12-21 10:23:13.943root 11241100x8000000000000000337639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fca18054b047d142021-12-21 10:23:13.943root 11241100x8000000000000000337640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e0fa3adedffe002021-12-21 10:23:13.943root 11241100x8000000000000000337641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f62e3fa5d91185b2021-12-21 10:23:13.943root 11241100x8000000000000000337642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b513a6f623b6dc2021-12-21 10:23:13.943root 11241100x8000000000000000337643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ff26b5532603352021-12-21 10:23:13.943root 11241100x8000000000000000337644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce37b38f01680f472021-12-21 10:23:13.943root 11241100x8000000000000000337645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf327a2f7550561d2021-12-21 10:23:13.943root 11241100x8000000000000000337646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dab1742e9614a5e2021-12-21 10:23:13.943root 11241100x8000000000000000337647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09811e744a14e7d42021-12-21 10:23:13.944root 11241100x8000000000000000337648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a559551998bd21532021-12-21 10:23:13.944root 11241100x8000000000000000337649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4eeb184af0835a2021-12-21 10:23:13.944root 11241100x8000000000000000337650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f4ce0691c16afa2021-12-21 10:23:13.944root 11241100x8000000000000000337651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4432134f82ecd032021-12-21 10:23:13.944root 11241100x8000000000000000337652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee4e5e48da4e0022021-12-21 10:23:13.944root 11241100x8000000000000000337653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d3f1bdd763423f2021-12-21 10:23:13.944root 11241100x8000000000000000337654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4510172562ae9e62021-12-21 10:23:13.945root 11241100x8000000000000000337655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caffedc5d6b7cf2d2021-12-21 10:23:13.945root 11241100x8000000000000000337656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae9e081d97879bc2021-12-21 10:23:13.945root 11241100x8000000000000000337657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ff8a8d1f346c572021-12-21 10:23:13.945root 11241100x8000000000000000337658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b86f096e58a5af72021-12-21 10:23:13.945root 11241100x8000000000000000337659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f4fbef80c29ca12021-12-21 10:23:13.945root 11241100x8000000000000000337660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08b8c697434d0132021-12-21 10:23:13.945root 11241100x8000000000000000337661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56cc03ba0286bbe12021-12-21 10:23:13.945root 11241100x8000000000000000337662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa873166f118f9e82021-12-21 10:23:13.945root 11241100x8000000000000000337663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f243a56ee9c02cf2021-12-21 10:23:13.946root 11241100x8000000000000000337664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5680676d3b50ee2021-12-21 10:23:13.946root 11241100x8000000000000000337665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681f145b97dabacd2021-12-21 10:23:13.946root 11241100x8000000000000000337666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3e27a811aebc692021-12-21 10:23:13.946root 11241100x8000000000000000337667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649b2e01770b896e2021-12-21 10:23:13.946root 11241100x8000000000000000337668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9261dd3413ac3cc2021-12-21 10:23:13.946root 11241100x8000000000000000337669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb79510b29dd0582021-12-21 10:23:13.947root 11241100x8000000000000000337670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affe3d6a9edd29582021-12-21 10:23:13.947root 11241100x8000000000000000337671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2a648356bdd1152021-12-21 10:23:13.947root 11241100x8000000000000000337672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440f2d5f5e724dbb2021-12-21 10:23:13.947root 11241100x8000000000000000337673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.691c1b121b1d0be52021-12-21 10:23:13.947root 11241100x8000000000000000337674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9847ba836805a8f2021-12-21 10:23:13.947root 11241100x8000000000000000337675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeba6b10ea86be712021-12-21 10:23:14.443root 11241100x8000000000000000337676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1250772d46ef57172021-12-21 10:23:14.443root 11241100x8000000000000000337677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d71a2262bd46e62021-12-21 10:23:14.444root 11241100x8000000000000000337678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4453a734f92c1c2021-12-21 10:23:14.444root 11241100x8000000000000000337679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122201939f3990b72021-12-21 10:23:14.444root 11241100x8000000000000000337680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5826045e0abc56182021-12-21 10:23:14.444root 11241100x8000000000000000337681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d3a9680613dfe52021-12-21 10:23:14.444root 11241100x8000000000000000337682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f75e8584a3b70f12021-12-21 10:23:14.444root 11241100x8000000000000000337683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5780d2339ff4f4e2021-12-21 10:23:14.444root 11241100x8000000000000000337684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe4ab4725cb89422021-12-21 10:23:14.445root 11241100x8000000000000000337685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69067fb0fa207a8b2021-12-21 10:23:14.445root 11241100x8000000000000000337686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84675e6f7b589ef2021-12-21 10:23:14.445root 11241100x8000000000000000337687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10e22b1e97611d62021-12-21 10:23:14.445root 11241100x8000000000000000337688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c1e3eb84f1c7242021-12-21 10:23:14.445root 11241100x8000000000000000337689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6127b3c17c89442021-12-21 10:23:14.445root 11241100x8000000000000000337690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c9f10f638d63b22021-12-21 10:23:14.445root 11241100x8000000000000000337691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc69f790652e32ed2021-12-21 10:23:14.445root 11241100x8000000000000000337692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a4ef8419ea9f972021-12-21 10:23:14.446root 11241100x8000000000000000337693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244f4b9558e594182021-12-21 10:23:14.446root 11241100x8000000000000000337694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ace16f689b1c772021-12-21 10:23:14.446root 11241100x8000000000000000337695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7579f635b525a7bc2021-12-21 10:23:14.446root 11241100x8000000000000000337696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd3b2dd311a504c2021-12-21 10:23:14.446root 11241100x8000000000000000337697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559500280e3d57d62021-12-21 10:23:14.446root 11241100x8000000000000000337698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.589e610d2a6eb2be2021-12-21 10:23:14.446root 11241100x8000000000000000337699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9d6157ac793e9c2021-12-21 10:23:14.446root 11241100x8000000000000000337700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09eaec4464f3dc112021-12-21 10:23:14.447root 11241100x8000000000000000337701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415a5596d5daffb82021-12-21 10:23:14.447root 11241100x8000000000000000337702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084319c6f9a689b52021-12-21 10:23:14.447root 11241100x8000000000000000337703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e04325b1d0014452021-12-21 10:23:14.447root 11241100x8000000000000000337704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba03352674c7a9882021-12-21 10:23:14.447root 11241100x8000000000000000337705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cd809ce6443c402021-12-21 10:23:14.943root 11241100x8000000000000000337706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4454ca3cd81e9a942021-12-21 10:23:14.943root 11241100x8000000000000000337707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199db755c9b1edd02021-12-21 10:23:14.943root 11241100x8000000000000000337708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104b96fa4ba6b1262021-12-21 10:23:14.944root 11241100x8000000000000000337709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7536e10ca983cb82021-12-21 10:23:14.944root 11241100x8000000000000000337710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c169ed8a634937d2021-12-21 10:23:14.944root 11241100x8000000000000000337711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796d744f2d6cdac52021-12-21 10:23:14.944root 11241100x8000000000000000337712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b6795a666744c32021-12-21 10:23:14.944root 11241100x8000000000000000337713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7462acdd3e3f082021-12-21 10:23:14.944root 11241100x8000000000000000337714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c26ab0d2ca377122021-12-21 10:23:14.944root 11241100x8000000000000000337715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9bba64fbee57552021-12-21 10:23:14.944root 11241100x8000000000000000337716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e014edc57c40b82021-12-21 10:23:14.944root 11241100x8000000000000000337717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e8c7490516c9c32021-12-21 10:23:14.945root 11241100x8000000000000000337718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6c4eed1c9985562021-12-21 10:23:14.945root 11241100x8000000000000000337719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112e187cc4cc95f92021-12-21 10:23:14.945root 11241100x8000000000000000337720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63d75539c78f5582021-12-21 10:23:14.945root 11241100x8000000000000000337721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac6927b27634faf2021-12-21 10:23:14.945root 11241100x8000000000000000337722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c0611000e755562021-12-21 10:23:14.945root 11241100x8000000000000000337723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27fe544074dabaf2021-12-21 10:23:14.945root 11241100x8000000000000000337724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31776ec7326e70ee2021-12-21 10:23:14.945root 11241100x8000000000000000337725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aca6e489bf819f92021-12-21 10:23:14.945root 11241100x8000000000000000337726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18bdb454e10c1b002021-12-21 10:23:14.945root 11241100x8000000000000000337727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5458a86e00e271b02021-12-21 10:23:14.945root 11241100x8000000000000000337728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d1d2f4f260dc022021-12-21 10:23:14.946root 11241100x8000000000000000337729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638c49cf6dcff5c12021-12-21 10:23:14.946root 11241100x8000000000000000337730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557e38b660b443212021-12-21 10:23:14.946root 11241100x8000000000000000337731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7dd3970d9fc0eac2021-12-21 10:23:14.946root 11241100x8000000000000000337732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2ca8197f2ea0e42021-12-21 10:23:14.946root 11241100x8000000000000000337733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97efb6d7504c11b52021-12-21 10:23:14.946root 11241100x8000000000000000337734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08e0cb55a6060662021-12-21 10:23:15.443root 11241100x8000000000000000337735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e84a491ec5412f22021-12-21 10:23:15.443root 11241100x8000000000000000337736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8f1aa594efbd682021-12-21 10:23:15.443root 11241100x8000000000000000337737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d37aab1d5c18912021-12-21 10:23:15.444root 11241100x8000000000000000337738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83cb6186b8b26e152021-12-21 10:23:15.444root 11241100x8000000000000000337739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d59248fb8f8a7152021-12-21 10:23:15.444root 11241100x8000000000000000337740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980058c51778084c2021-12-21 10:23:15.444root 11241100x8000000000000000337741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a773eeab7068a0502021-12-21 10:23:15.444root 11241100x8000000000000000337742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1223ef652278b2582021-12-21 10:23:15.444root 11241100x8000000000000000337743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7109f8a793939a2021-12-21 10:23:15.445root 11241100x8000000000000000337744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6c318afb577d042021-12-21 10:23:15.445root 11241100x8000000000000000337745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf8735404f270682021-12-21 10:23:15.445root 11241100x8000000000000000337746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e284d353a67753ca2021-12-21 10:23:15.445root 11241100x8000000000000000337747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da8facfe964c2052021-12-21 10:23:15.445root 11241100x8000000000000000337748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8059a50be19223372021-12-21 10:23:15.445root 11241100x8000000000000000337749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1913e7a76e622c992021-12-21 10:23:15.445root 11241100x8000000000000000337750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d17ab6874698072021-12-21 10:23:15.446root 11241100x8000000000000000337751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a99dbfa72370112021-12-21 10:23:15.446root 11241100x8000000000000000337752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69fbda228729e522021-12-21 10:23:15.446root 11241100x8000000000000000337753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c786320332e03d2021-12-21 10:23:15.446root 11241100x8000000000000000337754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe35ad407a20b50e2021-12-21 10:23:15.446root 11241100x8000000000000000337755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26679c8411268202021-12-21 10:23:15.446root 11241100x8000000000000000337756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22178e4a5e24b5d2021-12-21 10:23:15.447root 11241100x8000000000000000337757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e90497e92364a42021-12-21 10:23:15.447root 11241100x8000000000000000337758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28afa85c7ac2754e2021-12-21 10:23:15.447root 11241100x8000000000000000337759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5f809c60442db32021-12-21 10:23:15.447root 11241100x8000000000000000337760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10ef2356716466c2021-12-21 10:23:15.447root 11241100x8000000000000000337761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc623260149153e92021-12-21 10:23:15.447root 11241100x8000000000000000337762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc775975684900df2021-12-21 10:23:15.447root 11241100x8000000000000000337763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907ce6f27e2e37132021-12-21 10:23:15.943root 11241100x8000000000000000337764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8639c0182fd7e7b2021-12-21 10:23:15.943root 11241100x8000000000000000337765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed3c9defb4b7ba72021-12-21 10:23:15.943root 11241100x8000000000000000337766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42bc6efc1fd59f0a2021-12-21 10:23:15.944root 11241100x8000000000000000337767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc02aed3c5b65dc2021-12-21 10:23:15.944root 11241100x8000000000000000337768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c095b8786093642021-12-21 10:23:15.944root 11241100x8000000000000000337769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05ac23df5da57672021-12-21 10:23:15.944root 11241100x8000000000000000337770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d08bd4da4b416c2021-12-21 10:23:15.944root 11241100x8000000000000000337771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489a975576035c792021-12-21 10:23:15.944root 11241100x8000000000000000337772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527f1f353ed79e3b2021-12-21 10:23:15.945root 11241100x8000000000000000337773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afee3c3a9096c1522021-12-21 10:23:15.945root 11241100x8000000000000000337774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398494fa263fd36d2021-12-21 10:23:15.945root 11241100x8000000000000000337775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd3240c3f19f7132021-12-21 10:23:15.945root 11241100x8000000000000000337776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d579f789ddfad5c2021-12-21 10:23:15.945root 11241100x8000000000000000337777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f5bede2ad2640a2021-12-21 10:23:15.945root 11241100x8000000000000000337778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a6e6a777d953b332021-12-21 10:23:15.946root 11241100x8000000000000000337779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1697d1187a6a682021-12-21 10:23:15.946root 11241100x8000000000000000337780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6bf20dbec7db422021-12-21 10:23:15.946root 11241100x8000000000000000337781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72d168a28a2d9442021-12-21 10:23:15.946root 11241100x8000000000000000337782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef02fee6f3d6d25a2021-12-21 10:23:15.946root 11241100x8000000000000000337783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5fc41bf091944e2021-12-21 10:23:15.946root 11241100x8000000000000000337784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145f4c4f134a3aac2021-12-21 10:23:15.946root 11241100x8000000000000000337785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b7a9db7e68a5142021-12-21 10:23:15.947root 11241100x8000000000000000337786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609fef499cdb36032021-12-21 10:23:15.947root 11241100x8000000000000000337787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5541beaec92ec22021-12-21 10:23:15.947root 11241100x8000000000000000337788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccac8f1e8892d8482021-12-21 10:23:15.947root 11241100x8000000000000000337789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21013a12154351832021-12-21 10:23:15.947root 11241100x8000000000000000337790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3125c03f763016a72021-12-21 10:23:15.947root 11241100x8000000000000000337791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7617340b2ef8c842021-12-21 10:23:15.947root 11241100x8000000000000000337792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802966b05b9268c42021-12-21 10:23:15.947root 11241100x8000000000000000337793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6dcde978a30cdad2021-12-21 10:23:15.947root 11241100x8000000000000000337794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540a1797c0bf93002021-12-21 10:23:15.948root 11241100x8000000000000000337795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbee7abe6e486272021-12-21 10:23:15.948root 11241100x8000000000000000337796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf397f4dfc0add42021-12-21 10:23:15.948root 11241100x8000000000000000337797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fd6aa8540dc0132021-12-21 10:23:15.948root 11241100x8000000000000000337798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23b31ac3b830e72c2021-12-21 10:23:15.948root 11241100x8000000000000000337799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b222fbf08ac35f2021-12-21 10:23:15.948root 11241100x8000000000000000337800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ed81e8366aab3f2021-12-21 10:23:16.443root 11241100x8000000000000000337801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d4ca47184c40482021-12-21 10:23:16.443root 11241100x8000000000000000337802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca6476bb9f2c4692021-12-21 10:23:16.443root 11241100x8000000000000000337803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bd6db4a6dd3aa82021-12-21 10:23:16.444root 11241100x8000000000000000337804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a588e9369a75f82021-12-21 10:23:16.444root 11241100x8000000000000000337805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04065c5b412fb0972021-12-21 10:23:16.444root 11241100x8000000000000000337806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbac657d68d6c97a2021-12-21 10:23:16.444root 11241100x8000000000000000337807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7661949baf1ac652021-12-21 10:23:16.444root 11241100x8000000000000000337808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8715947b60990612021-12-21 10:23:16.444root 11241100x8000000000000000337809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c5f16b9202cc352021-12-21 10:23:16.444root 11241100x8000000000000000337810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4dbd0b56cb866c32021-12-21 10:23:16.444root 11241100x8000000000000000337811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4cd1ece3d4cedb52021-12-21 10:23:16.445root 11241100x8000000000000000337812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cb93a159bd143e2021-12-21 10:23:16.445root 11241100x8000000000000000337813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e2bbdc7279ca912021-12-21 10:23:16.445root 11241100x8000000000000000337814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1722ea8bc25123972021-12-21 10:23:16.445root 11241100x8000000000000000337815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcc01851964e9f32021-12-21 10:23:16.445root 11241100x8000000000000000337816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b98fb235fdfa052021-12-21 10:23:16.445root 11241100x8000000000000000337817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9caed85a74ebded02021-12-21 10:23:16.445root 11241100x8000000000000000337818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267b857c1c756b4a2021-12-21 10:23:16.445root 11241100x8000000000000000337819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8660013ef309b3a2021-12-21 10:23:16.446root 11241100x8000000000000000337820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaee4d46d09470ae2021-12-21 10:23:16.446root 11241100x8000000000000000337821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a735916182f371e2021-12-21 10:23:16.446root 11241100x8000000000000000337822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcdf5892371192092021-12-21 10:23:16.446root 11241100x8000000000000000337823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edcfa7f5041577582021-12-21 10:23:16.446root 11241100x8000000000000000337824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15e95a5b92d6f382021-12-21 10:23:16.446root 11241100x8000000000000000337825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a21da833427c6ac2021-12-21 10:23:16.446root 11241100x8000000000000000337826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c26b6404bcfc35a2021-12-21 10:23:16.447root 11241100x8000000000000000337827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e7bb72dc87f2db2021-12-21 10:23:16.447root 11241100x8000000000000000337828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387b45b0653a43fe2021-12-21 10:23:16.447root 11241100x8000000000000000337829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f12d7bf037242452021-12-21 10:23:16.447root 11241100x8000000000000000337830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbc46b2d86ca9f32021-12-21 10:23:16.943root 11241100x8000000000000000337831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fcbab8bb5271ae42021-12-21 10:23:16.943root 11241100x8000000000000000337832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5cf769d942c91d82021-12-21 10:23:16.943root 11241100x8000000000000000337833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48331f7339b3a27d2021-12-21 10:23:16.943root 11241100x8000000000000000337834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b78d8870d4981252021-12-21 10:23:16.943root 11241100x8000000000000000337835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1c7926f8273f492021-12-21 10:23:16.944root 11241100x8000000000000000337836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040fee5b9190df652021-12-21 10:23:16.944root 11241100x8000000000000000337837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26a56be2b31d6692021-12-21 10:23:16.944root 11241100x8000000000000000337838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f0d3ddd003d4112021-12-21 10:23:16.944root 11241100x8000000000000000337839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6624f4459eb30b2021-12-21 10:23:16.944root 11241100x8000000000000000337840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbfdc12c34d465d2021-12-21 10:23:16.944root 11241100x8000000000000000337841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094cde397f038a5c2021-12-21 10:23:16.944root 11241100x8000000000000000337842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d180b3fa779e9252021-12-21 10:23:16.944root 11241100x8000000000000000337843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251c8dd5e98eae7d2021-12-21 10:23:16.944root 11241100x8000000000000000337844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849ef00a09d3adce2021-12-21 10:23:16.944root 11241100x8000000000000000337845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a8cdc98c9ccb2a2021-12-21 10:23:16.944root 11241100x8000000000000000337846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93edca19de0d8ee2021-12-21 10:23:16.944root 11241100x8000000000000000337847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94a9df4c51fccd52021-12-21 10:23:16.944root 11241100x8000000000000000337848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0367fd4fc89402f22021-12-21 10:23:16.944root 11241100x8000000000000000337849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb658e2458f9c012021-12-21 10:23:16.944root 11241100x8000000000000000337850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a34c872118eac72021-12-21 10:23:16.944root 11241100x8000000000000000337851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2dc7af4e1042582021-12-21 10:23:16.945root 11241100x8000000000000000337852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa61d714b43b538c2021-12-21 10:23:16.945root 11241100x8000000000000000337853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91339530b2375f752021-12-21 10:23:16.945root 11241100x8000000000000000337854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90b760ca0abf9b12021-12-21 10:23:16.945root 11241100x8000000000000000337855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2dddde1525524e2021-12-21 10:23:16.945root 11241100x8000000000000000337856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa013adaab330f72021-12-21 10:23:16.945root 11241100x8000000000000000337857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c400d47b3b29072021-12-21 10:23:16.945root 11241100x8000000000000000337858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b8951a121fe4d02021-12-21 10:23:16.945root 11241100x8000000000000000337859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca079d070512f112021-12-21 10:23:16.945root 354300x8000000000000000337860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.180{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47024-false10.0.1.12-8000- 11241100x8000000000000000337861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533fc7c432cdc3ba2021-12-21 10:23:17.443root 11241100x8000000000000000337862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c385e29d6bc1db2021-12-21 10:23:17.443root 11241100x8000000000000000337863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c483eeea1a7ac62021-12-21 10:23:17.443root 11241100x8000000000000000337864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f8b5dd368743eb2021-12-21 10:23:17.443root 11241100x8000000000000000337865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c0a0802046016b2021-12-21 10:23:17.444root 11241100x8000000000000000337866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b22f56673c2c95a2021-12-21 10:23:17.444root 11241100x8000000000000000337867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1fde027fcef5a92021-12-21 10:23:17.444root 11241100x8000000000000000337868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aba4a2b2115bbc52021-12-21 10:23:17.444root 11241100x8000000000000000337869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ab37a1d6b851772021-12-21 10:23:17.444root 11241100x8000000000000000337870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d496c1afab550b2021-12-21 10:23:17.444root 11241100x8000000000000000337871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939e0fc618a378772021-12-21 10:23:17.445root 11241100x8000000000000000337872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27c783d4133f2ff2021-12-21 10:23:17.445root 11241100x8000000000000000337873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37433f26270ff8a52021-12-21 10:23:17.445root 11241100x8000000000000000337874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68eb333d526fe45e2021-12-21 10:23:17.445root 11241100x8000000000000000337875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79614e8c6e93c60c2021-12-21 10:23:17.445root 11241100x8000000000000000337876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bba8444dc71fd482021-12-21 10:23:17.445root 11241100x8000000000000000337877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9e04a9a34ea4e02021-12-21 10:23:17.445root 11241100x8000000000000000337878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fcdbb1dc8550fee2021-12-21 10:23:17.445root 11241100x8000000000000000337879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6936957c5d5df5d32021-12-21 10:23:17.446root 11241100x8000000000000000337880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d30fde66241a032021-12-21 10:23:17.446root 11241100x8000000000000000337881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d13e632db8db012021-12-21 10:23:17.446root 11241100x8000000000000000337882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d30fdd44742d2c2021-12-21 10:23:17.446root 11241100x8000000000000000337883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653225a21f13a1422021-12-21 10:23:17.446root 11241100x8000000000000000337884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da10f1f879b874b62021-12-21 10:23:17.446root 11241100x8000000000000000337885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b471f56b6d99fe452021-12-21 10:23:17.447root 11241100x8000000000000000337886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faac5015660ba8dd2021-12-21 10:23:17.447root 11241100x8000000000000000337887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7a43f9cc41f5972021-12-21 10:23:17.447root 11241100x8000000000000000337888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bcfc340451ff9d02021-12-21 10:23:17.447root 11241100x8000000000000000337889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d326b400b1c53b82021-12-21 10:23:17.447root 11241100x8000000000000000337890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2836cc194865312021-12-21 10:23:17.447root 11241100x8000000000000000337891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b21784e896ec28a2021-12-21 10:23:17.448root 11241100x8000000000000000337892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae908bd925d9c502021-12-21 10:23:17.943root 11241100x8000000000000000337893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f84fc39679e1922021-12-21 10:23:17.943root 11241100x8000000000000000337894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8be8002b23cf4792021-12-21 10:23:17.943root 11241100x8000000000000000337895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19256a36141e216a2021-12-21 10:23:17.944root 11241100x8000000000000000337896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d77f5b30742a262021-12-21 10:23:17.944root 11241100x8000000000000000337897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5511d0e4df20832021-12-21 10:23:17.944root 11241100x8000000000000000337898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21942b421e54ac302021-12-21 10:23:17.944root 11241100x8000000000000000337899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd425137bf9f952a2021-12-21 10:23:17.944root 11241100x8000000000000000337900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990482d32a0cac0c2021-12-21 10:23:17.944root 11241100x8000000000000000337901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e78c0edcdfc1ecd2021-12-21 10:23:17.945root 11241100x8000000000000000337902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed6e786ae5c90ed2021-12-21 10:23:17.945root 11241100x8000000000000000337903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4189c1c629141b2021-12-21 10:23:17.945root 11241100x8000000000000000337904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1192fae87ddd8f022021-12-21 10:23:17.945root 11241100x8000000000000000337905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a966d46df8e714b2021-12-21 10:23:17.946root 11241100x8000000000000000337906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326541fe2bbca3d52021-12-21 10:23:17.946root 11241100x8000000000000000337907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39dd92ecc1d4cbc02021-12-21 10:23:17.946root 11241100x8000000000000000337908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c682ae8547b78c92021-12-21 10:23:17.947root 11241100x8000000000000000337909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d313c120d80f542021-12-21 10:23:17.947root 11241100x8000000000000000337910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff54670a80153a592021-12-21 10:23:17.947root 11241100x8000000000000000337911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f8a392977bec082021-12-21 10:23:17.947root 11241100x8000000000000000337912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf0d9b4d643081f2021-12-21 10:23:17.947root 11241100x8000000000000000337913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb1ae4e8fa7c28b2021-12-21 10:23:17.947root 11241100x8000000000000000337914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e014c2b970fd00ea2021-12-21 10:23:17.947root 11241100x8000000000000000337915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32d9fe22e92c4f82021-12-21 10:23:17.948root 11241100x8000000000000000337916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47a4256245ab8422021-12-21 10:23:17.948root 11241100x8000000000000000337917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d16406720df2572021-12-21 10:23:17.948root 11241100x8000000000000000337918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5bc36b8ed0368d2021-12-21 10:23:17.948root 11241100x8000000000000000337919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b119e8a99291015f2021-12-21 10:23:17.948root 11241100x8000000000000000337920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bafee6607cd9b5122021-12-21 10:23:17.949root 11241100x8000000000000000337921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1f033b2fc8c5a92021-12-21 10:23:17.949root 11241100x8000000000000000337922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b318223d2077fc3c2021-12-21 10:23:17.949root 11241100x8000000000000000337923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:17.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e253acbba8cfb722021-12-21 10:23:17.949root 11241100x8000000000000000337924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7c40e6819247742021-12-21 10:23:18.443root 11241100x8000000000000000337925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e4643ebf0d722e2021-12-21 10:23:18.443root 11241100x8000000000000000337926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684f0cea2593a4a52021-12-21 10:23:18.443root 11241100x8000000000000000337927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4a23fbfe55ea822021-12-21 10:23:18.443root 11241100x8000000000000000337928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95f28addb8c26822021-12-21 10:23:18.443root 11241100x8000000000000000337929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381629c6064bf19f2021-12-21 10:23:18.443root 11241100x8000000000000000337930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf51c4670c5d728a2021-12-21 10:23:18.443root 11241100x8000000000000000337931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f78433acf054d12021-12-21 10:23:18.444root 11241100x8000000000000000337932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b201ea771107b7c2021-12-21 10:23:18.444root 11241100x8000000000000000337933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838ea7975ca85aa02021-12-21 10:23:18.444root 11241100x8000000000000000337934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e03eaa2e6c683f2021-12-21 10:23:18.444root 11241100x8000000000000000337935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100617f11b06d0692021-12-21 10:23:18.444root 11241100x8000000000000000337936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1591d13bd7a7367c2021-12-21 10:23:18.444root 11241100x8000000000000000337937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b443b3b7eb29972021-12-21 10:23:18.444root 11241100x8000000000000000337938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca54b841301bf942021-12-21 10:23:18.444root 11241100x8000000000000000337939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce714724b4483692021-12-21 10:23:18.445root 11241100x8000000000000000337940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0fbc78817da4e512021-12-21 10:23:18.445root 11241100x8000000000000000337941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3122ab781127a2b2021-12-21 10:23:18.445root 11241100x8000000000000000337942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fb1138385be4c92021-12-21 10:23:18.445root 11241100x8000000000000000337943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49a5777dbc829252021-12-21 10:23:18.445root 11241100x8000000000000000337944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ff3803145566ec2021-12-21 10:23:18.445root 11241100x8000000000000000337945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f3e7eec5791e632021-12-21 10:23:18.445root 11241100x8000000000000000337946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a0d8a27212ecc92021-12-21 10:23:18.445root 11241100x8000000000000000337947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a8df743d3804d92021-12-21 10:23:18.445root 11241100x8000000000000000337948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13ddd7c9859f7e42021-12-21 10:23:18.445root 11241100x8000000000000000337949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0785691adb2a16f32021-12-21 10:23:18.446root 11241100x8000000000000000337950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a51114bf09da9422021-12-21 10:23:18.446root 11241100x8000000000000000337951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22de4ce399136af2021-12-21 10:23:18.446root 11241100x8000000000000000337952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489501896f64c0842021-12-21 10:23:18.446root 11241100x8000000000000000337953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ffde60afc7c29e2021-12-21 10:23:18.446root 11241100x8000000000000000337954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823a4866b5d23fe22021-12-21 10:23:18.447root 11241100x8000000000000000337955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06427fec15be9ea72021-12-21 10:23:18.943root 11241100x8000000000000000337956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cefacd100e90b872021-12-21 10:23:18.943root 11241100x8000000000000000337957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6d219ce00160102021-12-21 10:23:18.943root 11241100x8000000000000000337958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371aed6fd82e69aa2021-12-21 10:23:18.943root 11241100x8000000000000000337959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e35498228730ec2021-12-21 10:23:18.944root 11241100x8000000000000000337960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3e7f3165898a112021-12-21 10:23:18.944root 11241100x8000000000000000337961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d140bae62f4ce79a2021-12-21 10:23:18.944root 11241100x8000000000000000337962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0351359cffe256ff2021-12-21 10:23:18.944root 11241100x8000000000000000337963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0786fc9188710d732021-12-21 10:23:18.944root 11241100x8000000000000000337964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5673ad15490d8e312021-12-21 10:23:18.945root 11241100x8000000000000000337965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf1504bb777bb332021-12-21 10:23:18.945root 11241100x8000000000000000337966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143c3d81e4dec4c92021-12-21 10:23:18.945root 11241100x8000000000000000337967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b60f47342b84522021-12-21 10:23:18.945root 11241100x8000000000000000337968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156d642c535a9e3b2021-12-21 10:23:18.945root 11241100x8000000000000000337969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699f04967452785e2021-12-21 10:23:18.945root 11241100x8000000000000000337970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77fbb6a6e5aa43a2021-12-21 10:23:18.945root 11241100x8000000000000000337971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec010f0a5e099f6e2021-12-21 10:23:18.946root 11241100x8000000000000000337972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2d4f13acf24b2a2021-12-21 10:23:18.946root 11241100x8000000000000000337973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2f039381a0dd5c2021-12-21 10:23:18.946root 11241100x8000000000000000337974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f31e437345bb0b2021-12-21 10:23:18.946root 11241100x8000000000000000337975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33aeb94fec641ba02021-12-21 10:23:18.946root 11241100x8000000000000000337976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4bc93e216e935a2021-12-21 10:23:18.946root 11241100x8000000000000000337977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761993731143eaef2021-12-21 10:23:18.947root 11241100x8000000000000000337978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7913ab5ea38b4eb42021-12-21 10:23:18.947root 11241100x8000000000000000337979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f836d69b0385b6ee2021-12-21 10:23:18.947root 11241100x8000000000000000337980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b58b7877c26a642021-12-21 10:23:18.947root 11241100x8000000000000000337981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72691ac9b53149e2021-12-21 10:23:18.947root 11241100x8000000000000000337982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613689e321e8203a2021-12-21 10:23:18.947root 11241100x8000000000000000337983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3ae5ec8fa1c7372021-12-21 10:23:18.948root 11241100x8000000000000000337984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c341ca696ec54c2021-12-21 10:23:18.948root 11241100x8000000000000000337985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29aa3ac35a9aaac2021-12-21 10:23:19.443root 11241100x8000000000000000337986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7954922a1bfddafb2021-12-21 10:23:19.443root 11241100x8000000000000000337987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756db0748bcb1e232021-12-21 10:23:19.443root 11241100x8000000000000000337988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfb88c23bf5d1302021-12-21 10:23:19.443root 11241100x8000000000000000337989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1adb8564abcc1e2021-12-21 10:23:19.443root 11241100x8000000000000000337990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c9eb8c665d7a012021-12-21 10:23:19.443root 11241100x8000000000000000337991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44212c1a191d0b32021-12-21 10:23:19.443root 11241100x8000000000000000337992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1665532cf909332021-12-21 10:23:19.444root 11241100x8000000000000000337993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7535f024aeeb6c892021-12-21 10:23:19.444root 11241100x8000000000000000337994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b65698b816df3c82021-12-21 10:23:19.444root 11241100x8000000000000000337995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4d637bc57ada4c2021-12-21 10:23:19.444root 11241100x8000000000000000337996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb8243f2ae35ece2021-12-21 10:23:19.444root 11241100x8000000000000000337997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc763ffb4b175162021-12-21 10:23:19.444root 11241100x8000000000000000337998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c7a2c08f3d2d8f2021-12-21 10:23:19.444root 11241100x8000000000000000337999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753f0ea7dc3b54f02021-12-21 10:23:19.444root 11241100x8000000000000000338000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2424162e39ffa4e02021-12-21 10:23:19.444root 11241100x8000000000000000338001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778f116cc520b78c2021-12-21 10:23:19.444root 11241100x8000000000000000338002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeef0840d1ad37c02021-12-21 10:23:19.445root 11241100x8000000000000000338003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca73533c9d64e1e52021-12-21 10:23:19.445root 11241100x8000000000000000338004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463a6be19efb2ca12021-12-21 10:23:19.445root 11241100x8000000000000000338005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe42acde9b9a69b42021-12-21 10:23:19.445root 11241100x8000000000000000338006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0540f395456bbf3f2021-12-21 10:23:19.445root 11241100x8000000000000000338007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f44ee20479e35822021-12-21 10:23:19.445root 11241100x8000000000000000338008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e60cb515e720bf52021-12-21 10:23:19.445root 11241100x8000000000000000338009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c53e0a81e7fa8d92021-12-21 10:23:19.445root 11241100x8000000000000000338010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd1bac6dae044012021-12-21 10:23:19.446root 11241100x8000000000000000338011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5fc3c83a217502f2021-12-21 10:23:19.446root 11241100x8000000000000000338012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ec6734f7d466c12021-12-21 10:23:19.446root 11241100x8000000000000000338013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811412ca6521883f2021-12-21 10:23:19.446root 11241100x8000000000000000338014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1fc445e76a49d062021-12-21 10:23:19.446root 11241100x8000000000000000338015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b064312184331d2021-12-21 10:23:19.446root 11241100x8000000000000000338016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d80c0d660ec16672021-12-21 10:23:19.446root 11241100x8000000000000000338017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebc187e55fd6e252021-12-21 10:23:19.446root 11241100x8000000000000000338018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5382f89c9b12e0c82021-12-21 10:23:19.942root 11241100x8000000000000000338019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9ba8ec1680f8362021-12-21 10:23:19.943root 11241100x8000000000000000338020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c4b132628be1462021-12-21 10:23:19.943root 11241100x8000000000000000338021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0edfeaffd11037e72021-12-21 10:23:19.943root 11241100x8000000000000000338022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac020ffddfd65bdb2021-12-21 10:23:19.944root 11241100x8000000000000000338023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47be0c06cc3caa572021-12-21 10:23:19.944root 11241100x8000000000000000338024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24dd3799919e30c2021-12-21 10:23:19.944root 11241100x8000000000000000338025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc54e1c60ec769e2021-12-21 10:23:19.944root 11241100x8000000000000000338026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd45480435cb074f2021-12-21 10:23:19.944root 11241100x8000000000000000338027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979e4229205451152021-12-21 10:23:19.944root 11241100x8000000000000000338028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7753110bf62780a2021-12-21 10:23:19.944root 11241100x8000000000000000338029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b956c75f25487e7c2021-12-21 10:23:19.944root 11241100x8000000000000000338030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39bd8364e0df506f2021-12-21 10:23:19.945root 11241100x8000000000000000338031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902bb158e687dacb2021-12-21 10:23:19.945root 11241100x8000000000000000338032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f447abd14f4d412021-12-21 10:23:19.945root 11241100x8000000000000000338033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67638d40fc516022021-12-21 10:23:19.945root 11241100x8000000000000000338034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dcc9b0a3bff4aca2021-12-21 10:23:19.945root 11241100x8000000000000000338035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f36a3f6e917f7a32021-12-21 10:23:19.945root 11241100x8000000000000000338036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d734925c97fef92021-12-21 10:23:19.945root 11241100x8000000000000000338037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7b13361972101c2021-12-21 10:23:19.945root 11241100x8000000000000000338038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc7a8d6eae60a152021-12-21 10:23:19.945root 11241100x8000000000000000338039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ba55874ae9f5a52021-12-21 10:23:19.945root 11241100x8000000000000000338040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cfeab66426e43882021-12-21 10:23:19.945root 11241100x8000000000000000338041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330ff209b53655232021-12-21 10:23:19.946root 11241100x8000000000000000338042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab4e7ef17ed53222021-12-21 10:23:19.946root 11241100x8000000000000000338043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2864a9a07c82f36f2021-12-21 10:23:19.946root 11241100x8000000000000000338044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8cbe75074338142021-12-21 10:23:19.946root 11241100x8000000000000000338045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d392ed876fbada4c2021-12-21 10:23:19.946root 11241100x8000000000000000338046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60e0e076c51ddc32021-12-21 10:23:19.946root 11241100x8000000000000000338047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88392d3e9e5f54232021-12-21 10:23:19.946root 11241100x8000000000000000338048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879142a9854487e82021-12-21 10:23:19.946root 11241100x8000000000000000338049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873e227b5b41eea52021-12-21 10:23:19.946root 11241100x8000000000000000338050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb8fb8cadc0765b2021-12-21 10:23:19.946root 11241100x8000000000000000338051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421095b7fae3caa52021-12-21 10:23:19.946root 11241100x8000000000000000338052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1138aabb2e98ad4b2021-12-21 10:23:20.443root 11241100x8000000000000000338053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99635612c556588a2021-12-21 10:23:20.443root 11241100x8000000000000000338054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f392209ac1bde902021-12-21 10:23:20.443root 11241100x8000000000000000338055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00b993140fada372021-12-21 10:23:20.443root 11241100x8000000000000000338056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d593f6dd95e75a2021-12-21 10:23:20.444root 11241100x8000000000000000338057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea76d9046fb2abc2021-12-21 10:23:20.444root 11241100x8000000000000000338058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154ae9c9b9ce189c2021-12-21 10:23:20.444root 11241100x8000000000000000338059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fc06cf1fa4c6352021-12-21 10:23:20.444root 11241100x8000000000000000338060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aabe42f8641431a2021-12-21 10:23:20.444root 11241100x8000000000000000338061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101485d3b64b5ec32021-12-21 10:23:20.444root 11241100x8000000000000000338062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78323a90d70486362021-12-21 10:23:20.445root 11241100x8000000000000000338063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c024fb375dfb9a52021-12-21 10:23:20.445root 11241100x8000000000000000338064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21909053cc5217062021-12-21 10:23:20.445root 11241100x8000000000000000338065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f62694e3e1ed49f2021-12-21 10:23:20.445root 11241100x8000000000000000338066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01876dda80fdb4472021-12-21 10:23:20.445root 11241100x8000000000000000338067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4c610934d7d7af2021-12-21 10:23:20.446root 11241100x8000000000000000338068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58563a8f7d93e0af2021-12-21 10:23:20.446root 11241100x8000000000000000338069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96040e6784d3399f2021-12-21 10:23:20.446root 11241100x8000000000000000338070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5551b1e850344c9c2021-12-21 10:23:20.447root 11241100x8000000000000000338071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc35f96301d4b6ab2021-12-21 10:23:20.447root 11241100x8000000000000000338072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec439c41f8c4b0b42021-12-21 10:23:20.447root 11241100x8000000000000000338073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37858e7c3d6fcf22021-12-21 10:23:20.447root 11241100x8000000000000000338074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58382b23dc4198102021-12-21 10:23:20.447root 11241100x8000000000000000338075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335a0cc4ecf65a292021-12-21 10:23:20.447root 11241100x8000000000000000338076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24054139af2ed2622021-12-21 10:23:20.447root 11241100x8000000000000000338077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91812158909299332021-12-21 10:23:20.448root 11241100x8000000000000000338078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710e4ea387d0afeb2021-12-21 10:23:20.448root 11241100x8000000000000000338079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1693c2fa64d6bf492021-12-21 10:23:20.448root 11241100x8000000000000000338080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7bcbe394bfc0b652021-12-21 10:23:20.448root 11241100x8000000000000000338081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a8ec61fd102ef32021-12-21 10:23:20.448root 11241100x8000000000000000338082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22043e0dcc6ebba2021-12-21 10:23:20.448root 11241100x8000000000000000338083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd7ba714f79e56c2021-12-21 10:23:20.448root 11241100x8000000000000000338084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5317f92eaf413a252021-12-21 10:23:20.448root 11241100x8000000000000000338085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a38e8dba8bb6c0d2021-12-21 10:23:20.449root 11241100x8000000000000000338086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d28e22b6566e46d2021-12-21 10:23:20.943root 11241100x8000000000000000338087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1177ecd2307e33692021-12-21 10:23:20.943root 11241100x8000000000000000338088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3198396a94ae84e62021-12-21 10:23:20.944root 11241100x8000000000000000338089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d9a1cf63bcf4c02021-12-21 10:23:20.944root 11241100x8000000000000000338090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2aa8bdec1825a82021-12-21 10:23:20.944root 11241100x8000000000000000338091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f1433e1f5326482021-12-21 10:23:20.945root 11241100x8000000000000000338092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dcb777c35d267182021-12-21 10:23:20.945root 11241100x8000000000000000338093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c032bc8ea7a714e2021-12-21 10:23:20.945root 11241100x8000000000000000338094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3b96383c4e3bbb2021-12-21 10:23:20.946root 11241100x8000000000000000338095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5192ad1fc045692021-12-21 10:23:20.946root 11241100x8000000000000000338096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77017b04a37425a92021-12-21 10:23:20.946root 11241100x8000000000000000338097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e97b5bfddc7e572021-12-21 10:23:20.946root 11241100x8000000000000000338098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56618d30f16b0f022021-12-21 10:23:20.947root 11241100x8000000000000000338099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8550c3897f9159bf2021-12-21 10:23:20.947root 11241100x8000000000000000338100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03185ca15ebee9e82021-12-21 10:23:20.947root 11241100x8000000000000000338101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1967a615a59430802021-12-21 10:23:20.948root 11241100x8000000000000000338102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ed72e26754b9cd2021-12-21 10:23:20.948root 11241100x8000000000000000338103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa86f29dc329f812021-12-21 10:23:20.948root 11241100x8000000000000000338104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0545876064a9c02021-12-21 10:23:20.948root 11241100x8000000000000000338105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6acaf3c42aa048c2021-12-21 10:23:20.948root 11241100x8000000000000000338106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a448669b07ee0e192021-12-21 10:23:20.949root 11241100x8000000000000000338107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a1eb6d86072b4a2021-12-21 10:23:20.949root 11241100x8000000000000000338108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15946736dae921612021-12-21 10:23:20.949root 11241100x8000000000000000338109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf1f31d015f2f6b2021-12-21 10:23:20.949root 11241100x8000000000000000338110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6b8ed475d6d7aa2021-12-21 10:23:20.949root 11241100x8000000000000000338111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c309911fb61845172021-12-21 10:23:20.949root 11241100x8000000000000000338112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3550800c3a063a2021-12-21 10:23:20.950root 11241100x8000000000000000338113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65d54c439cdb88c2021-12-21 10:23:20.950root 11241100x8000000000000000338114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a761f7b6f448e4e92021-12-21 10:23:20.950root 11241100x8000000000000000338115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b79b6f7cc8f12342021-12-21 10:23:20.950root 11241100x8000000000000000338116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:20.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4193efe4f17ca5ac2021-12-21 10:23:20.950root 11241100x8000000000000000338117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c24464524f5fd462021-12-21 10:23:21.443root 11241100x8000000000000000338118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6baf37d15ab2ef542021-12-21 10:23:21.443root 11241100x8000000000000000338119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6307d2bf1846f42021-12-21 10:23:21.444root 11241100x8000000000000000338120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c832811c8dc2262021-12-21 10:23:21.444root 11241100x8000000000000000338121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c3b44ea7a7fa152021-12-21 10:23:21.444root 11241100x8000000000000000338122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db72df351b97a4372021-12-21 10:23:21.444root 11241100x8000000000000000338123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d0f9ba5bc18fdb2021-12-21 10:23:21.445root 11241100x8000000000000000338124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67811055ce8d4cd92021-12-21 10:23:21.445root 11241100x8000000000000000338125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a5a127d826103872021-12-21 10:23:21.445root 11241100x8000000000000000338126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c881d49bac687b472021-12-21 10:23:21.445root 11241100x8000000000000000338127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa933a265a28b0d2021-12-21 10:23:21.446root 11241100x8000000000000000338128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4fde1ecd0b54e32021-12-21 10:23:21.446root 11241100x8000000000000000338129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062dfbf268e397cc2021-12-21 10:23:21.446root 11241100x8000000000000000338130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005b8e71478fd4fc2021-12-21 10:23:21.446root 11241100x8000000000000000338131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903cc1cb510145452021-12-21 10:23:21.446root 11241100x8000000000000000338132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d301ee4f2c98365b2021-12-21 10:23:21.447root 11241100x8000000000000000338133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a29c2282b92bfb2021-12-21 10:23:21.447root 11241100x8000000000000000338134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3d8c626aba28ea2021-12-21 10:23:21.447root 11241100x8000000000000000338135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be33a8e73265fb9b2021-12-21 10:23:21.448root 11241100x8000000000000000338136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c96c1153af7f672021-12-21 10:23:21.448root 11241100x8000000000000000338137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680e996c541fa2942021-12-21 10:23:21.448root 11241100x8000000000000000338138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355e0dadcc6616812021-12-21 10:23:21.448root 11241100x8000000000000000338139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4821ae058a5b1cbd2021-12-21 10:23:21.448root 11241100x8000000000000000338140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c058c30fa0fdbeda2021-12-21 10:23:21.448root 11241100x8000000000000000338141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5e15a5ef8957b52021-12-21 10:23:21.448root 11241100x8000000000000000338142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874c3d13ac21c6712021-12-21 10:23:21.448root 11241100x8000000000000000338143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5cffb85bec2f172021-12-21 10:23:21.449root 11241100x8000000000000000338144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327887eec0bac8662021-12-21 10:23:21.449root 11241100x8000000000000000338145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995ab14a3385d2e92021-12-21 10:23:21.449root 11241100x8000000000000000338146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce49549182342cb22021-12-21 10:23:21.449root 11241100x8000000000000000338147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf3c47395d4c60a2021-12-21 10:23:21.449root 11241100x8000000000000000338148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961ae75e6d69a8692021-12-21 10:23:21.449root 11241100x8000000000000000338149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3455cdece0bb5482021-12-21 10:23:21.943root 11241100x8000000000000000338150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a5b30ed9b767c42021-12-21 10:23:21.943root 11241100x8000000000000000338151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766840dad8ffc6f82021-12-21 10:23:21.943root 11241100x8000000000000000338152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169fad29b21996352021-12-21 10:23:21.943root 11241100x8000000000000000338153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb59581be4081b12021-12-21 10:23:21.943root 11241100x8000000000000000338154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a61a200377750422021-12-21 10:23:21.944root 11241100x8000000000000000338155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b9903f625890942021-12-21 10:23:21.944root 11241100x8000000000000000338156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2e3c4ab81653a82021-12-21 10:23:21.944root 11241100x8000000000000000338157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04fe34030a3bae42021-12-21 10:23:21.944root 11241100x8000000000000000338158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be42ee23d150e17f2021-12-21 10:23:21.944root 11241100x8000000000000000338159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b7089cb88e3ccc2021-12-21 10:23:21.945root 11241100x8000000000000000338160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1f4590d473a7a62021-12-21 10:23:21.945root 11241100x8000000000000000338161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3042e7a938e5b342021-12-21 10:23:21.945root 11241100x8000000000000000338162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675a715266a3a5ed2021-12-21 10:23:21.945root 11241100x8000000000000000338163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5a67c7d073b4e22021-12-21 10:23:21.946root 11241100x8000000000000000338164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4ad3325cfeb8b02021-12-21 10:23:21.946root 11241100x8000000000000000338165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2927c4a0029347a2021-12-21 10:23:21.946root 11241100x8000000000000000338166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98cdb818eeaf44902021-12-21 10:23:21.947root 11241100x8000000000000000338167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8a43e80648418d2021-12-21 10:23:21.947root 11241100x8000000000000000338168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bfe48bb0a19fce2021-12-21 10:23:21.947root 11241100x8000000000000000338169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0138e6fe872c20912021-12-21 10:23:21.947root 11241100x8000000000000000338170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b602fdb00bfd65d2021-12-21 10:23:21.947root 11241100x8000000000000000338171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764947e102848fca2021-12-21 10:23:21.947root 11241100x8000000000000000338172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9204808a606f6972021-12-21 10:23:21.948root 11241100x8000000000000000338173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe61dc449d65c1d2021-12-21 10:23:21.948root 11241100x8000000000000000338174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99228b57684891d52021-12-21 10:23:21.948root 11241100x8000000000000000338175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327d254a7caa806b2021-12-21 10:23:21.948root 11241100x8000000000000000338176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99c2f233c6639692021-12-21 10:23:21.948root 11241100x8000000000000000338177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab0a05852e473892021-12-21 10:23:21.948root 11241100x8000000000000000338178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc94e364e363f442021-12-21 10:23:21.948root 11241100x8000000000000000338179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf92db3a1590dfb2021-12-21 10:23:22.443root 11241100x8000000000000000338180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac59ca1ae9ede3092021-12-21 10:23:22.443root 11241100x8000000000000000338181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2a4e9f478f379c2021-12-21 10:23:22.443root 11241100x8000000000000000338182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d50f9b0b35c89b2021-12-21 10:23:22.443root 11241100x8000000000000000338183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06034752244d2602021-12-21 10:23:22.443root 11241100x8000000000000000338184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b54b726a57a67312021-12-21 10:23:22.444root 11241100x8000000000000000338185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308d5a3bdcbe71302021-12-21 10:23:22.444root 11241100x8000000000000000338186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efb451ce21ffc862021-12-21 10:23:22.444root 11241100x8000000000000000338187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63908e2d9fd3d232021-12-21 10:23:22.444root 11241100x8000000000000000338188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b64ff35bf9f3ea2021-12-21 10:23:22.444root 11241100x8000000000000000338189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7038b35c453ef6a02021-12-21 10:23:22.444root 11241100x8000000000000000338190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a994a5cb402950842021-12-21 10:23:22.445root 11241100x8000000000000000338191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42f9d2d31dbd06e2021-12-21 10:23:22.445root 11241100x8000000000000000338192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a206d6ddf7c6a23f2021-12-21 10:23:22.445root 11241100x8000000000000000338193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df21d14524b02e32021-12-21 10:23:22.445root 11241100x8000000000000000338194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9274224275dd8da2021-12-21 10:23:22.445root 11241100x8000000000000000338195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4090108e35104aed2021-12-21 10:23:22.446root 11241100x8000000000000000338196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7010c16324b8562021-12-21 10:23:22.446root 11241100x8000000000000000338197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a9df47f89b65ac2021-12-21 10:23:22.446root 11241100x8000000000000000338198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf8a5e468e400862021-12-21 10:23:22.446root 11241100x8000000000000000338199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578368ecf8f1c8952021-12-21 10:23:22.447root 11241100x8000000000000000338200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46248688deb418852021-12-21 10:23:22.447root 11241100x8000000000000000338201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23b0ca1107738022021-12-21 10:23:22.447root 11241100x8000000000000000338202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313bbdbf01495e792021-12-21 10:23:22.447root 11241100x8000000000000000338203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac1b0c79f2143102021-12-21 10:23:22.447root 11241100x8000000000000000338204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151aba9dde9df1af2021-12-21 10:23:22.447root 11241100x8000000000000000338205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a465383d54a195a52021-12-21 10:23:22.447root 11241100x8000000000000000338206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9018fbfc4c3ac29f2021-12-21 10:23:22.447root 11241100x8000000000000000338207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12eb0e1128e39842021-12-21 10:23:22.448root 11241100x8000000000000000338208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca8df258c75e1732021-12-21 10:23:22.448root 11241100x8000000000000000338209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f8607a8c2bd85b2021-12-21 10:23:22.448root 11241100x8000000000000000338210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77200b8a77ef4722021-12-21 10:23:22.448root 11241100x8000000000000000338211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939e12bec7eb7d752021-12-21 10:23:22.448root 11241100x8000000000000000338212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a496e63060bf8d2021-12-21 10:23:22.448root 11241100x8000000000000000338213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343202641e7720132021-12-21 10:23:22.449root 11241100x8000000000000000338214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3099aef4f333589e2021-12-21 10:23:22.943root 11241100x8000000000000000338215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7140d80444cc47d22021-12-21 10:23:22.943root 11241100x8000000000000000338216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ee43341962cd0d2021-12-21 10:23:22.944root 11241100x8000000000000000338217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6c3f86c13ebf7d2021-12-21 10:23:22.944root 11241100x8000000000000000338218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc70e2e9a17bc642021-12-21 10:23:22.944root 11241100x8000000000000000338219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d15135b23e5c520e2021-12-21 10:23:22.944root 11241100x8000000000000000338220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5ec994bb9fb8022021-12-21 10:23:22.944root 11241100x8000000000000000338221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e0563dc886cd3aa2021-12-21 10:23:22.945root 11241100x8000000000000000338222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f70354f9643398772021-12-21 10:23:22.945root 11241100x8000000000000000338223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae51a956cadaa7282021-12-21 10:23:22.945root 11241100x8000000000000000338224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdfbbfa18ae979782021-12-21 10:23:22.945root 11241100x8000000000000000338225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67dfb56a28ea3cd02021-12-21 10:23:22.945root 11241100x8000000000000000338226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0354a0505f7d5cbe2021-12-21 10:23:22.945root 11241100x8000000000000000338227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a7215305bfbd922021-12-21 10:23:22.945root 11241100x8000000000000000338228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc1588de0e03dad2021-12-21 10:23:22.946root 11241100x8000000000000000338229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870c2e20877655ee2021-12-21 10:23:22.946root 11241100x8000000000000000338230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d65d9e8d1eb4a132021-12-21 10:23:22.946root 11241100x8000000000000000338231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5d53ab270acf0c2021-12-21 10:23:22.946root 11241100x8000000000000000338232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d3aa4b21e6cf292021-12-21 10:23:22.947root 11241100x8000000000000000338233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025dd45edfefdb482021-12-21 10:23:22.947root 11241100x8000000000000000338234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33b60f24ec82aaae2021-12-21 10:23:22.947root 11241100x8000000000000000338235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc09d2e8b4e2000d2021-12-21 10:23:22.947root 11241100x8000000000000000338236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9485b23621fcc3062021-12-21 10:23:22.947root 11241100x8000000000000000338237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb1b678a40eb3a92021-12-21 10:23:22.947root 11241100x8000000000000000338238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885c8e34cb66818b2021-12-21 10:23:22.947root 11241100x8000000000000000338239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14daf0f4e326d5792021-12-21 10:23:22.948root 11241100x8000000000000000338240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ccc20cce8cbbce82021-12-21 10:23:22.948root 11241100x8000000000000000338241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca186d8ebdf5d522021-12-21 10:23:22.948root 11241100x8000000000000000338242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247222f90cc7ba4f2021-12-21 10:23:22.948root 11241100x8000000000000000338243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab24d5b88a2913a92021-12-21 10:23:22.948root 11241100x8000000000000000338244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ca8cbd1647e1ea2021-12-21 10:23:22.948root 11241100x8000000000000000338245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6f2a13bfb324c92021-12-21 10:23:22.949root 11241100x8000000000000000338246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04db7451f3fcfb1d2021-12-21 10:23:22.949root 11241100x8000000000000000338247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:22.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff18f459c769f28c2021-12-21 10:23:22.949root 354300x8000000000000000338248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.014{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47026-false10.0.1.12-8000- 11241100x8000000000000000338249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d9a0d5bc01d85c2021-12-21 10:23:23.443root 11241100x8000000000000000338250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0dc88466f22dab2021-12-21 10:23:23.443root 11241100x8000000000000000338251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d224465c0b4c5832021-12-21 10:23:23.443root 11241100x8000000000000000338252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62a4254ea5a9f82a2021-12-21 10:23:23.443root 11241100x8000000000000000338253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b77286dc5a328a2021-12-21 10:23:23.444root 11241100x8000000000000000338254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de1fe3d82d61b7f2021-12-21 10:23:23.444root 11241100x8000000000000000338255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b482217fd5e242da2021-12-21 10:23:23.444root 11241100x8000000000000000338256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b85625fd9733cb2021-12-21 10:23:23.444root 11241100x8000000000000000338257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ba15f54f88b0822021-12-21 10:23:23.444root 11241100x8000000000000000338258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4532b27ffcdded92021-12-21 10:23:23.444root 11241100x8000000000000000338259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91f33481805fae92021-12-21 10:23:23.445root 11241100x8000000000000000338260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6611fa4ea8d567e2021-12-21 10:23:23.445root 11241100x8000000000000000338261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c70daffda7dad82021-12-21 10:23:23.445root 11241100x8000000000000000338262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ed7628811a75c22021-12-21 10:23:23.445root 11241100x8000000000000000338263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c33644fd287da82021-12-21 10:23:23.445root 11241100x8000000000000000338264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2ee8760dfc9e4b2021-12-21 10:23:23.445root 11241100x8000000000000000338265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.151dfed79fb1eb422021-12-21 10:23:23.445root 11241100x8000000000000000338266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2bcaf45b86c26fe2021-12-21 10:23:23.446root 11241100x8000000000000000338267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e4ccc490690a032021-12-21 10:23:23.446root 11241100x8000000000000000338268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b013d6069ab45f2021-12-21 10:23:23.449root 11241100x8000000000000000338269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e742252fb958d1c42021-12-21 10:23:23.450root 11241100x8000000000000000338270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211e90a51d925e902021-12-21 10:23:23.450root 11241100x8000000000000000338271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff62a81a9a0e70882021-12-21 10:23:23.450root 11241100x8000000000000000338272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f76b45b2c4d8962021-12-21 10:23:23.450root 11241100x8000000000000000338273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5da41ddb605a262021-12-21 10:23:23.450root 11241100x8000000000000000338274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2dda547a25241a2021-12-21 10:23:23.450root 11241100x8000000000000000338275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0dadca69981d2c72021-12-21 10:23:23.450root 11241100x8000000000000000338276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11bafc46290173f62021-12-21 10:23:23.450root 11241100x8000000000000000338277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5d7112dc7ae75a2021-12-21 10:23:23.451root 11241100x8000000000000000338278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeadeb56e45fba082021-12-21 10:23:23.451root 11241100x8000000000000000338279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29777c5f34203d92021-12-21 10:23:23.451root 11241100x8000000000000000338280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0b1cc3670612ff2021-12-21 10:23:23.451root 11241100x8000000000000000338281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a6f501320da36a2021-12-21 10:23:23.451root 11241100x8000000000000000338282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52553c8f05fbd3f2021-12-21 10:23:23.451root 11241100x8000000000000000338283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87b0c167339980f2021-12-21 10:23:23.943root 11241100x8000000000000000338284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a78a0bd09bcec062021-12-21 10:23:23.943root 11241100x8000000000000000338285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7003aad3372fddb22021-12-21 10:23:23.943root 11241100x8000000000000000338286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3da061f032253d62021-12-21 10:23:23.943root 11241100x8000000000000000338287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3f91c29e9999c12021-12-21 10:23:23.943root 11241100x8000000000000000338288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02555c7a88817962021-12-21 10:23:23.943root 11241100x8000000000000000338289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2638e980a844af22021-12-21 10:23:23.944root 11241100x8000000000000000338290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684bb63d917ae1c22021-12-21 10:23:23.944root 11241100x8000000000000000338291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10899e5eb3fd1a6c2021-12-21 10:23:23.944root 11241100x8000000000000000338292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a10d8f0e863144c2021-12-21 10:23:23.944root 11241100x8000000000000000338293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373c2a9431688dd32021-12-21 10:23:23.944root 11241100x8000000000000000338294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1caf5da0b6d0932021-12-21 10:23:23.944root 11241100x8000000000000000338295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5edf396219b9fbf2021-12-21 10:23:23.944root 11241100x8000000000000000338296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026b42594feb4b182021-12-21 10:23:23.945root 11241100x8000000000000000338297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696fc5ae54c834952021-12-21 10:23:23.945root 11241100x8000000000000000338298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc9d50fa08cef122021-12-21 10:23:23.945root 11241100x8000000000000000338299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20207fa04367a142021-12-21 10:23:23.945root 11241100x8000000000000000338300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310fddabf39c78172021-12-21 10:23:23.945root 11241100x8000000000000000338301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d881725a7a2416682021-12-21 10:23:23.945root 11241100x8000000000000000338302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e74a2ae5832243f2021-12-21 10:23:23.945root 11241100x8000000000000000338303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94506596c93aaf2c2021-12-21 10:23:23.946root 11241100x8000000000000000338304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199cd7a2e31207022021-12-21 10:23:23.946root 11241100x8000000000000000338305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8acc06be6e66b4e2021-12-21 10:23:23.946root 11241100x8000000000000000338306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ebbfa93c1475b532021-12-21 10:23:23.946root 11241100x8000000000000000338307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d4562094efe1dc2021-12-21 10:23:23.946root 11241100x8000000000000000338308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4045e248bf44b73a2021-12-21 10:23:23.946root 11241100x8000000000000000338309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2a4dbe25e863d92021-12-21 10:23:23.946root 11241100x8000000000000000338310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae8ae546c0ae3cf2021-12-21 10:23:23.947root 11241100x8000000000000000338311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d271a8628d263c402021-12-21 10:23:23.947root 11241100x8000000000000000338312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b11e75967f331a2021-12-21 10:23:23.947root 11241100x8000000000000000338313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ac11e2ecaf3e782021-12-21 10:23:23.947root 11241100x8000000000000000338314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b5a915592b68192021-12-21 10:23:23.947root 11241100x8000000000000000338315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd93128cbd5f8a42021-12-21 10:23:23.947root 11241100x8000000000000000338316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e1cc608e81ebad2021-12-21 10:23:23.947root 11241100x8000000000000000338317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b806a824d8ce1152021-12-21 10:23:23.948root 11241100x8000000000000000338318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4353e151178c4ee2021-12-21 10:23:23.948root 11241100x8000000000000000338319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ad311809ccfb3c2021-12-21 10:23:23.948root 11241100x8000000000000000338320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd5460d7318ba602021-12-21 10:23:24.443root 11241100x8000000000000000338321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d4e40341ef587702021-12-21 10:23:24.443root 11241100x8000000000000000338322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0346603cfbe732a2021-12-21 10:23:24.444root 11241100x8000000000000000338323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba290618d4a95842021-12-21 10:23:24.444root 11241100x8000000000000000338324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650b602e8a8748122021-12-21 10:23:24.444root 11241100x8000000000000000338325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811c644194101d082021-12-21 10:23:24.444root 11241100x8000000000000000338326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940f00a90153358a2021-12-21 10:23:24.444root 11241100x8000000000000000338327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98bb4ac51ba27792021-12-21 10:23:24.444root 11241100x8000000000000000338328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a49c387488ce412021-12-21 10:23:24.444root 11241100x8000000000000000338329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d4cbcfcf048fdf2021-12-21 10:23:24.444root 11241100x8000000000000000338330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9a2036241e6e792021-12-21 10:23:24.445root 11241100x8000000000000000338331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9be777c3b2904b32021-12-21 10:23:24.445root 11241100x8000000000000000338332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2992232b115c68cc2021-12-21 10:23:24.445root 11241100x8000000000000000338333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc098234ab7120132021-12-21 10:23:24.446root 11241100x8000000000000000338334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4846c8ba6d774cb52021-12-21 10:23:24.446root 11241100x8000000000000000338335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372613f4b7a8c5bc2021-12-21 10:23:24.446root 11241100x8000000000000000338336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5045239460ade7d72021-12-21 10:23:24.446root 11241100x8000000000000000338337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f123c18c2a7515812021-12-21 10:23:24.446root 11241100x8000000000000000338338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06135dcd4c50e872021-12-21 10:23:24.447root 11241100x8000000000000000338339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f3fd25f0f51d712021-12-21 10:23:24.447root 11241100x8000000000000000338340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480192b555af901a2021-12-21 10:23:24.447root 11241100x8000000000000000338341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f4352e13095be32021-12-21 10:23:24.447root 11241100x8000000000000000338342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbbaf27a6042cf52021-12-21 10:23:24.448root 11241100x8000000000000000338343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767d3a11a19059f72021-12-21 10:23:24.448root 11241100x8000000000000000338344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f7dc1537fb06c22021-12-21 10:23:24.448root 11241100x8000000000000000338345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0afb5bb5869a092021-12-21 10:23:24.448root 11241100x8000000000000000338346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da1dbdce02ee5db2021-12-21 10:23:24.448root 11241100x8000000000000000338347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd01570cd504ecb2021-12-21 10:23:24.448root 11241100x8000000000000000338348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66b19a6ee986ed82021-12-21 10:23:24.448root 11241100x8000000000000000338349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd4ffe3b392d00f2021-12-21 10:23:24.448root 11241100x8000000000000000338350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e5fed085db51742021-12-21 10:23:24.449root 11241100x8000000000000000338351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1ba9286142f2ed2021-12-21 10:23:24.943root 11241100x8000000000000000338352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b465f6e385b67b2021-12-21 10:23:24.943root 11241100x8000000000000000338353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b98b46f6138d5c242021-12-21 10:23:24.943root 11241100x8000000000000000338354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9fcbf0c442149b2021-12-21 10:23:24.944root 11241100x8000000000000000338355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dae76b091e25e6b2021-12-21 10:23:24.944root 11241100x8000000000000000338356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e62dfa8759a2cf2021-12-21 10:23:24.944root 11241100x8000000000000000338357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596464c1da94008a2021-12-21 10:23:24.944root 11241100x8000000000000000338358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763320071cc9102c2021-12-21 10:23:24.944root 11241100x8000000000000000338359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ddbd1a0dba9edb32021-12-21 10:23:24.944root 11241100x8000000000000000338360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b454ecefe40ab0362021-12-21 10:23:24.944root 11241100x8000000000000000338361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa52d4d542e0aebc2021-12-21 10:23:24.944root 11241100x8000000000000000338362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517f26794cc6daef2021-12-21 10:23:24.945root 11241100x8000000000000000338363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e885d57fedd36e2021-12-21 10:23:24.945root 11241100x8000000000000000338364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa488ec43988b672021-12-21 10:23:24.945root 11241100x8000000000000000338365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0f10769a4b500e2021-12-21 10:23:24.945root 11241100x8000000000000000338366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5d08a2f4c53b6f2021-12-21 10:23:24.945root 11241100x8000000000000000338367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32969786d8823712021-12-21 10:23:24.945root 11241100x8000000000000000338368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ccfa73c1e1c5e8b2021-12-21 10:23:24.945root 11241100x8000000000000000338369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcfa89afffe4d3c2021-12-21 10:23:24.945root 11241100x8000000000000000338370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca318c856375c9cd2021-12-21 10:23:24.945root 11241100x8000000000000000338371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf3c85d3dacc84e2021-12-21 10:23:24.945root 11241100x8000000000000000338372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c89f3b6a2e426232021-12-21 10:23:24.946root 11241100x8000000000000000338373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1701657181328e2021-12-21 10:23:24.946root 11241100x8000000000000000338374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c21a9646a56c5b2021-12-21 10:23:24.946root 11241100x8000000000000000338375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34cc457b51b9e3bf2021-12-21 10:23:24.946root 11241100x8000000000000000338376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9560c11c9d4e1b2021-12-21 10:23:24.946root 11241100x8000000000000000338377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2dd03ee226ea0672021-12-21 10:23:24.946root 11241100x8000000000000000338378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969153d1a0c0176b2021-12-21 10:23:24.946root 11241100x8000000000000000338379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e350c0c47e96202021-12-21 10:23:24.946root 11241100x8000000000000000338380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cbe55542af34012021-12-21 10:23:24.947root 11241100x8000000000000000338381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb16be95b13220e2021-12-21 10:23:24.947root 11241100x8000000000000000338382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83460f95b02531372021-12-21 10:23:24.947root 11241100x8000000000000000338383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe7dbb82528226f2021-12-21 10:23:24.947root 11241100x8000000000000000338384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8886ce214866c6582021-12-21 10:23:24.948root 11241100x8000000000000000338385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c3bf394cda9d132021-12-21 10:23:24.948root 354300x8000000000000000338386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.081{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-34092-false10.0.1.12-8089- 11241100x8000000000000000338387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41a1b77aec201cc2021-12-21 10:23:25.443root 11241100x8000000000000000338388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930d0c81d1b38a572021-12-21 10:23:25.443root 11241100x8000000000000000338389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c488f2d2f72d213d2021-12-21 10:23:25.444root 11241100x8000000000000000338390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f72ab819b57d8862021-12-21 10:23:25.444root 11241100x8000000000000000338391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6cc200b0d57e022021-12-21 10:23:25.444root 11241100x8000000000000000338392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2a1b19e91a58ff2021-12-21 10:23:25.444root 11241100x8000000000000000338393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f918ffc14b398e9b2021-12-21 10:23:25.444root 11241100x8000000000000000338394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e623ffce54344b82021-12-21 10:23:25.444root 11241100x8000000000000000338395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0346d3fdb586b82021-12-21 10:23:25.444root 11241100x8000000000000000338396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed337b4303460902021-12-21 10:23:25.445root 11241100x8000000000000000338397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d5300f8170be072021-12-21 10:23:25.445root 11241100x8000000000000000338398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2c2da6854e15c32021-12-21 10:23:25.445root 11241100x8000000000000000338399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49aeaf0cd10394622021-12-21 10:23:25.445root 11241100x8000000000000000338400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18d38c7ce4c5e992021-12-21 10:23:25.445root 11241100x8000000000000000338401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f0f5154b880196a2021-12-21 10:23:25.446root 11241100x8000000000000000338402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103cd24190bdb17d2021-12-21 10:23:25.446root 11241100x8000000000000000338403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af87056d95bb005c2021-12-21 10:23:25.446root 11241100x8000000000000000338404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff9c83fc50662492021-12-21 10:23:25.446root 11241100x8000000000000000338405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a320ee795432f72021-12-21 10:23:25.446root 11241100x8000000000000000338406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4419213a8bab5e5c2021-12-21 10:23:25.447root 11241100x8000000000000000338407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6af70072d5cd9272021-12-21 10:23:25.447root 11241100x8000000000000000338408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6180bea44fa2a532021-12-21 10:23:25.447root 11241100x8000000000000000338409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2bd094527cd76e32021-12-21 10:23:25.447root 11241100x8000000000000000338410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365b5e673e1d24042021-12-21 10:23:25.448root 11241100x8000000000000000338411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39dbe76866d0b662021-12-21 10:23:25.448root 11241100x8000000000000000338412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18d60981a58d1ab2021-12-21 10:23:25.448root 11241100x8000000000000000338413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc92e327aa9cb3b2021-12-21 10:23:25.448root 11241100x8000000000000000338414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7dde09df073ff212021-12-21 10:23:25.449root 11241100x8000000000000000338415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d07dd2050df653c2021-12-21 10:23:25.449root 11241100x8000000000000000338416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cefcb6f43e167a7e2021-12-21 10:23:25.449root 11241100x8000000000000000338417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f533914b39b2c5e62021-12-21 10:23:25.449root 11241100x8000000000000000338418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd6f2ec83e4165e2021-12-21 10:23:25.449root 11241100x8000000000000000338419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd60f303e8f10ea2021-12-21 10:23:25.449root 11241100x8000000000000000338420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa12a68bb01f7512021-12-21 10:23:25.449root 11241100x8000000000000000338421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ddc5fdf7f2be6a2021-12-21 10:23:25.450root 11241100x8000000000000000338422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2badf03da2743f972021-12-21 10:23:25.450root 11241100x8000000000000000338423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29d9c031b3257572021-12-21 10:23:25.943root 11241100x8000000000000000338424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f15a71281f4e84b2021-12-21 10:23:25.943root 11241100x8000000000000000338425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f59f7f529230292021-12-21 10:23:25.943root 11241100x8000000000000000338426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f905dbba0b14772021-12-21 10:23:25.943root 11241100x8000000000000000338427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8221ad67703837b32021-12-21 10:23:25.943root 11241100x8000000000000000338428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadaca7ab25598682021-12-21 10:23:25.943root 11241100x8000000000000000338429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3c8045063d1b422021-12-21 10:23:25.944root 11241100x8000000000000000338430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d03af9ab6e8dc342021-12-21 10:23:25.944root 11241100x8000000000000000338431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb52b59d697b4fd72021-12-21 10:23:25.944root 11241100x8000000000000000338432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c1aedc7cf4ce0a2021-12-21 10:23:25.945root 11241100x8000000000000000338433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9aac146d5c69f132021-12-21 10:23:25.945root 11241100x8000000000000000338434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b7c40430f2f7eb2021-12-21 10:23:25.945root 11241100x8000000000000000338435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ff4d1f07158b052021-12-21 10:23:25.945root 11241100x8000000000000000338436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b701fdbe3505b22021-12-21 10:23:25.945root 11241100x8000000000000000338437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8d205a245293492021-12-21 10:23:25.946root 11241100x8000000000000000338438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04cea920cbb64a7b2021-12-21 10:23:25.946root 11241100x8000000000000000338439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d20d2c08dc24e702021-12-21 10:23:25.946root 11241100x8000000000000000338440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea28e2ca5e27e2cd2021-12-21 10:23:25.947root 11241100x8000000000000000338441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdf956c0edb203c2021-12-21 10:23:25.947root 11241100x8000000000000000338442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2887245690094a2021-12-21 10:23:25.948root 11241100x8000000000000000338443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdb998fb55a36232021-12-21 10:23:25.948root 11241100x8000000000000000338444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa30a9480e2fc86d2021-12-21 10:23:25.948root 11241100x8000000000000000338445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7c3e6fade110b12021-12-21 10:23:25.949root 11241100x8000000000000000338446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdab000303ce44452021-12-21 10:23:25.949root 11241100x8000000000000000338447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4323f61c540d0a02021-12-21 10:23:25.949root 11241100x8000000000000000338448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf76b3456686d542021-12-21 10:23:25.949root 11241100x8000000000000000338449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52f6e10cff7f2972021-12-21 10:23:25.949root 11241100x8000000000000000338450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca1375f94b419972021-12-21 10:23:25.949root 11241100x8000000000000000338451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d4321a193b73c82021-12-21 10:23:25.950root 11241100x8000000000000000338452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7655ee50f5cbcc522021-12-21 10:23:25.950root 11241100x8000000000000000338453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647114defb0a88882021-12-21 10:23:25.950root 11241100x8000000000000000338454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36eaba3bdd1a7e62021-12-21 10:23:25.950root 11241100x8000000000000000338455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6185de6e09160d972021-12-21 10:23:25.951root 11241100x8000000000000000338456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659d484e2c175ba82021-12-21 10:23:25.951root 11241100x8000000000000000338457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e4b526bc68d5692021-12-21 10:23:25.951root 11241100x8000000000000000338458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d80a8c8ee27b3792021-12-21 10:23:25.951root 11241100x8000000000000000338459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755e226caa7d312e2021-12-21 10:23:25.951root 11241100x8000000000000000338460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c4c0d1b00dd25a2021-12-21 10:23:25.952root 11241100x8000000000000000338461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50656e07caf7d34f2021-12-21 10:23:25.952root 11241100x8000000000000000338462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fa5d7a4196eb362021-12-21 10:23:25.952root 11241100x8000000000000000338463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e95cbbcc83932382021-12-21 10:23:25.952root 11241100x8000000000000000338464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:25.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c072d66f07d06a9e2021-12-21 10:23:25.952root 11241100x8000000000000000338465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6193d3d6b56f7e672021-12-21 10:23:26.443root 11241100x8000000000000000338466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1ae38213b7bc7c2021-12-21 10:23:26.443root 11241100x8000000000000000338467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d86de3bb3179c242021-12-21 10:23:26.443root 11241100x8000000000000000338468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c503fe5899513142021-12-21 10:23:26.443root 11241100x8000000000000000338469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e4323ba29305ca2021-12-21 10:23:26.443root 11241100x8000000000000000338470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb97f6cf25f903682021-12-21 10:23:26.443root 11241100x8000000000000000338471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7e7dc720569c852021-12-21 10:23:26.444root 11241100x8000000000000000338472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.880f3a5c42c39dfc2021-12-21 10:23:26.444root 11241100x8000000000000000338473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6587f00c2c729902021-12-21 10:23:26.444root 11241100x8000000000000000338474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9ccc0f228ee9202021-12-21 10:23:26.444root 11241100x8000000000000000338475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9959c90b8fb255a12021-12-21 10:23:26.444root 11241100x8000000000000000338476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db18806336d88ffa2021-12-21 10:23:26.444root 11241100x8000000000000000338477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67cb2bd800af2042021-12-21 10:23:26.444root 11241100x8000000000000000338478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59a43bddfc3e146b2021-12-21 10:23:26.444root 11241100x8000000000000000338479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7cd0dc4dec37a042021-12-21 10:23:26.445root 11241100x8000000000000000338480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7562a1c72911c32021-12-21 10:23:26.445root 11241100x8000000000000000338481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d92e54ccf6a5f6c2021-12-21 10:23:26.445root 11241100x8000000000000000338482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2d6f87d31c162a2021-12-21 10:23:26.445root 11241100x8000000000000000338483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5439388da462f4012021-12-21 10:23:26.446root 11241100x8000000000000000338484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1850ca76bd528a2021-12-21 10:23:26.446root 11241100x8000000000000000338485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4610ccfe9c78d92021-12-21 10:23:26.446root 11241100x8000000000000000338486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a143a4f4a470a12021-12-21 10:23:26.446root 11241100x8000000000000000338487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ce7ec70837c6fa2021-12-21 10:23:26.446root 11241100x8000000000000000338488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c817a5696cef635f2021-12-21 10:23:26.447root 11241100x8000000000000000338489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596e1bb456f5eb862021-12-21 10:23:26.447root 11241100x8000000000000000338490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eaa26145e852fd42021-12-21 10:23:26.447root 11241100x8000000000000000338491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792c4553920a844b2021-12-21 10:23:26.447root 11241100x8000000000000000338492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1204af4614521f032021-12-21 10:23:26.447root 11241100x8000000000000000338493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d7771cf46d677a2021-12-21 10:23:26.447root 11241100x8000000000000000338494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894f7ac2bcf9145b2021-12-21 10:23:26.447root 11241100x8000000000000000338495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501a463bca6856442021-12-21 10:23:26.447root 11241100x8000000000000000338496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f191caef158f350a2021-12-21 10:23:26.448root 11241100x8000000000000000338497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96bac22a0cc8b5352021-12-21 10:23:26.448root 11241100x8000000000000000338498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2078223f04aab3fd2021-12-21 10:23:26.448root 11241100x8000000000000000338499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d5beb0c07b0c2d2021-12-21 10:23:26.448root 11241100x8000000000000000338500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5766e350f4c0f2f2021-12-21 10:23:26.448root 11241100x8000000000000000338501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493288d296c355fd2021-12-21 10:23:26.448root 11241100x8000000000000000338502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a066aa832bdc4212021-12-21 10:23:26.448root 11241100x8000000000000000338503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10525e3158af873e2021-12-21 10:23:26.448root 11241100x8000000000000000338504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a64836a44343322021-12-21 10:23:26.449root 11241100x8000000000000000338505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109f28eadfaee33d2021-12-21 10:23:26.449root 11241100x8000000000000000338506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c45eff82bc93ce52021-12-21 10:23:26.449root 11241100x8000000000000000338507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1451938a6c804ce2021-12-21 10:23:26.449root 11241100x8000000000000000338508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.838fa25896f151182021-12-21 10:23:26.449root 11241100x8000000000000000338509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513ddd23ab52058e2021-12-21 10:23:26.449root 11241100x8000000000000000338510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f93d118c0df2d62021-12-21 10:23:26.449root 11241100x8000000000000000338511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259919a8a8e97f1c2021-12-21 10:23:26.943root 11241100x8000000000000000338512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86578d63143910102021-12-21 10:23:26.943root 11241100x8000000000000000338513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73396a66c16126a2021-12-21 10:23:26.943root 11241100x8000000000000000338514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f794d9db7e0b7162021-12-21 10:23:26.943root 11241100x8000000000000000338515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331a5c577d12bbd02021-12-21 10:23:26.943root 11241100x8000000000000000338516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3d8486202fb6132021-12-21 10:23:26.943root 11241100x8000000000000000338517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78319f0bbc9eb12d2021-12-21 10:23:26.944root 11241100x8000000000000000338518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfb5aee7179a1422021-12-21 10:23:26.944root 11241100x8000000000000000338519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37a50cc4d9e94932021-12-21 10:23:26.944root 11241100x8000000000000000338520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c29b078864583582021-12-21 10:23:26.944root 11241100x8000000000000000338521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584493ef08a320202021-12-21 10:23:26.944root 11241100x8000000000000000338522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799d20be5118c5c42021-12-21 10:23:26.944root 11241100x8000000000000000338523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695f4e559de48ede2021-12-21 10:23:26.944root 11241100x8000000000000000338524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885acd8535122b342021-12-21 10:23:26.944root 11241100x8000000000000000338525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1beded0bb83bb2832021-12-21 10:23:26.944root 11241100x8000000000000000338526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24673f7a75506b3c2021-12-21 10:23:26.944root 11241100x8000000000000000338527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5ff218fbf557b72021-12-21 10:23:26.945root 11241100x8000000000000000338528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d226581115190c92021-12-21 10:23:26.945root 11241100x8000000000000000338529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8828f7786d2247992021-12-21 10:23:26.945root 11241100x8000000000000000338530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bcdce5e2c54ee82021-12-21 10:23:26.945root 11241100x8000000000000000338531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63e76e72db7e3b92021-12-21 10:23:26.945root 11241100x8000000000000000338532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9286112d85c24f2021-12-21 10:23:26.945root 11241100x8000000000000000338533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d742319820612dd2021-12-21 10:23:26.945root 11241100x8000000000000000338534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15719c1b3f3c0a22021-12-21 10:23:26.946root 11241100x8000000000000000338535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fefcd01e8478733d2021-12-21 10:23:26.946root 11241100x8000000000000000338536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90922d4dc27578292021-12-21 10:23:26.946root 11241100x8000000000000000338537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f5a03dd9b6facc2021-12-21 10:23:26.946root 11241100x8000000000000000338538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96aca36541a9e8252021-12-21 10:23:26.947root 11241100x8000000000000000338539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2415150e7a39a372021-12-21 10:23:26.947root 11241100x8000000000000000338540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329848b767f759ce2021-12-21 10:23:26.947root 11241100x8000000000000000338541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb611fea72728122021-12-21 10:23:26.947root 11241100x8000000000000000338542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7dc64a5caf6d3f2021-12-21 10:23:26.948root 11241100x8000000000000000338543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95e19da278bc5ca2021-12-21 10:23:26.948root 11241100x8000000000000000338544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b12404649c9f5892021-12-21 10:23:26.948root 11241100x8000000000000000338545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8a961ed3ec3ba02021-12-21 10:23:26.949root 11241100x8000000000000000338546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442d9742eb17365e2021-12-21 10:23:26.949root 11241100x8000000000000000338547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0056a2ba290224f62021-12-21 10:23:26.949root 11241100x8000000000000000338548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86d931b84dfcb742021-12-21 10:23:26.950root 11241100x8000000000000000338549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b485a2d95e33b9eb2021-12-21 10:23:26.950root 11241100x8000000000000000338550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3a5e4f86b124d82021-12-21 10:23:26.950root 11241100x8000000000000000338551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24156f9b31305d82021-12-21 10:23:26.950root 11241100x8000000000000000338552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0857f2b71a4cf312021-12-21 10:23:26.950root 11241100x8000000000000000338553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416d3568cef1238d2021-12-21 10:23:26.950root 11241100x8000000000000000338554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9d2e9137ac11472021-12-21 10:23:26.950root 11241100x8000000000000000338555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2103080ad4a06722021-12-21 10:23:26.951root 11241100x8000000000000000338556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9835296bb2e61c2021-12-21 10:23:26.951root 11241100x8000000000000000338557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94721e5e0f7bc30c2021-12-21 10:23:26.951root 11241100x8000000000000000338558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9825603410e914b2021-12-21 10:23:26.951root 11241100x8000000000000000338559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1370620733f7d5182021-12-21 10:23:26.951root 11241100x8000000000000000338560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51bf7798e2ec76c2021-12-21 10:23:26.951root 11241100x8000000000000000338561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9dbcf38d896c0502021-12-21 10:23:26.951root 11241100x8000000000000000338562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2157bcfa97b011a2021-12-21 10:23:26.951root 11241100x8000000000000000338563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:26.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a60fa4f68028a52021-12-21 10:23:26.952root 11241100x8000000000000000338564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e1c15b3fd5eded2021-12-21 10:23:27.443root 11241100x8000000000000000338565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1beba5f2704d2b2021-12-21 10:23:27.443root 11241100x8000000000000000338566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec6789f9a0eadac2021-12-21 10:23:27.443root 11241100x8000000000000000338567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce98a85af0143bba2021-12-21 10:23:27.443root 11241100x8000000000000000338568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e9fc65291d7eeb2021-12-21 10:23:27.443root 11241100x8000000000000000338569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835c4b105a690df02021-12-21 10:23:27.443root 11241100x8000000000000000338570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1509756e36205a142021-12-21 10:23:27.444root 11241100x8000000000000000338571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa4d5718168d1dc2021-12-21 10:23:27.444root 11241100x8000000000000000338572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec877e5fa3bff702021-12-21 10:23:27.444root 11241100x8000000000000000338573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0616e4ee75221e952021-12-21 10:23:27.444root 11241100x8000000000000000338574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4bb72a6cf6c7552021-12-21 10:23:27.444root 11241100x8000000000000000338575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30caf178040294d92021-12-21 10:23:27.444root 11241100x8000000000000000338576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0316ddc8a927392021-12-21 10:23:27.444root 11241100x8000000000000000338577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d982f828197fa42021-12-21 10:23:27.444root 11241100x8000000000000000338578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9b081f0ee751382021-12-21 10:23:27.444root 11241100x8000000000000000338579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46be35d67bbf90332021-12-21 10:23:27.445root 11241100x8000000000000000338580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb16f5f65f8e8072021-12-21 10:23:27.445root 11241100x8000000000000000338581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2ffd506eccd34e2021-12-21 10:23:27.445root 11241100x8000000000000000338582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209e07d497271f3d2021-12-21 10:23:27.445root 11241100x8000000000000000338583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f062d9dfb5e9012021-12-21 10:23:27.445root 11241100x8000000000000000338584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892c47965498e5992021-12-21 10:23:27.445root 11241100x8000000000000000338585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89bb23d84854263d2021-12-21 10:23:27.445root 11241100x8000000000000000338586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb72ebe4b181dfe12021-12-21 10:23:27.445root 11241100x8000000000000000338587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a96be7eba4f9a192021-12-21 10:23:27.445root 11241100x8000000000000000338588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f16be55b797bbe2021-12-21 10:23:27.446root 11241100x8000000000000000338589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a5e3a8359c5ccc2021-12-21 10:23:27.446root 11241100x8000000000000000338590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8235732eee0092b02021-12-21 10:23:27.446root 11241100x8000000000000000338591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342fd982fc481d052021-12-21 10:23:27.446root 11241100x8000000000000000338592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64c2cc41f7ce80d2021-12-21 10:23:27.446root 11241100x8000000000000000338593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d00557bb6330812021-12-21 10:23:27.446root 11241100x8000000000000000338594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe0abb99bc0c4192021-12-21 10:23:27.446root 11241100x8000000000000000338595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce3700ddaf7c60b2021-12-21 10:23:27.446root 11241100x8000000000000000338596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07fd34e5a86d11d2021-12-21 10:23:27.446root 11241100x8000000000000000338597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38bd3263aae1db62021-12-21 10:23:27.446root 11241100x8000000000000000338598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eebf98b46a70e052021-12-21 10:23:27.446root 11241100x8000000000000000338599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36fd1000d3f8a082021-12-21 10:23:27.447root 11241100x8000000000000000338600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a008435920c737292021-12-21 10:23:27.447root 11241100x8000000000000000338601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9555cb19780e20e52021-12-21 10:23:27.447root 11241100x8000000000000000338602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd40230ee9ef87f2021-12-21 10:23:27.448root 11241100x8000000000000000338603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ba23591626b2ed2021-12-21 10:23:27.448root 11241100x8000000000000000338604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbcaa96779a219d42021-12-21 10:23:27.448root 11241100x8000000000000000338605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1821be4220ffceb02021-12-21 10:23:27.448root 11241100x8000000000000000338606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341569cd5e3806f72021-12-21 10:23:27.448root 11241100x8000000000000000338607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef54919b1d803762021-12-21 10:23:27.448root 11241100x8000000000000000338608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39019141340f00172021-12-21 10:23:27.449root 11241100x8000000000000000338609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ae7712ab8fb5ad2021-12-21 10:23:27.449root 11241100x8000000000000000338610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c14ef077f45df92021-12-21 10:23:27.943root 11241100x8000000000000000338611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a27c85bc09b18132021-12-21 10:23:27.943root 11241100x8000000000000000338612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9917a06d765d8e02021-12-21 10:23:27.943root 11241100x8000000000000000338613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e626473524ef39c02021-12-21 10:23:27.943root 11241100x8000000000000000338614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97adf7f9998ae2332021-12-21 10:23:27.943root 11241100x8000000000000000338615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461fae5f804475bb2021-12-21 10:23:27.944root 11241100x8000000000000000338616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ddcabcb28140e0c2021-12-21 10:23:27.944root 11241100x8000000000000000338617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022fe8740f33f5cf2021-12-21 10:23:27.944root 11241100x8000000000000000338618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa823e029929b132021-12-21 10:23:27.944root 11241100x8000000000000000338619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130968fff687dd562021-12-21 10:23:27.944root 11241100x8000000000000000338620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff0d2c8f4afdb5d2021-12-21 10:23:27.944root 11241100x8000000000000000338621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920c2d773d6369e52021-12-21 10:23:27.944root 11241100x8000000000000000338622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf60fcc4a4c8b6482021-12-21 10:23:27.944root 11241100x8000000000000000338623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5dfcbf5a501b1712021-12-21 10:23:27.944root 11241100x8000000000000000338624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6459aeae8c69c92021-12-21 10:23:27.944root 11241100x8000000000000000338625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6295ebc86a3cbc842021-12-21 10:23:27.945root 11241100x8000000000000000338626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1edadfd0ac5856662021-12-21 10:23:27.945root 11241100x8000000000000000338627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b2efa73191131c2021-12-21 10:23:27.945root 11241100x8000000000000000338628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899ee57fd81511642021-12-21 10:23:27.945root 11241100x8000000000000000338629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cca94588b16d2c9b2021-12-21 10:23:27.945root 11241100x8000000000000000338630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616c61e3334d915f2021-12-21 10:23:27.945root 11241100x8000000000000000338631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c368c604e9a4252021-12-21 10:23:27.945root 11241100x8000000000000000338632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde5230904f99e542021-12-21 10:23:27.945root 11241100x8000000000000000338633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43dc5552ac8a07e12021-12-21 10:23:27.945root 11241100x8000000000000000338634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12bdc65bebf465f2021-12-21 10:23:27.945root 11241100x8000000000000000338635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c2886debfefe692021-12-21 10:23:27.945root 11241100x8000000000000000338636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31155ab23dc9bf8b2021-12-21 10:23:27.945root 11241100x8000000000000000338637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db9184637f6ffba02021-12-21 10:23:27.946root 11241100x8000000000000000338638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df342f10c2635382021-12-21 10:23:27.946root 11241100x8000000000000000338639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ecfb9fc6883eca2021-12-21 10:23:27.946root 11241100x8000000000000000338640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba581b80e9f680122021-12-21 10:23:27.946root 11241100x8000000000000000338641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21f2821b977fab42021-12-21 10:23:27.946root 11241100x8000000000000000338642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316684535629b8582021-12-21 10:23:27.946root 11241100x8000000000000000338643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b169daf30fb9232021-12-21 10:23:27.946root 11241100x8000000000000000338644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119d0d95b36c402d2021-12-21 10:23:27.946root 11241100x8000000000000000338645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71057a55bb5a769c2021-12-21 10:23:27.946root 11241100x8000000000000000338646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e2529b8b638e252021-12-21 10:23:27.946root 354300x8000000000000000338647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.037{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47030-false10.0.1.12-8000- 11241100x8000000000000000338648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2808d7a483af7f2021-12-21 10:23:28.443root 11241100x8000000000000000338649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72eefad104d92ca42021-12-21 10:23:28.443root 11241100x8000000000000000338650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7688ec51025858732021-12-21 10:23:28.443root 11241100x8000000000000000338651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bceaaa9fcc7cbcbd2021-12-21 10:23:28.443root 11241100x8000000000000000338652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee1863f245435932021-12-21 10:23:28.443root 11241100x8000000000000000338653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17ba43ad95836db2021-12-21 10:23:28.443root 11241100x8000000000000000338654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01d4248c7caf8392021-12-21 10:23:28.444root 11241100x8000000000000000338655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f558b7e16f82d10a2021-12-21 10:23:28.444root 11241100x8000000000000000338656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e94a048cb94d5392021-12-21 10:23:28.444root 11241100x8000000000000000338657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4495e808f750682021-12-21 10:23:28.444root 11241100x8000000000000000338658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1086ae90f2d11422021-12-21 10:23:28.444root 11241100x8000000000000000338659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303a1e70b17e6d3a2021-12-21 10:23:28.444root 11241100x8000000000000000338660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd9fe729a75df6c2021-12-21 10:23:28.445root 11241100x8000000000000000338661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad9c814734be4d62021-12-21 10:23:28.445root 11241100x8000000000000000338662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8659da2e4ddcb52021-12-21 10:23:28.445root 11241100x8000000000000000338663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726d0cc274d6e3e02021-12-21 10:23:28.445root 11241100x8000000000000000338664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8760d56313214d082021-12-21 10:23:28.445root 11241100x8000000000000000338665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23d08c19ce0bcfb2021-12-21 10:23:28.445root 11241100x8000000000000000338666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5c6500c9af82de2021-12-21 10:23:28.445root 11241100x8000000000000000338667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce3f853e27a0fa52021-12-21 10:23:28.446root 11241100x8000000000000000338668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659d08932c1104402021-12-21 10:23:28.446root 11241100x8000000000000000338669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428353a9dd0c8e152021-12-21 10:23:28.446root 11241100x8000000000000000338670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c471f86b9ed682cc2021-12-21 10:23:28.446root 11241100x8000000000000000338671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ebfa0e9c4ba4c62021-12-21 10:23:28.446root 11241100x8000000000000000338672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807e74ccf569d77a2021-12-21 10:23:28.446root 11241100x8000000000000000338673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d98776663deb8ef2021-12-21 10:23:28.446root 11241100x8000000000000000338674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53ee308b33aace62021-12-21 10:23:28.447root 11241100x8000000000000000338675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08151914a1e47be2021-12-21 10:23:28.447root 11241100x8000000000000000338676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0edadc85f43b4e2021-12-21 10:23:28.447root 11241100x8000000000000000338677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848b4f5ff709f2bf2021-12-21 10:23:28.447root 11241100x8000000000000000338678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcedd8763ec0e2a2021-12-21 10:23:28.447root 11241100x8000000000000000338679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62862eedcc8b56932021-12-21 10:23:28.448root 11241100x8000000000000000338680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02481078bb5d6082021-12-21 10:23:28.448root 11241100x8000000000000000338681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f862ba8b751d9dc12021-12-21 10:23:28.448root 11241100x8000000000000000338682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400188691c1aca912021-12-21 10:23:28.448root 11241100x8000000000000000338683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e842b4cee74ca12021-12-21 10:23:28.449root 11241100x8000000000000000338684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cd5fbe73829a16c2021-12-21 10:23:28.449root 11241100x8000000000000000338685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c18ed705a268452021-12-21 10:23:28.449root 11241100x8000000000000000338686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774734d30ca2758b2021-12-21 10:23:28.449root 11241100x8000000000000000338687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057a12416e2786612021-12-21 10:23:28.449root 11241100x8000000000000000338688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d5a45b48a388312021-12-21 10:23:28.450root 11241100x8000000000000000338689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a638feb0da83b24c2021-12-21 10:23:28.450root 11241100x8000000000000000338690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347078adc85f22a02021-12-21 10:23:28.943root 11241100x8000000000000000338691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36eff0b4686239512021-12-21 10:23:28.943root 11241100x8000000000000000338692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a797b34b33648e2021-12-21 10:23:28.943root 11241100x8000000000000000338693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc5c7c5bf41f0602021-12-21 10:23:28.943root 11241100x8000000000000000338694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e07fe0336f7440d2021-12-21 10:23:28.944root 11241100x8000000000000000338695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78488af851d1bd422021-12-21 10:23:28.944root 11241100x8000000000000000338696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eaf3d031e795ed22021-12-21 10:23:28.944root 11241100x8000000000000000338697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908a499ea7b52ced2021-12-21 10:23:28.944root 11241100x8000000000000000338698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8585e10a627f892021-12-21 10:23:28.945root 11241100x8000000000000000338699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84400127c0f4d6c2021-12-21 10:23:28.945root 11241100x8000000000000000338700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46521b183467d02c2021-12-21 10:23:28.945root 11241100x8000000000000000338701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846f76573631df1d2021-12-21 10:23:28.945root 11241100x8000000000000000338702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b0ac5b69f30e742021-12-21 10:23:28.945root 11241100x8000000000000000338703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c99d1bef553e6682021-12-21 10:23:28.945root 11241100x8000000000000000338704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2327dd2a89a358db2021-12-21 10:23:28.945root 11241100x8000000000000000338705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbcc07eb33d2acb2021-12-21 10:23:28.946root 11241100x8000000000000000338706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472a920b6b389ca82021-12-21 10:23:28.946root 11241100x8000000000000000338707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84f512487fc7a852021-12-21 10:23:28.946root 11241100x8000000000000000338708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83545e52dd943002021-12-21 10:23:28.947root 11241100x8000000000000000338709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c765afe65c4f442021-12-21 10:23:28.947root 11241100x8000000000000000338710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19fa33b935c9cee42021-12-21 10:23:28.947root 11241100x8000000000000000338711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44808a30b4a23b432021-12-21 10:23:28.948root 11241100x8000000000000000338712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0261e1b79fac0f482021-12-21 10:23:28.948root 11241100x8000000000000000338713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09cca72573a36ce42021-12-21 10:23:28.948root 11241100x8000000000000000338714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5308e399bc29b22021-12-21 10:23:28.948root 11241100x8000000000000000338715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16802451b65255d2021-12-21 10:23:28.948root 11241100x8000000000000000338716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35eb2a488ea607ee2021-12-21 10:23:28.948root 11241100x8000000000000000338717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d643e9f3a2ae09d2021-12-21 10:23:28.948root 11241100x8000000000000000338718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f86096237903682021-12-21 10:23:28.948root 11241100x8000000000000000338719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456db5de25ce9c432021-12-21 10:23:28.949root 11241100x8000000000000000338720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2dc9ce18db830b2021-12-21 10:23:28.949root 11241100x8000000000000000338721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995568dec227631c2021-12-21 10:23:28.949root 11241100x8000000000000000338722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4ee89698d22ab42021-12-21 10:23:28.950root 11241100x8000000000000000338723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0572c080f44944a22021-12-21 10:23:28.950root 11241100x8000000000000000338724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b9bf86194030012021-12-21 10:23:28.950root 11241100x8000000000000000338725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8d397dd42b6c5c2021-12-21 10:23:28.950root 11241100x8000000000000000338726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b16f96eca282d3b2021-12-21 10:23:28.950root 11241100x8000000000000000338727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2090b0e62f0e0fd2021-12-21 10:23:28.950root 11241100x8000000000000000338728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:28.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457e321b58b5ad422021-12-21 10:23:28.951root 11241100x8000000000000000338729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0754037914c728ca2021-12-21 10:23:29.443root 11241100x8000000000000000338730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a03dee2537a20842021-12-21 10:23:29.443root 11241100x8000000000000000338731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0b8b336c7eb9302021-12-21 10:23:29.444root 11241100x8000000000000000338732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242f571d128628262021-12-21 10:23:29.444root 11241100x8000000000000000338733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35ffca0a23e9d8d2021-12-21 10:23:29.444root 11241100x8000000000000000338734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ce9179f89967522021-12-21 10:23:29.444root 11241100x8000000000000000338735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b44c0762e41b1c32021-12-21 10:23:29.444root 11241100x8000000000000000338736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57339b1417985bd62021-12-21 10:23:29.444root 11241100x8000000000000000338737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f06dd603f38d8b2021-12-21 10:23:29.444root 11241100x8000000000000000338738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec68cb23734ad9b42021-12-21 10:23:29.444root 11241100x8000000000000000338739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778fe8c707084cd42021-12-21 10:23:29.444root 11241100x8000000000000000338740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35f2c14f4913d432021-12-21 10:23:29.444root 11241100x8000000000000000338741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6460b889ff64af62021-12-21 10:23:29.444root 11241100x8000000000000000338742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5396fb22b7c173f22021-12-21 10:23:29.444root 11241100x8000000000000000338743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c32faa460ea23562021-12-21 10:23:29.445root 11241100x8000000000000000338744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f4c955e097d6342021-12-21 10:23:29.445root 11241100x8000000000000000338745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0c98daf793e0cd2021-12-21 10:23:29.445root 11241100x8000000000000000338746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51838e1a314042bb2021-12-21 10:23:29.445root 11241100x8000000000000000338747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47d0e3e06980e5e2021-12-21 10:23:29.445root 11241100x8000000000000000338748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42abea17392db6782021-12-21 10:23:29.446root 11241100x8000000000000000338749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85548c4d48b908642021-12-21 10:23:29.446root 11241100x8000000000000000338750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f0820bbfca18262021-12-21 10:23:29.446root 11241100x8000000000000000338751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ae716488bcf87e2021-12-21 10:23:29.446root 11241100x8000000000000000338752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ab5a8562b881662021-12-21 10:23:29.446root 11241100x8000000000000000338753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39648e606a648a02021-12-21 10:23:29.447root 11241100x8000000000000000338754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22f89e6bf0f464b2021-12-21 10:23:29.447root 11241100x8000000000000000338755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431161d2b9b497812021-12-21 10:23:29.447root 11241100x8000000000000000338756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1715af1c76016ed12021-12-21 10:23:29.447root 11241100x8000000000000000338757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e91d01fa4138722021-12-21 10:23:29.447root 11241100x8000000000000000338758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14c5b05044694ed2021-12-21 10:23:29.447root 11241100x8000000000000000338759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b711457650270b2021-12-21 10:23:29.447root 11241100x8000000000000000338760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60a959e4ca437132021-12-21 10:23:29.447root 11241100x8000000000000000338761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9d19942025ea9b2021-12-21 10:23:29.448root 11241100x8000000000000000338762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427650527d91ab482021-12-21 10:23:29.942root 11241100x8000000000000000338763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae2ce3a1ccbb91f2021-12-21 10:23:29.943root 11241100x8000000000000000338764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22060442f5ceaf1f2021-12-21 10:23:29.943root 11241100x8000000000000000338765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c5940c224fc07a2021-12-21 10:23:29.944root 11241100x8000000000000000338766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4395233f5f86b6a72021-12-21 10:23:29.944root 11241100x8000000000000000338767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e655691d32e23ee82021-12-21 10:23:29.944root 11241100x8000000000000000338768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63ff70402ee18412021-12-21 10:23:29.944root 11241100x8000000000000000338769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa9238b8bfa6e232021-12-21 10:23:29.944root 11241100x8000000000000000338770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d751a95a6d5520242021-12-21 10:23:29.944root 11241100x8000000000000000338771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c442702722ea4d7f2021-12-21 10:23:29.945root 11241100x8000000000000000338772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe89721a5622be2d2021-12-21 10:23:29.945root 11241100x8000000000000000338773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e56afb8f3be66892021-12-21 10:23:29.945root 11241100x8000000000000000338774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4387d03fb85a5d6b2021-12-21 10:23:29.945root 11241100x8000000000000000338775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57134106c74d46562021-12-21 10:23:29.945root 11241100x8000000000000000338776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397dbfcf6551e1572021-12-21 10:23:29.945root 11241100x8000000000000000338777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7221dbb9094e3d2021-12-21 10:23:29.945root 11241100x8000000000000000338778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60caa3d6cfbad092021-12-21 10:23:29.945root 11241100x8000000000000000338779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6828a154e996d832021-12-21 10:23:29.945root 11241100x8000000000000000338780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f553a0b1e079de262021-12-21 10:23:29.946root 11241100x8000000000000000338781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e875f58f21177d2021-12-21 10:23:29.946root 11241100x8000000000000000338782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6850203fe4c689522021-12-21 10:23:29.946root 11241100x8000000000000000338783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb873a161fc287d2021-12-21 10:23:29.946root 11241100x8000000000000000338784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07ff9f559eb9d732021-12-21 10:23:29.946root 11241100x8000000000000000338785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21ec36b80b76ad52021-12-21 10:23:29.946root 11241100x8000000000000000338786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b555572ece7548f2021-12-21 10:23:29.946root 11241100x8000000000000000338787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc48ad7e0310b25a2021-12-21 10:23:29.946root 11241100x8000000000000000338788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8146a0ce3f2f752c2021-12-21 10:23:29.946root 11241100x8000000000000000338789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a6cc649699ebbd2021-12-21 10:23:29.946root 11241100x8000000000000000338790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe750cc6691bb102021-12-21 10:23:29.947root 11241100x8000000000000000338791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d27a48c8ab4c99a2021-12-21 10:23:29.947root 11241100x8000000000000000338792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549f7e66794141a92021-12-21 10:23:29.947root 11241100x8000000000000000338793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f7e26163b2f68f2021-12-21 10:23:29.947root 11241100x8000000000000000338794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597744f341a8cf3a2021-12-21 10:23:29.947root 11241100x8000000000000000338795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45a6fedda4677862021-12-21 10:23:29.947root 11241100x8000000000000000338796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ef68793b3437c32021-12-21 10:23:29.947root 11241100x8000000000000000338797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4249ab7943bc5c2c2021-12-21 10:23:30.443root 11241100x8000000000000000338798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc22755145b688eb2021-12-21 10:23:30.443root 11241100x8000000000000000338799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4872fa494cc8547c2021-12-21 10:23:30.443root 11241100x8000000000000000338800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c585670a69d347092021-12-21 10:23:30.443root 11241100x8000000000000000338801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3702d8c1696dcde12021-12-21 10:23:30.443root 11241100x8000000000000000338802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07903aeff734b1312021-12-21 10:23:30.443root 11241100x8000000000000000338803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd1085b174a73852021-12-21 10:23:30.443root 11241100x8000000000000000338804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5305bf15bda4cd02021-12-21 10:23:30.443root 11241100x8000000000000000338805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18d9247c8256ca62021-12-21 10:23:30.443root 11241100x8000000000000000338806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74a55062dcf50712021-12-21 10:23:30.444root 11241100x8000000000000000338807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4d5152c6d87e3a2021-12-21 10:23:30.444root 11241100x8000000000000000338808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d3c5df07b966cc2021-12-21 10:23:30.444root 11241100x8000000000000000338809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102f2140c00a6f6c2021-12-21 10:23:30.444root 11241100x8000000000000000338810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892fd11ef7bb93002021-12-21 10:23:30.444root 11241100x8000000000000000338811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61796f41ca25a4fc2021-12-21 10:23:30.444root 11241100x8000000000000000338812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87305ade793c76a02021-12-21 10:23:30.444root 11241100x8000000000000000338813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc79e479ff04b762021-12-21 10:23:30.444root 11241100x8000000000000000338814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c0b71f173850a72021-12-21 10:23:30.444root 11241100x8000000000000000338815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc234320f38af512021-12-21 10:23:30.444root 11241100x8000000000000000338816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957f035233069a292021-12-21 10:23:30.445root 11241100x8000000000000000338817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a2556d538040142021-12-21 10:23:30.445root 11241100x8000000000000000338818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8031835a2f57ba732021-12-21 10:23:30.445root 11241100x8000000000000000338819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da698c29d2dfc44e2021-12-21 10:23:30.445root 11241100x8000000000000000338820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6519744757c76ed52021-12-21 10:23:30.445root 11241100x8000000000000000338821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e0909555b983a42021-12-21 10:23:30.445root 11241100x8000000000000000338822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c431bd349b00e82021-12-21 10:23:30.446root 11241100x8000000000000000338823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d959a37f31098a92021-12-21 10:23:30.446root 11241100x8000000000000000338824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f37a84a115e5c42021-12-21 10:23:30.446root 11241100x8000000000000000338825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e521a271c0344672021-12-21 10:23:30.446root 11241100x8000000000000000338826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7d7dcde1a816ea2021-12-21 10:23:30.446root 11241100x8000000000000000338827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170e7a5ce439eb1b2021-12-21 10:23:30.446root 11241100x8000000000000000338828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a02b5d29724e0a2021-12-21 10:23:30.446root 11241100x8000000000000000338829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174cc26a0157addf2021-12-21 10:23:30.447root 11241100x8000000000000000338830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840bff904795023e2021-12-21 10:23:30.447root 11241100x8000000000000000338831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52db176dc1248332021-12-21 10:23:30.447root 11241100x8000000000000000338832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0b225861dde1712021-12-21 10:23:30.447root 11241100x8000000000000000338833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4991ef43d3b6222021-12-21 10:23:30.447root 11241100x8000000000000000338834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc25cec5d0c591052021-12-21 10:23:30.447root 11241100x8000000000000000338835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1503bb0574cb5d2021-12-21 10:23:30.448root 11241100x8000000000000000338836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7109893842ae1b2021-12-21 10:23:30.448root 11241100x8000000000000000338837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098c78638922d2592021-12-21 10:23:30.943root 11241100x8000000000000000338838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c43dc1dcb07798d2021-12-21 10:23:30.943root 11241100x8000000000000000338839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a9254b28266db02021-12-21 10:23:30.943root 11241100x8000000000000000338840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c57c53f91dcd6a2021-12-21 10:23:30.943root 11241100x8000000000000000338841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ffaac353dccc0692021-12-21 10:23:30.944root 11241100x8000000000000000338842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c583164ce452f0c2021-12-21 10:23:30.944root 11241100x8000000000000000338843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7b8426ff8dc7bb2021-12-21 10:23:30.944root 11241100x8000000000000000338844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3d9710a69d716d2021-12-21 10:23:30.944root 11241100x8000000000000000338845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae1b40b4f1b8e142021-12-21 10:23:30.944root 11241100x8000000000000000338846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34ac4a5ddb598e42021-12-21 10:23:30.944root 11241100x8000000000000000338847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43b3d83aede90612021-12-21 10:23:30.944root 11241100x8000000000000000338848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738aa9f630aed8cd2021-12-21 10:23:30.945root 11241100x8000000000000000338849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c328d989c3311b2021-12-21 10:23:30.945root 11241100x8000000000000000338850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118ae729f116b6172021-12-21 10:23:30.945root 11241100x8000000000000000338851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bfe1f9d8593c98f2021-12-21 10:23:30.945root 11241100x8000000000000000338852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82edff71819675152021-12-21 10:23:30.945root 11241100x8000000000000000338853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db06c934be022fb32021-12-21 10:23:30.945root 11241100x8000000000000000338854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962b85078763fa6c2021-12-21 10:23:30.945root 11241100x8000000000000000338855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3774208b6db2f432021-12-21 10:23:30.945root 11241100x8000000000000000338856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d6a196df4f23542021-12-21 10:23:30.945root 11241100x8000000000000000338857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b048dc0539dba41b2021-12-21 10:23:30.946root 11241100x8000000000000000338858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5bb10aaae4a66282021-12-21 10:23:30.946root 11241100x8000000000000000338859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8af641d56f56ce2021-12-21 10:23:30.946root 11241100x8000000000000000338860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372dc212deec8e772021-12-21 10:23:30.946root 11241100x8000000000000000338861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e96343e81793ba2021-12-21 10:23:30.946root 11241100x8000000000000000338862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1dd70985fb9e3b2021-12-21 10:23:30.946root 11241100x8000000000000000338863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057d0ffd0eedbd892021-12-21 10:23:30.946root 11241100x8000000000000000338864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e6be14d8a9d3832021-12-21 10:23:30.946root 11241100x8000000000000000338865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b806dfada3a91a2021-12-21 10:23:30.946root 11241100x8000000000000000338866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702065ba19548bf02021-12-21 10:23:30.946root 11241100x8000000000000000338867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8d5123b7a55e052021-12-21 10:23:30.946root 11241100x8000000000000000338868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de67005b20567b52021-12-21 10:23:30.947root 11241100x8000000000000000338869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b818f974c70e5b2021-12-21 10:23:30.947root 11241100x8000000000000000338870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ede1cbfa32e95242021-12-21 10:23:30.947root 11241100x8000000000000000338871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28dba08193fe2f542021-12-21 10:23:30.947root 11241100x8000000000000000338872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:30.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b404795cef0619bd2021-12-21 10:23:30.947root 11241100x8000000000000000338873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ec5f96661991942021-12-21 10:23:31.443root 11241100x8000000000000000338874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51fb4d97780789a2021-12-21 10:23:31.443root 11241100x8000000000000000338875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5604d449e520643a2021-12-21 10:23:31.443root 11241100x8000000000000000338876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16149ea0186f1cfb2021-12-21 10:23:31.443root 11241100x8000000000000000338877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ab534cba1c1d972021-12-21 10:23:31.444root 11241100x8000000000000000338878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683e5cb331e351012021-12-21 10:23:31.444root 11241100x8000000000000000338879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e3fe42c15e94152021-12-21 10:23:31.444root 11241100x8000000000000000338880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0312335b0a87c93a2021-12-21 10:23:31.444root 11241100x8000000000000000338881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f4983975e299652021-12-21 10:23:31.444root 11241100x8000000000000000338882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b908863a7f53290e2021-12-21 10:23:31.444root 11241100x8000000000000000338883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f7bd6117ca4c1d2021-12-21 10:23:31.444root 11241100x8000000000000000338884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756942c1f005f99c2021-12-21 10:23:31.444root 11241100x8000000000000000338885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7d84807c4f1bbc2021-12-21 10:23:31.444root 11241100x8000000000000000338886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b708432c99773f92021-12-21 10:23:31.444root 11241100x8000000000000000338887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f872e48ebbe2d32021-12-21 10:23:31.444root 11241100x8000000000000000338888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b602ca38f6cd45eb2021-12-21 10:23:31.444root 11241100x8000000000000000338889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c59804f8d0ef6a2021-12-21 10:23:31.445root 11241100x8000000000000000338890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa29cd50c0a4b392021-12-21 10:23:31.445root 11241100x8000000000000000338891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c37e1b37473cd42021-12-21 10:23:31.445root 11241100x8000000000000000338892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffccdec545d9f53e2021-12-21 10:23:31.445root 11241100x8000000000000000338893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dacbcb035122a142021-12-21 10:23:31.445root 11241100x8000000000000000338894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ab89e2ca92668e2021-12-21 10:23:31.445root 11241100x8000000000000000338895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d570bec8795f84a2021-12-21 10:23:31.445root 11241100x8000000000000000338896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e602eef89f775e2021-12-21 10:23:31.445root 11241100x8000000000000000338897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ba57d1c58cfcd22021-12-21 10:23:31.445root 11241100x8000000000000000338898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879e46804ab91b832021-12-21 10:23:31.446root 11241100x8000000000000000338899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3941f67e29173ca52021-12-21 10:23:31.446root 11241100x8000000000000000338900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18936bea3f11d882021-12-21 10:23:31.446root 11241100x8000000000000000338901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79acb5559da7db42021-12-21 10:23:31.446root 11241100x8000000000000000338902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc21eb86cbe55f32021-12-21 10:23:31.446root 11241100x8000000000000000338903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57169ffe2686c0682021-12-21 10:23:31.446root 11241100x8000000000000000338904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809813447be8fbb22021-12-21 10:23:31.446root 11241100x8000000000000000338905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e912d81f9243e3712021-12-21 10:23:31.447root 11241100x8000000000000000338906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8052cd614debac042021-12-21 10:23:31.447root 11241100x8000000000000000338907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931a78171e9085fa2021-12-21 10:23:31.943root 11241100x8000000000000000338908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde8320d782e9e3a2021-12-21 10:23:31.943root 11241100x8000000000000000338909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e09819fb32f10a2021-12-21 10:23:31.943root 11241100x8000000000000000338910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4106b3eade295c952021-12-21 10:23:31.943root 11241100x8000000000000000338911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781fd0b86a0420b32021-12-21 10:23:31.943root 11241100x8000000000000000338912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc433da76bc2e3ed2021-12-21 10:23:31.943root 11241100x8000000000000000338913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada87affd48af0c12021-12-21 10:23:31.943root 11241100x8000000000000000338914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4e3c6c69f7052c2021-12-21 10:23:31.943root 11241100x8000000000000000338915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e001c4e62708d82021-12-21 10:23:31.943root 11241100x8000000000000000338916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881b4efb52543f532021-12-21 10:23:31.943root 11241100x8000000000000000338917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7475fda496415cf42021-12-21 10:23:31.944root 11241100x8000000000000000338918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d02ccb12fbd6c262021-12-21 10:23:31.944root 11241100x8000000000000000338919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6d709fb1a9ae122021-12-21 10:23:31.944root 11241100x8000000000000000338920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e211685d74d1ea2021-12-21 10:23:31.944root 11241100x8000000000000000338921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de341b01e9a81b42021-12-21 10:23:31.944root 11241100x8000000000000000338922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47e5d206c56f647b2021-12-21 10:23:31.944root 11241100x8000000000000000338923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ce95c1a15cd8372021-12-21 10:23:31.944root 11241100x8000000000000000338924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde4384c69c882452021-12-21 10:23:31.944root 11241100x8000000000000000338925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a0012e22e204042021-12-21 10:23:31.944root 11241100x8000000000000000338926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af476d99c721e55b2021-12-21 10:23:31.945root 11241100x8000000000000000338927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502aecd8887c34852021-12-21 10:23:31.945root 11241100x8000000000000000338928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83881f676bf372172021-12-21 10:23:31.945root 11241100x8000000000000000338929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180a8f156e7c7b202021-12-21 10:23:31.945root 11241100x8000000000000000338930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd469dde17c44942021-12-21 10:23:31.945root 11241100x8000000000000000338931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c0f4a916cd5a962021-12-21 10:23:31.945root 11241100x8000000000000000338932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.428a39d31d3600482021-12-21 10:23:31.945root 11241100x8000000000000000338933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2a366e1fc4e74e2021-12-21 10:23:31.945root 11241100x8000000000000000338934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5c2d0df0ae28d02021-12-21 10:23:31.945root 11241100x8000000000000000338935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac6ebae7e10cf8f2021-12-21 10:23:31.945root 11241100x8000000000000000338936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63885dd546091eff2021-12-21 10:23:31.946root 11241100x8000000000000000338937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb880079b97934422021-12-21 10:23:31.946root 11241100x8000000000000000338938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b797ecd035a8422021-12-21 10:23:31.946root 11241100x8000000000000000338939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56924a5c9537506e2021-12-21 10:23:31.946root 11241100x8000000000000000338940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068018af3107d7fb2021-12-21 10:23:31.946root 11241100x8000000000000000338941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1661d59a9f26f73a2021-12-21 10:23:31.946root 11241100x8000000000000000338942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b76ea95eecec132021-12-21 10:23:31.946root 11241100x8000000000000000338943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da3bf1e5d723b2a52021-12-21 10:23:31.947root 11241100x8000000000000000338944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2daa963a8fcdad972021-12-21 10:23:31.947root 11241100x8000000000000000338945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de2484d87692abf2021-12-21 10:23:31.947root 11241100x8000000000000000338946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eaa9074b65cf9432021-12-21 10:23:31.947root 11241100x8000000000000000338947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e76b5378ee218dbb2021-12-21 10:23:31.947root 11241100x8000000000000000338948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42d823f15bc16aa2021-12-21 10:23:31.947root 11241100x8000000000000000338949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34560354337f1ac2021-12-21 10:23:31.948root 11241100x8000000000000000338950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287fdfaf8750fc5b2021-12-21 10:23:31.948root 11241100x8000000000000000338951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de989f9c469808e2021-12-21 10:23:31.948root 11241100x8000000000000000338952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a76e72f40ffa5eec2021-12-21 10:23:31.948root 11241100x8000000000000000338953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b0a7dde26dfd622021-12-21 10:23:31.948root 11241100x8000000000000000338954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb183dd47c0208c2021-12-21 10:23:31.948root 11241100x8000000000000000338955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9875c76602cb64de2021-12-21 10:23:31.949root 11241100x8000000000000000338956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683aa86407600aee2021-12-21 10:23:31.949root 11241100x8000000000000000338957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4a74b2407b38bd2021-12-21 10:23:31.949root 11241100x8000000000000000338958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000bfe2ca8140f3a2021-12-21 10:23:31.949root 11241100x8000000000000000338959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70213d27962955c2021-12-21 10:23:32.443root 11241100x8000000000000000338960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962e2c37778f309d2021-12-21 10:23:32.443root 11241100x8000000000000000338961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32fe9a387db796e92021-12-21 10:23:32.443root 11241100x8000000000000000338962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42aaa7c5813bd3462021-12-21 10:23:32.443root 11241100x8000000000000000338963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e131807c9f66a4ea2021-12-21 10:23:32.443root 11241100x8000000000000000338964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7aca12110dff1f2021-12-21 10:23:32.444root 11241100x8000000000000000338965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee34ee2cc12b15972021-12-21 10:23:32.444root 11241100x8000000000000000338966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af41c0981eca6ee02021-12-21 10:23:32.444root 11241100x8000000000000000338967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d666bda71f8afc2021-12-21 10:23:32.444root 11241100x8000000000000000338968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa837d8caa4e33672021-12-21 10:23:32.444root 11241100x8000000000000000338969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed5a0b4bf7b2d2c2021-12-21 10:23:32.444root 11241100x8000000000000000338970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecebee533a6b02252021-12-21 10:23:32.444root 11241100x8000000000000000338971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233165f02dca9d482021-12-21 10:23:32.444root 11241100x8000000000000000338972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57de5760965cd792021-12-21 10:23:32.445root 11241100x8000000000000000338973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec77995452712c442021-12-21 10:23:32.445root 11241100x8000000000000000338974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.878c26006e7766002021-12-21 10:23:32.445root 11241100x8000000000000000338975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474c82e848da82dc2021-12-21 10:23:32.445root 11241100x8000000000000000338976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fbd310fb83f8e32021-12-21 10:23:32.445root 11241100x8000000000000000338977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09bc46fd9c7058522021-12-21 10:23:32.445root 11241100x8000000000000000338978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa27931205604f02021-12-21 10:23:32.445root 11241100x8000000000000000338979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d33ee3db5665d2f2021-12-21 10:23:32.445root 11241100x8000000000000000338980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e34d9f1898526002021-12-21 10:23:32.445root 11241100x8000000000000000338981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8e7d418fc7e1e12021-12-21 10:23:32.446root 11241100x8000000000000000338982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353cbc8b29187f182021-12-21 10:23:32.446root 11241100x8000000000000000338983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4c704a4122247a2021-12-21 10:23:32.446root 11241100x8000000000000000338984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560ef858e40de79c2021-12-21 10:23:32.446root 11241100x8000000000000000338985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee9acf780903e442021-12-21 10:23:32.447root 11241100x8000000000000000338986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb43ba5e6aaf5d3f2021-12-21 10:23:32.447root 11241100x8000000000000000338987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68f6f4b7f04dd7b2021-12-21 10:23:32.447root 11241100x8000000000000000338988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0280a2457960292021-12-21 10:23:32.448root 11241100x8000000000000000338989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69982b6c6f44d8802021-12-21 10:23:32.448root 11241100x8000000000000000338990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eae9c5f6ec422f22021-12-21 10:23:32.449root 11241100x8000000000000000338991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335d4153792d688a2021-12-21 10:23:32.449root 11241100x8000000000000000338992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cfc24bdc0d1d262021-12-21 10:23:32.450root 11241100x8000000000000000338993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6625e11325a5fb52021-12-21 10:23:32.450root 11241100x8000000000000000338994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3117bda04ed26d42021-12-21 10:23:32.451root 11241100x8000000000000000338995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cec9dbf7ab4aa952021-12-21 10:23:32.451root 11241100x8000000000000000338996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde0663a1cd1d7fd2021-12-21 10:23:32.452root 11241100x8000000000000000338997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f05886d3f05f582021-12-21 10:23:32.943root 11241100x8000000000000000338998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a605c7174cc86d1c2021-12-21 10:23:32.943root 11241100x8000000000000000338999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b17148ecf426fe72021-12-21 10:23:32.944root 11241100x8000000000000000339000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fe0581392727bc2021-12-21 10:23:32.944root 11241100x8000000000000000339001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1c47fbaf7f1e672021-12-21 10:23:32.944root 11241100x8000000000000000339002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f4f393e65e57b62021-12-21 10:23:32.944root 11241100x8000000000000000339003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11bfd6491bc90bd2021-12-21 10:23:32.944root 11241100x8000000000000000339004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d373203a20c0c302021-12-21 10:23:32.945root 11241100x8000000000000000339005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715cc4e48fa739f22021-12-21 10:23:32.945root 11241100x8000000000000000339006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abbd70dc3e6e6a82021-12-21 10:23:32.945root 11241100x8000000000000000339007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692916f034a810462021-12-21 10:23:32.945root 11241100x8000000000000000339008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47e6579ac42fd7e2021-12-21 10:23:32.945root 11241100x8000000000000000339009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a791a0e2d918562b2021-12-21 10:23:32.945root 11241100x8000000000000000339010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea1f4049dd7dfd62021-12-21 10:23:32.945root 11241100x8000000000000000339011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b31afed24621382021-12-21 10:23:32.945root 11241100x8000000000000000339012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5eea8b99fd3aff2021-12-21 10:23:32.945root 11241100x8000000000000000339013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ae8040eff0786e2021-12-21 10:23:32.945root 11241100x8000000000000000339014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41d50c5b4b0ba0c2021-12-21 10:23:32.945root 11241100x8000000000000000339015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc5717defaaa4252021-12-21 10:23:32.946root 11241100x8000000000000000339016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3fad2380985e322021-12-21 10:23:32.946root 11241100x8000000000000000339017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a188741453dc8eb02021-12-21 10:23:32.946root 11241100x8000000000000000339018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57158f6a1f6edaae2021-12-21 10:23:32.946root 11241100x8000000000000000339019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed99041a2ef49da2021-12-21 10:23:32.946root 11241100x8000000000000000339020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a23f6db6d714702021-12-21 10:23:32.946root 11241100x8000000000000000339021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3982f58b5ef94ea52021-12-21 10:23:32.947root 11241100x8000000000000000339022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e785d40b130f7a2021-12-21 10:23:32.947root 11241100x8000000000000000339023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c084100b3f92a72021-12-21 10:23:32.947root 11241100x8000000000000000339024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c0bff509bbda7b2021-12-21 10:23:32.947root 11241100x8000000000000000339025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b242f1b5e48f86502021-12-21 10:23:32.947root 11241100x8000000000000000339026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247bd98d7132c95d2021-12-21 10:23:32.947root 11241100x8000000000000000339027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d350b344ebcd0d022021-12-21 10:23:32.948root 11241100x8000000000000000339028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59894cc3ec1a6e2d2021-12-21 10:23:32.948root 11241100x8000000000000000339029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b878f3acc2da022021-12-21 10:23:32.948root 11241100x8000000000000000339030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9c6e9612ac30732021-12-21 10:23:32.948root 11241100x8000000000000000339031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:32.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ca2bdd641806372021-12-21 10:23:32.948root 354300x8000000000000000339032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.087{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47032-false10.0.1.12-8000- 11241100x8000000000000000339033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae87e36efab599a2021-12-21 10:23:33.442root 11241100x8000000000000000339034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c2ef43c60be8ae2021-12-21 10:23:33.443root 11241100x8000000000000000339035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b33b531d717bb72021-12-21 10:23:33.443root 11241100x8000000000000000339036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4653648147d7eef72021-12-21 10:23:33.443root 11241100x8000000000000000339037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6c935d5c54e47b2021-12-21 10:23:33.443root 11241100x8000000000000000339038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5069c9bf4943ae12021-12-21 10:23:33.443root 11241100x8000000000000000339039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4624563f4826a2552021-12-21 10:23:33.443root 11241100x8000000000000000339040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edff9189a91d2eb62021-12-21 10:23:33.443root 11241100x8000000000000000339041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27cbf0f4e36e30e92021-12-21 10:23:33.444root 11241100x8000000000000000339042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9a694efceddce62021-12-21 10:23:33.444root 11241100x8000000000000000339043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97a89db0a31a4ae2021-12-21 10:23:33.444root 11241100x8000000000000000339044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c54acdda6415bf2021-12-21 10:23:33.444root 11241100x8000000000000000339045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.236472ca595075bb2021-12-21 10:23:33.444root 11241100x8000000000000000339046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db22ff9abe0921a42021-12-21 10:23:33.444root 11241100x8000000000000000339047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560f3f09d575e3712021-12-21 10:23:33.445root 11241100x8000000000000000339048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92616428f38df472021-12-21 10:23:33.445root 11241100x8000000000000000339049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170eb35065b283422021-12-21 10:23:33.445root 11241100x8000000000000000339050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bded59fa233a0782021-12-21 10:23:33.445root 11241100x8000000000000000339051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6535c8b9b1ed44c62021-12-21 10:23:33.445root 11241100x8000000000000000339052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676a3804947751792021-12-21 10:23:33.445root 11241100x8000000000000000339053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c511381ae7966c752021-12-21 10:23:33.445root 11241100x8000000000000000339054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac6ab5e3c1a70142021-12-21 10:23:33.445root 11241100x8000000000000000339055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa81af7eace54792021-12-21 10:23:33.446root 11241100x8000000000000000339056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ab1ac5568ce3982021-12-21 10:23:33.446root 11241100x8000000000000000339057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2caf6312905b3db32021-12-21 10:23:33.447root 11241100x8000000000000000339058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fba605ce6bf5c952021-12-21 10:23:33.447root 11241100x8000000000000000339059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d25ed05f6b983f2021-12-21 10:23:33.448root 11241100x8000000000000000339060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c92406f7e9ed792021-12-21 10:23:33.448root 11241100x8000000000000000339061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b29834edb1131422021-12-21 10:23:33.448root 11241100x8000000000000000339062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a114a9a0facafd222021-12-21 10:23:33.448root 11241100x8000000000000000339063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efcd8e6659932992021-12-21 10:23:33.448root 11241100x8000000000000000339064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25fad419e832c112021-12-21 10:23:33.448root 11241100x8000000000000000339065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9bc6c486d877482021-12-21 10:23:33.449root 11241100x8000000000000000339066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658fc736020af4d32021-12-21 10:23:33.449root 11241100x8000000000000000339067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6a15ea8310aa6f2021-12-21 10:23:33.449root 11241100x8000000000000000339068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d61d286ffe01462021-12-21 10:23:33.449root 11241100x8000000000000000339069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7858b27d535637412021-12-21 10:23:33.449root 11241100x8000000000000000339070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d84e15f13a3cce2021-12-21 10:23:33.449root 11241100x8000000000000000339071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1d6f2623cf37542021-12-21 10:23:33.449root 11241100x8000000000000000339072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30c34c24c193c7b72021-12-21 10:23:33.449root 11241100x8000000000000000339073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a85a8f330e4d61c2021-12-21 10:23:33.450root 11241100x8000000000000000339074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e45f4a093e6fe22021-12-21 10:23:33.450root 11241100x8000000000000000339075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4881f56acb102f32021-12-21 10:23:33.450root 11241100x8000000000000000339076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309b4ab13945689c2021-12-21 10:23:33.450root 11241100x8000000000000000339077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9203f951825db57d2021-12-21 10:23:33.943root 11241100x8000000000000000339078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8a38383fc11d7d2021-12-21 10:23:33.944root 11241100x8000000000000000339079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9d239352bbdc692021-12-21 10:23:33.944root 11241100x8000000000000000339080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1641b38c3fd8e862021-12-21 10:23:33.944root 11241100x8000000000000000339081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11fa2de12f7da8ff2021-12-21 10:23:33.944root 11241100x8000000000000000339082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c428796da0f00c12021-12-21 10:23:33.944root 11241100x8000000000000000339083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7526ce9e5065ea2021-12-21 10:23:33.944root 11241100x8000000000000000339084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88323f0c9d6d1b552021-12-21 10:23:33.945root 11241100x8000000000000000339085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c01698f05c7d5bd2021-12-21 10:23:33.945root 11241100x8000000000000000339086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a567e2627f0c95912021-12-21 10:23:33.945root 11241100x8000000000000000339087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f470d91e5692e8c2021-12-21 10:23:33.945root 11241100x8000000000000000339088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a74794ee7713372021-12-21 10:23:33.945root 11241100x8000000000000000339089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38bf005adbaf549d2021-12-21 10:23:33.945root 11241100x8000000000000000339090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc16fd7f25337902021-12-21 10:23:33.945root 11241100x8000000000000000339091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a903923890960a22021-12-21 10:23:33.945root 11241100x8000000000000000339092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2267397619fd9912021-12-21 10:23:33.945root 11241100x8000000000000000339093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc683fccb1bd74252021-12-21 10:23:33.946root 11241100x8000000000000000339094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26694c5f10562e22021-12-21 10:23:33.946root 11241100x8000000000000000339095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615c857e7ee5ee8b2021-12-21 10:23:33.946root 11241100x8000000000000000339096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f778ab7a3bc357242021-12-21 10:23:33.946root 11241100x8000000000000000339097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d98d457993cd4b72021-12-21 10:23:33.946root 11241100x8000000000000000339098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca230e2bc442002d2021-12-21 10:23:33.946root 11241100x8000000000000000339099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a36f301cf1436d2021-12-21 10:23:33.946root 11241100x8000000000000000339100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2971874d95ed162021-12-21 10:23:33.946root 11241100x8000000000000000339101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2bede70d35d5f682021-12-21 10:23:33.946root 11241100x8000000000000000339102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe5e535a1a37f472021-12-21 10:23:33.946root 11241100x8000000000000000339103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d8855fa10849f92021-12-21 10:23:33.947root 11241100x8000000000000000339104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8881b687b33a1bd02021-12-21 10:23:33.947root 11241100x8000000000000000339105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899bdec72a8b10952021-12-21 10:23:33.947root 11241100x8000000000000000339106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73618f3bf83cdf752021-12-21 10:23:33.947root 11241100x8000000000000000339107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5007e5b1c163a4ee2021-12-21 10:23:33.947root 11241100x8000000000000000339108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d71d8f65eaa377e62021-12-21 10:23:33.947root 11241100x8000000000000000339109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028a4d013ac9800d2021-12-21 10:23:33.947root 11241100x8000000000000000339110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3499b1955d62662a2021-12-21 10:23:33.947root 11241100x8000000000000000339111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33aaa63704c194162021-12-21 10:23:33.947root 11241100x8000000000000000339112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244a4484c092b3652021-12-21 10:23:33.947root 11241100x8000000000000000339113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92cb2abf25ed8422021-12-21 10:23:33.948root 11241100x8000000000000000339114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6fe4cf338d7b0902021-12-21 10:23:33.948root 11241100x8000000000000000339115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2ee182d008c6622021-12-21 10:23:33.948root 11241100x8000000000000000339116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2ba184a4b118f72021-12-21 10:23:33.948root 11241100x8000000000000000339117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc6f3961f82de862021-12-21 10:23:33.948root 11241100x8000000000000000339118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa8fa94213d5b6e2021-12-21 10:23:34.443root 11241100x8000000000000000339119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6d1663fc78a4ec2021-12-21 10:23:34.443root 11241100x8000000000000000339120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80e32622d0163862021-12-21 10:23:34.443root 11241100x8000000000000000339121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f3f4d1bf15ae312021-12-21 10:23:34.444root 11241100x8000000000000000339122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da930697c4030882021-12-21 10:23:34.444root 11241100x8000000000000000339123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8097ffc194fd4d202021-12-21 10:23:34.444root 11241100x8000000000000000339124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509841d906b9559b2021-12-21 10:23:34.444root 11241100x8000000000000000339125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34877cff1cf6d252021-12-21 10:23:34.444root 11241100x8000000000000000339126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14aff29b105e1fb2021-12-21 10:23:34.444root 11241100x8000000000000000339127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff016ecab21dceb92021-12-21 10:23:34.444root 11241100x8000000000000000339128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de171ae68d62ae92021-12-21 10:23:34.444root 11241100x8000000000000000339129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16da2d87ac205e002021-12-21 10:23:34.445root 11241100x8000000000000000339130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7db1504a73556572021-12-21 10:23:34.445root 11241100x8000000000000000339131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76aee193124599b52021-12-21 10:23:34.445root 11241100x8000000000000000339132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3278703df73ab36a2021-12-21 10:23:34.445root 11241100x8000000000000000339133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83514c6df34634c72021-12-21 10:23:34.445root 11241100x8000000000000000339134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8045c0b0007cf6d2021-12-21 10:23:34.445root 11241100x8000000000000000339135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0db7fd4cb9924822021-12-21 10:23:34.445root 11241100x8000000000000000339136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f656c0f71db95082021-12-21 10:23:34.445root 11241100x8000000000000000339137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b321949b412fccd92021-12-21 10:23:34.445root 11241100x8000000000000000339138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a35028fef7ad2612021-12-21 10:23:34.445root 11241100x8000000000000000339139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84377dcfa43909e2021-12-21 10:23:34.446root 11241100x8000000000000000339140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb1c56d8973e8582021-12-21 10:23:34.446root 11241100x8000000000000000339141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1f715345b5d33f2021-12-21 10:23:34.446root 11241100x8000000000000000339142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf581db569c7a1a22021-12-21 10:23:34.446root 11241100x8000000000000000339143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435cf76a71ff5a592021-12-21 10:23:34.446root 11241100x8000000000000000339144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfad7af10809635f2021-12-21 10:23:34.446root 11241100x8000000000000000339145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34895fb9c2e2baae2021-12-21 10:23:34.446root 11241100x8000000000000000339146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec67bf04a654ac392021-12-21 10:23:34.446root 11241100x8000000000000000339147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada9f45eafbe1dfe2021-12-21 10:23:34.446root 11241100x8000000000000000339148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9cd23f85220ef92021-12-21 10:23:34.447root 11241100x8000000000000000339149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6707fac18b99a512021-12-21 10:23:34.447root 11241100x8000000000000000339150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a86bf41826c91c82021-12-21 10:23:34.447root 11241100x8000000000000000339151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779c8079e33a667f2021-12-21 10:23:34.447root 11241100x8000000000000000339152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17045befd81c9ef62021-12-21 10:23:34.447root 11241100x8000000000000000339153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb30a2a53971826d2021-12-21 10:23:34.447root 11241100x8000000000000000339154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f29f271443d67d72021-12-21 10:23:34.447root 11241100x8000000000000000339155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1ba3c1a75ebc372021-12-21 10:23:34.447root 11241100x8000000000000000339156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b85347f7722d2d22021-12-21 10:23:34.943root 11241100x8000000000000000339157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3e229687d7e5832021-12-21 10:23:34.943root 11241100x8000000000000000339158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a1161619e7b78e2021-12-21 10:23:34.944root 11241100x8000000000000000339159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b44185001e6cdc42021-12-21 10:23:34.944root 11241100x8000000000000000339160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04caff274ba8861a2021-12-21 10:23:34.944root 11241100x8000000000000000339161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63a36b66afccede2021-12-21 10:23:34.944root 11241100x8000000000000000339162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1a6ee1f10956c82021-12-21 10:23:34.945root 11241100x8000000000000000339163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.841b08eca6b1cb652021-12-21 10:23:34.945root 11241100x8000000000000000339164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863158f12d8f11522021-12-21 10:23:34.945root 11241100x8000000000000000339165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe4f4f412e4d1e92021-12-21 10:23:34.945root 11241100x8000000000000000339166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4089e6d20f219a1f2021-12-21 10:23:34.945root 11241100x8000000000000000339167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926e694bd66869c52021-12-21 10:23:34.945root 11241100x8000000000000000339168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78721b68844262442021-12-21 10:23:34.945root 11241100x8000000000000000339169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2128ab59b0c078c2021-12-21 10:23:34.945root 11241100x8000000000000000339170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9483bd760aa1d2922021-12-21 10:23:34.946root 11241100x8000000000000000339171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac28ec4497c93d6a2021-12-21 10:23:34.946root 11241100x8000000000000000339172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a4181ff81b372a2021-12-21 10:23:34.946root 11241100x8000000000000000339173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d723d459f5db710f2021-12-21 10:23:34.946root 11241100x8000000000000000339174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.829d2dacfb0ef3cb2021-12-21 10:23:34.947root 11241100x8000000000000000339175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6489b21b655770b2021-12-21 10:23:34.947root 11241100x8000000000000000339176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024b3dd6d7c6c86f2021-12-21 10:23:34.947root 11241100x8000000000000000339177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ce29d20b89ed792021-12-21 10:23:34.947root 11241100x8000000000000000339178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff7a0691294ebc52021-12-21 10:23:34.948root 11241100x8000000000000000339179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1988f6a84e3346402021-12-21 10:23:34.948root 11241100x8000000000000000339180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dff5921dd6aba272021-12-21 10:23:34.948root 11241100x8000000000000000339181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6255756766e8a182021-12-21 10:23:34.948root 11241100x8000000000000000339182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ca2e6f758447e62021-12-21 10:23:34.949root 11241100x8000000000000000339183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4119e531a53a9e82021-12-21 10:23:34.949root 11241100x8000000000000000339184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a316de2304dbeae32021-12-21 10:23:34.949root 11241100x8000000000000000339185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc2d180e55cc3ed2021-12-21 10:23:34.949root 11241100x8000000000000000339186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc989668c2352502021-12-21 10:23:34.949root 11241100x8000000000000000339187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac58f54b57757712021-12-21 10:23:34.949root 11241100x8000000000000000339188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0a0cd86ade16702021-12-21 10:23:34.950root 11241100x8000000000000000339189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f0a0f07b65aede2021-12-21 10:23:34.951root 11241100x8000000000000000339190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2bbc8beddd948162021-12-21 10:23:34.951root 11241100x8000000000000000339191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:34.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c0658355c31f912021-12-21 10:23:34.951root 11241100x8000000000000000339192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d50b455695692072021-12-21 10:23:35.443root 11241100x8000000000000000339193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3281945d8939ae2021-12-21 10:23:35.443root 11241100x8000000000000000339194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13760e76b88020dd2021-12-21 10:23:35.443root 11241100x8000000000000000339195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc7621b6cab42872021-12-21 10:23:35.443root 11241100x8000000000000000339196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca4f3ffed1e86aa2021-12-21 10:23:35.444root 11241100x8000000000000000339197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8288839bbf99b07b2021-12-21 10:23:35.444root 11241100x8000000000000000339198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e564b9afd84dbd2021-12-21 10:23:35.444root 11241100x8000000000000000339199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a852823769c821112021-12-21 10:23:35.444root 11241100x8000000000000000339200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe1a6e1590142362021-12-21 10:23:35.444root 11241100x8000000000000000339201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74bf7d7ceac434382021-12-21 10:23:35.444root 11241100x8000000000000000339202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada2f9f49f8295322021-12-21 10:23:35.445root 11241100x8000000000000000339203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02884be3b159bf2b2021-12-21 10:23:35.445root 11241100x8000000000000000339204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c11ac6a907c3292021-12-21 10:23:35.445root 11241100x8000000000000000339205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02416463f6a88bf32021-12-21 10:23:35.445root 11241100x8000000000000000339206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210188646aee7cd72021-12-21 10:23:35.445root 11241100x8000000000000000339207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56821248c699f28f2021-12-21 10:23:35.445root 11241100x8000000000000000339208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cf5eaab5b374d142021-12-21 10:23:35.445root 11241100x8000000000000000339209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5fe152c067626932021-12-21 10:23:35.445root 11241100x8000000000000000339210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d51d41b3b5889b22021-12-21 10:23:35.445root 11241100x8000000000000000339211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b5c9d5c63ac8112021-12-21 10:23:35.446root 11241100x8000000000000000339212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3193cf9ab1000f902021-12-21 10:23:35.446root 11241100x8000000000000000339213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1752bc8b91d9d8122021-12-21 10:23:35.446root 11241100x8000000000000000339214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b1e898326103b92021-12-21 10:23:35.446root 11241100x8000000000000000339215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a5c6468a225e4c2021-12-21 10:23:35.446root 11241100x8000000000000000339216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a14228d5fd676f42021-12-21 10:23:35.446root 11241100x8000000000000000339217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d380b032c807902021-12-21 10:23:35.446root 11241100x8000000000000000339218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2e6939180e7ba12021-12-21 10:23:35.447root 11241100x8000000000000000339219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6272a9406355e962021-12-21 10:23:35.447root 11241100x8000000000000000339220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d668802ff5c1ea2021-12-21 10:23:35.447root 11241100x8000000000000000339221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2541116e4e71ea542021-12-21 10:23:35.447root 11241100x8000000000000000339222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9bc8fa2674da452021-12-21 10:23:35.447root 11241100x8000000000000000339223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24a5e35c5484f8b2021-12-21 10:23:35.447root 11241100x8000000000000000339224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08795b0798b3e53e2021-12-21 10:23:35.447root 11241100x8000000000000000339225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ab8ab6bc1c57dc2021-12-21 10:23:35.448root 11241100x8000000000000000339226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d9a7bb0beac8ed2021-12-21 10:23:35.943root 11241100x8000000000000000339227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39efe8636172c0da2021-12-21 10:23:35.943root 11241100x8000000000000000339228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9a12a5212b7f172021-12-21 10:23:35.943root 11241100x8000000000000000339229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b5b4d9ab4724c02021-12-21 10:23:35.944root 11241100x8000000000000000339230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06934f1d98dd69722021-12-21 10:23:35.944root 11241100x8000000000000000339231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fae26c3b8efa322021-12-21 10:23:35.944root 11241100x8000000000000000339232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d1ce83639d24b72021-12-21 10:23:35.944root 11241100x8000000000000000339233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1cf64e301f4d8b2021-12-21 10:23:35.944root 11241100x8000000000000000339234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718334e523b0e4d32021-12-21 10:23:35.944root 11241100x8000000000000000339235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48de1c2a8bc9464c2021-12-21 10:23:35.945root 11241100x8000000000000000339236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869a1839c555698b2021-12-21 10:23:35.945root 11241100x8000000000000000339237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f6e8430925d9692021-12-21 10:23:35.945root 11241100x8000000000000000339238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c7377abe5cfa102021-12-21 10:23:35.945root 11241100x8000000000000000339239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ead4a9b38c996ff2021-12-21 10:23:35.945root 11241100x8000000000000000339240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd54b317a4c7e8a2021-12-21 10:23:35.945root 11241100x8000000000000000339241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57bd3d2e555083232021-12-21 10:23:35.945root 11241100x8000000000000000339242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3851bcd717b69a22021-12-21 10:23:35.945root 11241100x8000000000000000339243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f925f0b593d81692021-12-21 10:23:35.945root 11241100x8000000000000000339244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bc55537c5029282021-12-21 10:23:35.946root 11241100x8000000000000000339245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7659a80fe237a7422021-12-21 10:23:35.946root 11241100x8000000000000000339246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e507075c4e04f4e42021-12-21 10:23:35.946root 11241100x8000000000000000339247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812054eb6e9d367b2021-12-21 10:23:35.946root 11241100x8000000000000000339248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f1e95ad04e65592021-12-21 10:23:35.946root 11241100x8000000000000000339249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61b3dd9704af8442021-12-21 10:23:35.946root 11241100x8000000000000000339250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31dd19f3bfc5d6e62021-12-21 10:23:35.947root 11241100x8000000000000000339251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120431770c85c06d2021-12-21 10:23:35.947root 11241100x8000000000000000339252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40fa56fd69eb97d12021-12-21 10:23:35.947root 11241100x8000000000000000339253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39087a11aa8d6862021-12-21 10:23:35.947root 11241100x8000000000000000339254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61cea7df2baa28062021-12-21 10:23:35.947root 11241100x8000000000000000339255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f09f509a6a48e7e2021-12-21 10:23:35.947root 11241100x8000000000000000339256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb833fb0082479a92021-12-21 10:23:35.948root 11241100x8000000000000000339257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44fe60c7b512f4642021-12-21 10:23:35.948root 11241100x8000000000000000339258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f5283206e2f14c2021-12-21 10:23:35.948root 11241100x8000000000000000339259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b4d9504774bc142021-12-21 10:23:35.948root 11241100x8000000000000000339260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:35.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae6c77b7a5b1fe32021-12-21 10:23:35.948root 11241100x8000000000000000339261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.350{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:23:36.350root 11241100x8000000000000000339262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5deba71ee429442021-12-21 10:23:36.351root 11241100x8000000000000000339263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c68af9b6235c7832021-12-21 10:23:36.351root 11241100x8000000000000000339264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386d6f9a964d31f92021-12-21 10:23:36.351root 11241100x8000000000000000339265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357454e93074a9db2021-12-21 10:23:36.351root 11241100x8000000000000000339266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c89621967cd93a52021-12-21 10:23:36.351root 11241100x8000000000000000339267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e730bfd5ab0c66482021-12-21 10:23:36.352root 11241100x8000000000000000339268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40dd95844cddc1832021-12-21 10:23:36.352root 11241100x8000000000000000339269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182960a81a578aec2021-12-21 10:23:36.352root 11241100x8000000000000000339270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4148928933dda5852021-12-21 10:23:36.352root 11241100x8000000000000000339271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccbb7ed30da44452021-12-21 10:23:36.352root 11241100x8000000000000000339272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7fef1f6ac1b00e2021-12-21 10:23:36.352root 11241100x8000000000000000339273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea9741b32aa94aa2021-12-21 10:23:36.352root 11241100x8000000000000000339274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52f623fec96053f2021-12-21 10:23:36.353root 11241100x8000000000000000339275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c72cac031587aba2021-12-21 10:23:36.353root 11241100x8000000000000000339276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d59db106e2d3152021-12-21 10:23:36.353root 11241100x8000000000000000339277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc123656f80d6ed42021-12-21 10:23:36.353root 11241100x8000000000000000339278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc6c6068adee7272021-12-21 10:23:36.353root 11241100x8000000000000000339279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e85a33112972402021-12-21 10:23:36.353root 11241100x8000000000000000339280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51076b681c3b9032021-12-21 10:23:36.353root 11241100x8000000000000000339281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7426351f02f1a3b12021-12-21 10:23:36.354root 11241100x8000000000000000339282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77da8b407293dde2021-12-21 10:23:36.354root 11241100x8000000000000000339283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99aa0657822b68de2021-12-21 10:23:36.354root 11241100x8000000000000000339284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd480d9b69491cc2021-12-21 10:23:36.354root 11241100x8000000000000000339285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd542d93186e0152021-12-21 10:23:36.354root 11241100x8000000000000000339286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7093d769d35efbfd2021-12-21 10:23:36.354root 11241100x8000000000000000339287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee52bf2e87c151a52021-12-21 10:23:36.354root 11241100x8000000000000000339288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff2b780647daead2021-12-21 10:23:36.354root 11241100x8000000000000000339289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8001fcaeb0c9f64e2021-12-21 10:23:36.355root 11241100x8000000000000000339290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4420516961390b2021-12-21 10:23:36.355root 11241100x8000000000000000339291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e84a1c61f6e7a322021-12-21 10:23:36.355root 11241100x8000000000000000339292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b6a5d044cfd9232021-12-21 10:23:36.355root 11241100x8000000000000000339293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220be0edfb1c9c8a2021-12-21 10:23:36.356root 11241100x8000000000000000339294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4aa52e31e2ef4302021-12-21 10:23:36.356root 11241100x8000000000000000339295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45af4701db765d522021-12-21 10:23:36.356root 11241100x8000000000000000339296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfaae62c7cfab8d62021-12-21 10:23:36.356root 11241100x8000000000000000339297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7786a228f0929f212021-12-21 10:23:36.357root 11241100x8000000000000000339298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e0af955aa4e7182021-12-21 10:23:36.357root 11241100x8000000000000000339299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37535cbffd1e3c782021-12-21 10:23:36.357root 11241100x8000000000000000339300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf406db1e3b3c732021-12-21 10:23:36.357root 11241100x8000000000000000339301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6802fc94aca8cc12021-12-21 10:23:36.357root 11241100x8000000000000000339302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.358{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa49311d48340c52021-12-21 10:23:36.358root 11241100x8000000000000000339303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.358{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c01951f9ac3d992021-12-21 10:23:36.358root 11241100x8000000000000000339304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.358{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d09d08579434b7d2021-12-21 10:23:36.358root 11241100x8000000000000000339305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26684f2147446ec02021-12-21 10:23:36.693root 11241100x8000000000000000339306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efb6c6bc48c43ec2021-12-21 10:23:36.693root 11241100x8000000000000000339307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9f004bac5decb22021-12-21 10:23:36.693root 11241100x8000000000000000339308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1707ab10c11f93a2021-12-21 10:23:36.693root 11241100x8000000000000000339309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd5b03aa07cc7192021-12-21 10:23:36.693root 11241100x8000000000000000339310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8729884cb18f5fb2021-12-21 10:23:36.694root 11241100x8000000000000000339311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee58e285e5ea62102021-12-21 10:23:36.694root 11241100x8000000000000000339312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c46b5eb349efc4d2021-12-21 10:23:36.694root 11241100x8000000000000000339313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8968fd271f058d572021-12-21 10:23:36.694root 11241100x8000000000000000339314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc353e99efaa23172021-12-21 10:23:36.694root 11241100x8000000000000000339315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e2261b59d857ec2021-12-21 10:23:36.694root 11241100x8000000000000000339316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79dadf3893d994c12021-12-21 10:23:36.694root 11241100x8000000000000000339317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ff697816b07c0c2021-12-21 10:23:36.695root 11241100x8000000000000000339318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3204986cbedf33cd2021-12-21 10:23:36.695root 11241100x8000000000000000339319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8121343757972b4f2021-12-21 10:23:36.695root 11241100x8000000000000000339320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9d3e205e793db1c2021-12-21 10:23:36.695root 11241100x8000000000000000339321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb53053776b17132021-12-21 10:23:36.695root 11241100x8000000000000000339322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c10bbab6689a5d72021-12-21 10:23:36.695root 11241100x8000000000000000339323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39156c6218ec86ea2021-12-21 10:23:36.695root 11241100x8000000000000000339324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1a44be639dde532021-12-21 10:23:36.696root 11241100x8000000000000000339325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d42617f85326e032021-12-21 10:23:36.696root 11241100x8000000000000000339326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9203ff0f3f76d32b2021-12-21 10:23:36.696root 11241100x8000000000000000339327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466a7516870e50a82021-12-21 10:23:36.696root 11241100x8000000000000000339328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9e6cca4ff4a7172021-12-21 10:23:36.696root 11241100x8000000000000000339329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea778f3825a19bc2021-12-21 10:23:36.697root 11241100x8000000000000000339330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6194614af75e0e652021-12-21 10:23:36.697root 11241100x8000000000000000339331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baccc22532d666582021-12-21 10:23:36.697root 11241100x8000000000000000339332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3ef3b18a479ac52021-12-21 10:23:36.697root 11241100x8000000000000000339333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e2bb1f76e9bafa2021-12-21 10:23:36.698root 11241100x8000000000000000339334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51bfa0df6c7cdede2021-12-21 10:23:36.698root 11241100x8000000000000000339335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3186e4afd9fe34f32021-12-21 10:23:36.698root 11241100x8000000000000000339336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe40ced4324621c2021-12-21 10:23:36.698root 11241100x8000000000000000339337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec0ac74d6cd41652021-12-21 10:23:36.698root 11241100x8000000000000000339338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011adad02646195b2021-12-21 10:23:36.698root 11241100x8000000000000000339339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276847f4439c673a2021-12-21 10:23:36.698root 11241100x8000000000000000339340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa65b534baa618892021-12-21 10:23:36.698root 11241100x8000000000000000339341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71762efedc7262302021-12-21 10:23:36.699root 11241100x8000000000000000339342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb476e92d031c172021-12-21 10:23:36.699root 11241100x8000000000000000339343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e23d81b54eb6652021-12-21 10:23:36.699root 11241100x8000000000000000339344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06915d4d5d5d821e2021-12-21 10:23:36.699root 11241100x8000000000000000339345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6cd8d2a788e3e02021-12-21 10:23:36.699root 11241100x8000000000000000339346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e0edbe819e5cda2021-12-21 10:23:36.699root 11241100x8000000000000000339347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df57b1a0d47916562021-12-21 10:23:37.193root 11241100x8000000000000000339348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0683a77f7ac6942021-12-21 10:23:37.193root 11241100x8000000000000000339349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e997150efdd54bb2021-12-21 10:23:37.194root 11241100x8000000000000000339350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd06c976c36f96e2021-12-21 10:23:37.194root 11241100x8000000000000000339351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b895cc8630bbb8d2021-12-21 10:23:37.194root 11241100x8000000000000000339352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e5f37833fcd5e22021-12-21 10:23:37.195root 11241100x8000000000000000339353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6296d4f9906964d2021-12-21 10:23:37.195root 11241100x8000000000000000339354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270461baa877b9572021-12-21 10:23:37.195root 11241100x8000000000000000339355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23edf7280aca863d2021-12-21 10:23:37.195root 11241100x8000000000000000339356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a9d8d050faa9812021-12-21 10:23:37.196root 11241100x8000000000000000339357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2382299b1ccdff942021-12-21 10:23:37.196root 11241100x8000000000000000339358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b50c77029065302021-12-21 10:23:37.196root 11241100x8000000000000000339359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8cf95f920a17e4f2021-12-21 10:23:37.196root 11241100x8000000000000000339360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db74dfa1f0ab3ccf2021-12-21 10:23:37.197root 11241100x8000000000000000339361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b71f9acc9c53df22021-12-21 10:23:37.197root 11241100x8000000000000000339362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772d8e0c36d896762021-12-21 10:23:37.197root 11241100x8000000000000000339363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb76bab7a3f12d72021-12-21 10:23:37.197root 11241100x8000000000000000339364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2827aaa84223f8522021-12-21 10:23:37.198root 11241100x8000000000000000339365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd3c486b3f0b36d2021-12-21 10:23:37.198root 11241100x8000000000000000339366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4e7037b0a063fd2021-12-21 10:23:37.198root 11241100x8000000000000000339367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3886f6e0e592107d2021-12-21 10:23:37.198root 11241100x8000000000000000339368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bf300b066ff0c22021-12-21 10:23:37.198root 11241100x8000000000000000339369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0078ffe8a5d417f2021-12-21 10:23:37.199root 11241100x8000000000000000339370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d593a828d9039e2021-12-21 10:23:37.199root 11241100x8000000000000000339371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834314b069ae6b2d2021-12-21 10:23:37.199root 11241100x8000000000000000339372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2a526dc37aa6da2021-12-21 10:23:37.200root 11241100x8000000000000000339373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84da9fdaa2c897da2021-12-21 10:23:37.200root 11241100x8000000000000000339374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266b374ae1a750a52021-12-21 10:23:37.200root 11241100x8000000000000000339375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135231ea6ab1ed6b2021-12-21 10:23:37.200root 11241100x8000000000000000339376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7795031e3b41f4e62021-12-21 10:23:37.201root 11241100x8000000000000000339377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab56d5db432a3e72021-12-21 10:23:37.201root 11241100x8000000000000000339378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc452ccae17399a2021-12-21 10:23:37.201root 11241100x8000000000000000339379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886ef3125f7fa30c2021-12-21 10:23:37.201root 11241100x8000000000000000339380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5c232c1bd8efdc2021-12-21 10:23:37.201root 11241100x8000000000000000339381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d99744b4dfe907f2021-12-21 10:23:37.201root 11241100x8000000000000000339382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ccb48eef73cd2b2021-12-21 10:23:37.201root 11241100x8000000000000000339383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de18209e6fc577742021-12-21 10:23:37.201root 11241100x8000000000000000339384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb3132d9855bc0a2021-12-21 10:23:37.693root 11241100x8000000000000000339385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b90f308e01030242021-12-21 10:23:37.693root 11241100x8000000000000000339386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb64a6d378d0b8a2021-12-21 10:23:37.693root 11241100x8000000000000000339387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a49f15180d237b2021-12-21 10:23:37.693root 11241100x8000000000000000339388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eedfb059c49cc0452021-12-21 10:23:37.693root 11241100x8000000000000000339389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfabb0c6450939412021-12-21 10:23:37.693root 11241100x8000000000000000339390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e867325ca53d14fa2021-12-21 10:23:37.693root 11241100x8000000000000000339391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7e57d8dc71f9232021-12-21 10:23:37.693root 11241100x8000000000000000339392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ddf2aa670ccd1c22021-12-21 10:23:37.693root 11241100x8000000000000000339393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e80d878474d56142021-12-21 10:23:37.693root 11241100x8000000000000000339394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903cb6ad05569a682021-12-21 10:23:37.693root 11241100x8000000000000000339395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c34060ba6efd5f5c2021-12-21 10:23:37.694root 11241100x8000000000000000339396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3ab7e3318b02362021-12-21 10:23:37.694root 11241100x8000000000000000339397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71317fecfa27d1e92021-12-21 10:23:37.694root 11241100x8000000000000000339398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57acb3d6b2121ef12021-12-21 10:23:37.694root 11241100x8000000000000000339399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe033d594e061012021-12-21 10:23:37.694root 11241100x8000000000000000339400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44992f3104b34ad72021-12-21 10:23:37.694root 11241100x8000000000000000339401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6253389cccf892142021-12-21 10:23:37.694root 11241100x8000000000000000339402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3042de496e6f5fd12021-12-21 10:23:37.694root 11241100x8000000000000000339403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a9e8bd2709cdd82021-12-21 10:23:37.694root 11241100x8000000000000000339404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b467b6757be07c212021-12-21 10:23:37.695root 11241100x8000000000000000339405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1feed658189cf292021-12-21 10:23:37.695root 11241100x8000000000000000339406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a6278afc2095502021-12-21 10:23:37.695root 11241100x8000000000000000339407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be750dbffa729e52021-12-21 10:23:37.695root 11241100x8000000000000000339408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db77a0e479597e9e2021-12-21 10:23:37.695root 11241100x8000000000000000339409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbb863c166a5e2c2021-12-21 10:23:37.695root 11241100x8000000000000000339410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da6d7fba3a1f8852021-12-21 10:23:37.696root 11241100x8000000000000000339411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e226713ae1b538a62021-12-21 10:23:37.696root 11241100x8000000000000000339412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f18389797e7dde62021-12-21 10:23:37.696root 11241100x8000000000000000339413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d5bb0dbb21618a2021-12-21 10:23:37.696root 11241100x8000000000000000339414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95372246602276e92021-12-21 10:23:37.696root 11241100x8000000000000000339415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a26efeb3d949f542021-12-21 10:23:37.697root 11241100x8000000000000000339416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01bb375aa7d600d52021-12-21 10:23:37.697root 11241100x8000000000000000339417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a0e917776d9f8b2021-12-21 10:23:37.697root 11241100x8000000000000000339418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3437a9ee86d211bb2021-12-21 10:23:37.697root 11241100x8000000000000000339419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a20e37ce6ad796f2021-12-21 10:23:37.698root 11241100x8000000000000000339420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0ec2f5d8013bf92021-12-21 10:23:37.698root 11241100x8000000000000000339421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2916b7b30f18eb52021-12-21 10:23:37.698root 11241100x8000000000000000339422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1330664813fe88892021-12-21 10:23:37.698root 11241100x8000000000000000339423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9751d787f0ed6eb72021-12-21 10:23:37.698root 11241100x8000000000000000339424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7847e640c0a3fe872021-12-21 10:23:37.698root 11241100x8000000000000000339425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f8c4f701593a962021-12-21 10:23:37.699root 11241100x8000000000000000339426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24322266d712fa92021-12-21 10:23:37.699root 11241100x8000000000000000339427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85caccd8fdad5cca2021-12-21 10:23:37.699root 11241100x8000000000000000339428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c116152b0c1266d32021-12-21 10:23:37.699root 11241100x8000000000000000339429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6356d45b8f9b3df12021-12-21 10:23:37.699root 11241100x8000000000000000339430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6d966e0c4f7a292021-12-21 10:23:37.699root 11241100x8000000000000000339431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fb89cec07195832021-12-21 10:23:37.699root 11241100x8000000000000000339432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9779e31a34ec8df22021-12-21 10:23:37.699root 11241100x8000000000000000339433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3e2657a85fff3a2021-12-21 10:23:37.700root 11241100x8000000000000000339434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96550a3c092120cb2021-12-21 10:23:37.700root 11241100x8000000000000000339435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6101ab918bf724c52021-12-21 10:23:37.700root 11241100x8000000000000000339436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73df50000499b1c32021-12-21 10:23:37.700root 11241100x8000000000000000339437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f0cc612385a4012021-12-21 10:23:37.701root 11241100x8000000000000000339438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0287786aedd7c22021-12-21 10:23:37.701root 11241100x8000000000000000339439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b8ee8d8e719eb32021-12-21 10:23:37.701root 11241100x8000000000000000339440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c672e7288c6f1732021-12-21 10:23:37.701root 11241100x8000000000000000339441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529f30a03bccc34a2021-12-21 10:23:37.701root 11241100x8000000000000000339442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29ea2a4e4098a0c2021-12-21 10:23:37.702root 11241100x8000000000000000339443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5929ad5ecc3f8a42021-12-21 10:23:37.702root 11241100x8000000000000000339444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21bfd22e10003792021-12-21 10:23:37.702root 11241100x8000000000000000339445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fce79cd7bc915212021-12-21 10:23:37.702root 11241100x8000000000000000339446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bcb776044bd7b352021-12-21 10:23:37.702root 11241100x8000000000000000339447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9423866a3d1822eb2021-12-21 10:23:37.703root 11241100x8000000000000000339448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7843a3a9b472525d2021-12-21 10:23:37.703root 11241100x8000000000000000339449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe41fa9dafcb2f882021-12-21 10:23:37.703root 11241100x8000000000000000339450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:37.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5908ef6977932b92021-12-21 10:23:37.703root 354300x8000000000000000339451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.088{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47034-false10.0.1.12-8000- 11241100x8000000000000000339452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc0da080c67cbb02021-12-21 10:23:38.089root 11241100x8000000000000000339453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c633cd7680f5003f2021-12-21 10:23:38.089root 11241100x8000000000000000339454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9eb6b6636a54802021-12-21 10:23:38.089root 11241100x8000000000000000339455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1457b28e02c3a9d22021-12-21 10:23:38.089root 11241100x8000000000000000339456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c7207cf64841c22021-12-21 10:23:38.089root 11241100x8000000000000000339457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4859e3af605a652d2021-12-21 10:23:38.089root 11241100x8000000000000000339458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7f7917bd0cdb382021-12-21 10:23:38.089root 11241100x8000000000000000339459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f28f53b8edb55112021-12-21 10:23:38.089root 11241100x8000000000000000339460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.089{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1114a6371cccf5952021-12-21 10:23:38.089root 11241100x8000000000000000339461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a166f30a7d9060092021-12-21 10:23:38.090root 11241100x8000000000000000339462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952a27f5fdd1d8a12021-12-21 10:23:38.090root 11241100x8000000000000000339463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cddafa99ffc3647c2021-12-21 10:23:38.090root 11241100x8000000000000000339464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f80b086878b03042021-12-21 10:23:38.090root 11241100x8000000000000000339465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211e0e3377dd3bce2021-12-21 10:23:38.090root 11241100x8000000000000000339466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2433aa1257bbd5f22021-12-21 10:23:38.090root 11241100x8000000000000000339467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea73b9c4d638a1742021-12-21 10:23:38.090root 11241100x8000000000000000339468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cdf1f0e550314462021-12-21 10:23:38.090root 11241100x8000000000000000339469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22bfd5c68c7732062021-12-21 10:23:38.090root 11241100x8000000000000000339470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e7345563df36372021-12-21 10:23:38.090root 11241100x8000000000000000339471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.090{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79752ec5b80dd5ca2021-12-21 10:23:38.090root 11241100x8000000000000000339472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f93bf5552b799c72021-12-21 10:23:38.091root 11241100x8000000000000000339473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da474b813597183d2021-12-21 10:23:38.091root 11241100x8000000000000000339474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3afcf9e9119a12522021-12-21 10:23:38.091root 11241100x8000000000000000339475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf7d1fc7e3ebd702021-12-21 10:23:38.091root 11241100x8000000000000000339476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2574dc5d20d3775e2021-12-21 10:23:38.091root 11241100x8000000000000000339477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c98c8578cf300f2021-12-21 10:23:38.091root 11241100x8000000000000000339478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3467df0289868d2021-12-21 10:23:38.091root 11241100x8000000000000000339479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6e38105a7bf23a2021-12-21 10:23:38.091root 11241100x8000000000000000339480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e152ff8a4089397e2021-12-21 10:23:38.091root 11241100x8000000000000000339481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.091{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8de5c1335018bd2021-12-21 10:23:38.091root 11241100x8000000000000000339482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b41d1413c290b532021-12-21 10:23:38.092root 11241100x8000000000000000339483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4486e32ea76f3ac32021-12-21 10:23:38.092root 11241100x8000000000000000339484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1d952974d366952021-12-21 10:23:38.092root 11241100x8000000000000000339485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceee9109c3ac57332021-12-21 10:23:38.092root 11241100x8000000000000000339486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45169c65d2c37852021-12-21 10:23:38.092root 11241100x8000000000000000339487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec03932318821332021-12-21 10:23:38.092root 11241100x8000000000000000339488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bc876f8b49141d2021-12-21 10:23:38.092root 11241100x8000000000000000339489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14464c36d5236d8a2021-12-21 10:23:38.092root 11241100x8000000000000000339490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696774b7c0b638552021-12-21 10:23:38.092root 11241100x8000000000000000339491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f9711c09f8bab62021-12-21 10:23:38.092root 11241100x8000000000000000339492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb794b80af836a942021-12-21 10:23:38.093root 11241100x8000000000000000339493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebae6a21285a8cf12021-12-21 10:23:38.093root 11241100x8000000000000000339494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05cca1bdb2ae08592021-12-21 10:23:38.093root 11241100x8000000000000000339495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227a466cfedce0f52021-12-21 10:23:38.093root 11241100x8000000000000000339496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b090e0d42c205f2021-12-21 10:23:38.093root 11241100x8000000000000000339497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d5f33171d15e422021-12-21 10:23:38.093root 11241100x8000000000000000339498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34ec329e5fddb072021-12-21 10:23:38.093root 11241100x8000000000000000339499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b580b03071a9c0e32021-12-21 10:23:38.093root 11241100x8000000000000000339500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4167311829893b2021-12-21 10:23:38.093root 11241100x8000000000000000339501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377e1338e09c5a0a2021-12-21 10:23:38.093root 11241100x8000000000000000339502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0881f5f26d75af72021-12-21 10:23:38.443root 11241100x8000000000000000339503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc5a26b066aadee2021-12-21 10:23:38.443root 11241100x8000000000000000339504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ad6fe834407cd62021-12-21 10:23:38.444root 11241100x8000000000000000339505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cad053f02e795902021-12-21 10:23:38.444root 11241100x8000000000000000339506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4437c567b5449e292021-12-21 10:23:38.444root 11241100x8000000000000000339507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332f5566f6d10d2e2021-12-21 10:23:38.444root 11241100x8000000000000000339508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eaea4a8323356502021-12-21 10:23:38.444root 11241100x8000000000000000339509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd65f72225d5d2e42021-12-21 10:23:38.445root 11241100x8000000000000000339510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096e19aedbda8c4b2021-12-21 10:23:38.445root 11241100x8000000000000000339511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69cfd44f9cd8ca0d2021-12-21 10:23:38.445root 11241100x8000000000000000339512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7751b4f3b7d825b2021-12-21 10:23:38.445root 11241100x8000000000000000339513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fea6cf94c792fe02021-12-21 10:23:38.445root 11241100x8000000000000000339514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a7b37e9b3369e62021-12-21 10:23:38.445root 11241100x8000000000000000339515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20da18a435d5d1ab2021-12-21 10:23:38.445root 11241100x8000000000000000339516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee67ff231b7012bf2021-12-21 10:23:38.445root 11241100x8000000000000000339517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957dde83adfd7c082021-12-21 10:23:38.445root 11241100x8000000000000000339518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37dee625c8766b982021-12-21 10:23:38.446root 11241100x8000000000000000339519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.028c93c1a5410c012021-12-21 10:23:38.446root 11241100x8000000000000000339520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96beea5d7a223872021-12-21 10:23:38.446root 11241100x8000000000000000339521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d2c363b163b7cd2021-12-21 10:23:38.446root 11241100x8000000000000000339522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6672beafbc5c19e52021-12-21 10:23:38.446root 11241100x8000000000000000339523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2f40e55345d71d2021-12-21 10:23:38.446root 11241100x8000000000000000339524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76948ad2e4a91e522021-12-21 10:23:38.446root 11241100x8000000000000000339525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cab37c9d25cd67a2021-12-21 10:23:38.446root 11241100x8000000000000000339526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ba91a594ba89a92021-12-21 10:23:38.446root 11241100x8000000000000000339527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fb15cbd23398ff2021-12-21 10:23:38.446root 11241100x8000000000000000339528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e038b9847d83222021-12-21 10:23:38.446root 11241100x8000000000000000339529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d397a2544c0c3ca02021-12-21 10:23:38.446root 11241100x8000000000000000339530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294a7cea8cf309fc2021-12-21 10:23:38.447root 11241100x8000000000000000339531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e77f574f6614ac92021-12-21 10:23:38.447root 11241100x8000000000000000339532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1209f92827faae3e2021-12-21 10:23:38.447root 11241100x8000000000000000339533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235b5504bbfbfa482021-12-21 10:23:38.447root 11241100x8000000000000000339534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146560f4d3ec0da92021-12-21 10:23:38.447root 11241100x8000000000000000339535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e072caa504add7a82021-12-21 10:23:38.448root 11241100x8000000000000000339536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef6ce44076bffbb2021-12-21 10:23:38.448root 11241100x8000000000000000339537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da0194cbc9842ad2021-12-21 10:23:38.448root 11241100x8000000000000000339538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0535229ac15555982021-12-21 10:23:38.943root 11241100x8000000000000000339539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac25f4ec678081e12021-12-21 10:23:38.943root 11241100x8000000000000000339540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6fbd400ec0491b2021-12-21 10:23:38.944root 11241100x8000000000000000339541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b255eb4dcb96fa2021-12-21 10:23:38.944root 11241100x8000000000000000339542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfef1d6674102ab2021-12-21 10:23:38.944root 11241100x8000000000000000339543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c0e45fe89df5cb2021-12-21 10:23:38.944root 11241100x8000000000000000339544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1c2f6546160deb2021-12-21 10:23:38.944root 11241100x8000000000000000339545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac6a0d67b928c1f2021-12-21 10:23:38.944root 11241100x8000000000000000339546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac8a72b7328b3312021-12-21 10:23:38.944root 11241100x8000000000000000339547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3584060afacbe8c22021-12-21 10:23:38.944root 11241100x8000000000000000339548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7ff339382442a12021-12-21 10:23:38.944root 11241100x8000000000000000339549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91305aa18c72029e2021-12-21 10:23:38.945root 11241100x8000000000000000339550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae42c38e7de970c72021-12-21 10:23:38.945root 11241100x8000000000000000339551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef2d2be0effad53e2021-12-21 10:23:38.945root 11241100x8000000000000000339552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536335f42defaea52021-12-21 10:23:38.945root 11241100x8000000000000000339553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c868ba68303328282021-12-21 10:23:38.945root 11241100x8000000000000000339554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393c5fff561a11a52021-12-21 10:23:38.945root 11241100x8000000000000000339555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78652c01a3c83dea2021-12-21 10:23:38.945root 11241100x8000000000000000339556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4664828c49fd1722021-12-21 10:23:38.945root 11241100x8000000000000000339557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bec56eac46eebc2021-12-21 10:23:38.945root 11241100x8000000000000000339558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77e76d8b7004bc62021-12-21 10:23:38.946root 11241100x8000000000000000339559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493f73f024aa400b2021-12-21 10:23:38.946root 11241100x8000000000000000339560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c28f2fcf35703992021-12-21 10:23:38.946root 11241100x8000000000000000339561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d11ae02eab2f3a02021-12-21 10:23:38.946root 11241100x8000000000000000339562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa463a42e7ef4f82021-12-21 10:23:38.946root 11241100x8000000000000000339563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f23dbaf805cc2a2021-12-21 10:23:38.946root 11241100x8000000000000000339564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3d2854c9dec6df2021-12-21 10:23:38.946root 11241100x8000000000000000339565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5acc010712b45c2021-12-21 10:23:38.947root 11241100x8000000000000000339566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4e6afc84e2892b2021-12-21 10:23:38.947root 11241100x8000000000000000339567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8547dde18a9be8b12021-12-21 10:23:38.947root 11241100x8000000000000000339568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32bc13b89d847812021-12-21 10:23:38.947root 11241100x8000000000000000339569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2158b2b94846feb2021-12-21 10:23:38.947root 11241100x8000000000000000339570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d06da8bd0e79d32021-12-21 10:23:38.948root 11241100x8000000000000000339571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892bbb6516335c322021-12-21 10:23:38.948root 11241100x8000000000000000339572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8aafb1543146d52021-12-21 10:23:38.948root 11241100x8000000000000000339573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a9f8c43fcf8d0c2021-12-21 10:23:38.949root 11241100x8000000000000000339574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07bcf2f1614d3e242021-12-21 10:23:38.949root 11241100x8000000000000000339575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f1f8e4881a4d4b42021-12-21 10:23:38.949root 11241100x8000000000000000339576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:38.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0109e62cc29eb7a92021-12-21 10:23:38.949root 23542300x8000000000000000339577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.352{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000339578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cba2d7511ce49442021-12-21 10:23:39.352root 11241100x8000000000000000339579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1d842bfdb7869a2021-12-21 10:23:39.353root 11241100x8000000000000000339580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30ae727f06b70b42021-12-21 10:23:39.353root 11241100x8000000000000000339581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09fb74b68252f6102021-12-21 10:23:39.353root 11241100x8000000000000000339582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca64a5d832c58ca2021-12-21 10:23:39.353root 11241100x8000000000000000339583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180b712905157f3e2021-12-21 10:23:39.354root 11241100x8000000000000000339584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fcfa9aef897274c2021-12-21 10:23:39.354root 11241100x8000000000000000339585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a920744feb838da2021-12-21 10:23:39.354root 11241100x8000000000000000339586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae024d1ead64cf92021-12-21 10:23:39.354root 11241100x8000000000000000339587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f50b19f678d66242021-12-21 10:23:39.355root 11241100x8000000000000000339588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346e516c1e0211332021-12-21 10:23:39.355root 11241100x8000000000000000339589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f78b7c835f2f912021-12-21 10:23:39.356root 11241100x8000000000000000339590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40de523844cbd3fc2021-12-21 10:23:39.356root 11241100x8000000000000000339591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4e4fc96c6569df2021-12-21 10:23:39.356root 11241100x8000000000000000339592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3dd9c42d49dbb542021-12-21 10:23:39.357root 11241100x8000000000000000339593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778c2aaae3d8304a2021-12-21 10:23:39.357root 11241100x8000000000000000339594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30595d05c4147a292021-12-21 10:23:39.357root 11241100x8000000000000000339595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5ac245655c9fb22021-12-21 10:23:39.357root 11241100x8000000000000000339596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef571761370548472021-12-21 10:23:39.357root 11241100x8000000000000000339597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.358{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f895b84e93f1dc852021-12-21 10:23:39.358root 11241100x8000000000000000339598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.358{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81069a3cfda555a32021-12-21 10:23:39.358root 11241100x8000000000000000339599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.358{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb0c9402e398e1e2021-12-21 10:23:39.358root 11241100x8000000000000000339600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.358{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f48c3c263869df92021-12-21 10:23:39.358root 11241100x8000000000000000339601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.358{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4afdb8e0b1e5b382021-12-21 10:23:39.358root 11241100x8000000000000000339602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.358{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae8248dc43f992b2021-12-21 10:23:39.358root 11241100x8000000000000000339603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.359{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60776b9dd9b5d3a2021-12-21 10:23:39.359root 11241100x8000000000000000339604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.359{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2090c6672c645f702021-12-21 10:23:39.359root 11241100x8000000000000000339605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.359{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c7f250cb3975102021-12-21 10:23:39.359root 11241100x8000000000000000339606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.360{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516afd74b73be9a82021-12-21 10:23:39.360root 11241100x8000000000000000339607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.360{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806c288479ee4a6e2021-12-21 10:23:39.360root 11241100x8000000000000000339608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.361{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb924cb172ec9fe2021-12-21 10:23:39.361root 11241100x8000000000000000339609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.361{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0de6e13a5f72b502021-12-21 10:23:39.361root 11241100x8000000000000000339610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.361{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eed0032417f3c222021-12-21 10:23:39.361root 11241100x8000000000000000339611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.361{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742c7901a34c08482021-12-21 10:23:39.361root 11241100x8000000000000000339612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.361{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafbb8994ab50b512021-12-21 10:23:39.361root 11241100x8000000000000000339613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.361{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2216e10b8db4ba1f2021-12-21 10:23:39.361root 11241100x8000000000000000339614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003f9d6d24a218e62021-12-21 10:23:39.694root 11241100x8000000000000000339615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edee988ca54ac36b2021-12-21 10:23:39.694root 11241100x8000000000000000339616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1110eb85158dfef12021-12-21 10:23:39.694root 11241100x8000000000000000339617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6664e11fbae8e5f42021-12-21 10:23:39.694root 11241100x8000000000000000339618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec6925924514c5c2021-12-21 10:23:39.694root 11241100x8000000000000000339619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68688d5d26f9ec422021-12-21 10:23:39.694root 11241100x8000000000000000339620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56237ed44a2286152021-12-21 10:23:39.695root 11241100x8000000000000000339621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bed084b8477673c2021-12-21 10:23:39.695root 11241100x8000000000000000339622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c683a918586e4ad2021-12-21 10:23:39.695root 11241100x8000000000000000339623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d04f9a479ed34842021-12-21 10:23:39.695root 11241100x8000000000000000339624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d84ce4b84d3da22021-12-21 10:23:39.696root 11241100x8000000000000000339625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5167b25f2b2f3d632021-12-21 10:23:39.696root 11241100x8000000000000000339626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4481cae8fdbdc72021-12-21 10:23:39.696root 11241100x8000000000000000339627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2250e06c3f66dfac2021-12-21 10:23:39.697root 11241100x8000000000000000339628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38466586aa8a5b5f2021-12-21 10:23:39.697root 11241100x8000000000000000339629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b621796f57ce1512021-12-21 10:23:39.697root 11241100x8000000000000000339630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92919fbe3aba30ac2021-12-21 10:23:39.697root 11241100x8000000000000000339631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728ad65bac068c522021-12-21 10:23:39.697root 11241100x8000000000000000339632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411e507bc7b909fa2021-12-21 10:23:39.698root 11241100x8000000000000000339633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8bec5e34aabb3532021-12-21 10:23:39.698root 11241100x8000000000000000339634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0438af394bb327e32021-12-21 10:23:39.698root 11241100x8000000000000000339635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f434ae8f24c4d522021-12-21 10:23:39.699root 11241100x8000000000000000339636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06333398527e8af12021-12-21 10:23:39.699root 11241100x8000000000000000339637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051b039a694aa84d2021-12-21 10:23:39.699root 11241100x8000000000000000339638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745c447d5fbd70c82021-12-21 10:23:39.699root 11241100x8000000000000000339639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c20414d7e585762021-12-21 10:23:39.700root 11241100x8000000000000000339640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e1d31c8c433f9c2021-12-21 10:23:39.700root 11241100x8000000000000000339641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3e091fa20e8b052021-12-21 10:23:39.700root 11241100x8000000000000000339642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993d09da5405af142021-12-21 10:23:39.701root 11241100x8000000000000000339643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4d44671d0846fb2021-12-21 10:23:39.701root 11241100x8000000000000000339644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d0a25c727a40e32021-12-21 10:23:39.701root 11241100x8000000000000000339645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719cdd47f9f6af9e2021-12-21 10:23:39.701root 11241100x8000000000000000339646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff61fe3b58522b882021-12-21 10:23:39.702root 11241100x8000000000000000339647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56784ba8332043b82021-12-21 10:23:39.702root 11241100x8000000000000000339648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e62c5fb99bf0632021-12-21 10:23:39.702root 11241100x8000000000000000339649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e96ef31f8293422021-12-21 10:23:39.702root 11241100x8000000000000000339650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:39.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155c7dc69ac5ceab2021-12-21 10:23:39.703root 11241100x8000000000000000339651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e7c8df4a7f5de32021-12-21 10:23:40.194root 11241100x8000000000000000339652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86846f19ae1d09682021-12-21 10:23:40.194root 11241100x8000000000000000339653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76c2f8f124a5aa32021-12-21 10:23:40.194root 11241100x8000000000000000339654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7d206d506fefee2021-12-21 10:23:40.195root 11241100x8000000000000000339655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7dc15d40e5a08a2021-12-21 10:23:40.195root 11241100x8000000000000000339656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549418947bc3dd762021-12-21 10:23:40.195root 11241100x8000000000000000339657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da73638950ce6872021-12-21 10:23:40.195root 11241100x8000000000000000339658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984ec17e2b6e37e72021-12-21 10:23:40.195root 11241100x8000000000000000339659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248136dcc6e4b8ac2021-12-21 10:23:40.196root 11241100x8000000000000000339660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112fc4c6a618e7432021-12-21 10:23:40.196root 11241100x8000000000000000339661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59fd40ad84b56aa72021-12-21 10:23:40.196root 11241100x8000000000000000339662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab0629c1f26c8e02021-12-21 10:23:40.196root 11241100x8000000000000000339663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7d656ebf083a2e2021-12-21 10:23:40.196root 11241100x8000000000000000339664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ef272db52ef0332021-12-21 10:23:40.196root 11241100x8000000000000000339665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a457054da57049342021-12-21 10:23:40.197root 11241100x8000000000000000339666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc44f0fbc639a7522021-12-21 10:23:40.197root 11241100x8000000000000000339667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49194602feaaa2b62021-12-21 10:23:40.198root 11241100x8000000000000000339668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf64851087af1ed62021-12-21 10:23:40.198root 11241100x8000000000000000339669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02753039dcba3202021-12-21 10:23:40.198root 11241100x8000000000000000339670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6d9aae7056d1002021-12-21 10:23:40.198root 11241100x8000000000000000339671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0471c8c9bdabba2021-12-21 10:23:40.198root 11241100x8000000000000000339672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19155e2e7dbed23b2021-12-21 10:23:40.199root 11241100x8000000000000000339673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f61d7131fc5f1e2021-12-21 10:23:40.199root 11241100x8000000000000000339674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06c9d8ea259eae62021-12-21 10:23:40.199root 11241100x8000000000000000339675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8447509b7233a09a2021-12-21 10:23:40.199root 11241100x8000000000000000339676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5792b2eee32ab7e2021-12-21 10:23:40.199root 11241100x8000000000000000339677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531cc4185df5b7ba2021-12-21 10:23:40.199root 11241100x8000000000000000339678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd5b77d4b96ef762021-12-21 10:23:40.199root 11241100x8000000000000000339679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251a77f389e2badc2021-12-21 10:23:40.199root 11241100x8000000000000000339680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08a854af6147f092021-12-21 10:23:40.199root 11241100x8000000000000000339681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62addacafa96d302021-12-21 10:23:40.200root 11241100x8000000000000000339682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e75233618e5af332021-12-21 10:23:40.200root 11241100x8000000000000000339683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5528e5295d27e9852021-12-21 10:23:40.201root 11241100x8000000000000000339684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928d1099da1bb3902021-12-21 10:23:40.201root 11241100x8000000000000000339685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6030c9488c99eb2021-12-21 10:23:40.202root 11241100x8000000000000000339686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278cfc22a7c145272021-12-21 10:23:40.203root 11241100x8000000000000000339687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7db52cac0adaaa2021-12-21 10:23:40.203root 11241100x8000000000000000339688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8c28132c6bb35f2021-12-21 10:23:40.204root 11241100x8000000000000000339689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62dc3ccc3d42c6c72021-12-21 10:23:40.204root 11241100x8000000000000000339690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f263e16b0a79aa922021-12-21 10:23:40.204root 11241100x8000000000000000339691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c674ba573c0cd5052021-12-21 10:23:40.692root 11241100x8000000000000000339692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6055eb0a02c567872021-12-21 10:23:40.693root 11241100x8000000000000000339693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98658e369b6a93642021-12-21 10:23:40.693root 11241100x8000000000000000339694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8613180b9d3b5652021-12-21 10:23:40.693root 11241100x8000000000000000339695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d024bf1ad40f7d92021-12-21 10:23:40.693root 11241100x8000000000000000339696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeec93a42da1b8212021-12-21 10:23:40.693root 11241100x8000000000000000339697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ac11975ac0e2e02021-12-21 10:23:40.693root 11241100x8000000000000000339698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1d9520bc29a0c72021-12-21 10:23:40.694root 11241100x8000000000000000339699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c161f29c02ded1f22021-12-21 10:23:40.694root 11241100x8000000000000000339700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f777f2835e5212622021-12-21 10:23:40.694root 11241100x8000000000000000339701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf22da7276174cdd2021-12-21 10:23:40.694root 11241100x8000000000000000339702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51a37a206620a7f2021-12-21 10:23:40.694root 11241100x8000000000000000339703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1a2765c061d54d92021-12-21 10:23:40.695root 11241100x8000000000000000339704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6304de2fe53f2b1a2021-12-21 10:23:40.695root 11241100x8000000000000000339705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08cb3f5e928d4e202021-12-21 10:23:40.695root 11241100x8000000000000000339706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31eb21cc008ce2112021-12-21 10:23:40.695root 11241100x8000000000000000339707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9e8b5a7fae4a622021-12-21 10:23:40.695root 11241100x8000000000000000339708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b979bb1439cbed2021-12-21 10:23:40.696root 11241100x8000000000000000339709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756fdcb875b36b532021-12-21 10:23:40.696root 11241100x8000000000000000339710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6734cb600d3589002021-12-21 10:23:40.696root 11241100x8000000000000000339711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2de16814a81c392021-12-21 10:23:40.696root 11241100x8000000000000000339712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c2508f2f4f2cec2021-12-21 10:23:40.696root 11241100x8000000000000000339713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8127f786c083402021-12-21 10:23:40.697root 11241100x8000000000000000339714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194c443726c054332021-12-21 10:23:40.697root 11241100x8000000000000000339715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07153fdb3f872592021-12-21 10:23:40.697root 11241100x8000000000000000339716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c2dcd3c64fd5b82021-12-21 10:23:40.697root 11241100x8000000000000000339717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b37955def776ae42021-12-21 10:23:40.697root 11241100x8000000000000000339718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1214c7bc4eb48aab2021-12-21 10:23:40.697root 11241100x8000000000000000339719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654900225d2fe2012021-12-21 10:23:40.698root 11241100x8000000000000000339720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4efdfcd09bcb22e2021-12-21 10:23:40.698root 11241100x8000000000000000339721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9091ca5801d4bd902021-12-21 10:23:40.698root 11241100x8000000000000000339722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ca4298b57119882021-12-21 10:23:40.699root 11241100x8000000000000000339723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b8ab2c97714d132021-12-21 10:23:40.699root 11241100x8000000000000000339724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a83ed300b194cace2021-12-21 10:23:40.699root 11241100x8000000000000000339725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3829f950e52ded2021-12-21 10:23:40.699root 11241100x8000000000000000339726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d11a1009f942c452021-12-21 10:23:40.700root 11241100x8000000000000000339727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad18d8c4b25dd342021-12-21 10:23:40.700root 11241100x8000000000000000339728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ed9ac14ee888cb2021-12-21 10:23:40.700root 11241100x8000000000000000339729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045d9447f475117b2021-12-21 10:23:40.700root 11241100x8000000000000000339730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762ee23f4ecfedc52021-12-21 10:23:40.701root 11241100x8000000000000000339731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a897bc923bfa1eca2021-12-21 10:23:40.701root 11241100x8000000000000000339732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e876c5564b6a9ebf2021-12-21 10:23:40.701root 11241100x8000000000000000339733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7208bc5fd852642021-12-21 10:23:40.701root 11241100x8000000000000000339734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2f7b23fc9d12d92021-12-21 10:23:40.701root 11241100x8000000000000000339735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8729a1c5428af4a2021-12-21 10:23:40.702root 11241100x8000000000000000339736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:40.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2671c0a72c88de82021-12-21 10:23:40.702root 11241100x8000000000000000339737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894496552e2bf22c2021-12-21 10:23:41.193root 11241100x8000000000000000339738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0360cb3d0e87a2782021-12-21 10:23:41.193root 11241100x8000000000000000339739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a888f1ee78326af12021-12-21 10:23:41.194root 11241100x8000000000000000339740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f108150c21f0df002021-12-21 10:23:41.194root 11241100x8000000000000000339741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da454c49b7dbc4d2021-12-21 10:23:41.194root 11241100x8000000000000000339742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503b51e25a1d35ab2021-12-21 10:23:41.194root 11241100x8000000000000000339743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3013e13591d9a0f92021-12-21 10:23:41.194root 11241100x8000000000000000339744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4377272a216047432021-12-21 10:23:41.194root 11241100x8000000000000000339745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a4f41e8f9473232021-12-21 10:23:41.194root 11241100x8000000000000000339746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3eb181639797172021-12-21 10:23:41.195root 11241100x8000000000000000339747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7f2ac372652de72021-12-21 10:23:41.195root 11241100x8000000000000000339748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc08b463fba450db2021-12-21 10:23:41.195root 11241100x8000000000000000339749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd9849ca429caf12021-12-21 10:23:41.195root 11241100x8000000000000000339750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453b98cc0afd38c52021-12-21 10:23:41.195root 11241100x8000000000000000339751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c984c4a7d8fe0d2021-12-21 10:23:41.195root 11241100x8000000000000000339752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b77e13e29c8b692021-12-21 10:23:41.195root 11241100x8000000000000000339753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0035db2719e6982021-12-21 10:23:41.195root 11241100x8000000000000000339754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b3dad3c2f7e8e32021-12-21 10:23:41.195root 11241100x8000000000000000339755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa632b45332f8232021-12-21 10:23:41.195root 11241100x8000000000000000339756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4941c261adb2972021-12-21 10:23:41.196root 11241100x8000000000000000339757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324f5c03de77ae112021-12-21 10:23:41.196root 11241100x8000000000000000339758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c76993c6548e1e2021-12-21 10:23:41.196root 11241100x8000000000000000339759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff63b58be7a093d52021-12-21 10:23:41.196root 11241100x8000000000000000339760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b9b80bf2d2f33b2021-12-21 10:23:41.196root 11241100x8000000000000000339761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce13c1447dd31ef2021-12-21 10:23:41.196root 11241100x8000000000000000339762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6f78f707be9b122021-12-21 10:23:41.196root 11241100x8000000000000000339763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446414c1db02df882021-12-21 10:23:41.196root 11241100x8000000000000000339764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11763e6bd7161122021-12-21 10:23:41.196root 11241100x8000000000000000339765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29bd0138961c3bc02021-12-21 10:23:41.197root 11241100x8000000000000000339766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4d0c5d0ceb6b252021-12-21 10:23:41.197root 11241100x8000000000000000339767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2824ebcbc2cf3d9d2021-12-21 10:23:41.197root 11241100x8000000000000000339768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e305cdfb93c8abd22021-12-21 10:23:41.197root 11241100x8000000000000000339769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d1ab4a9e4ad38d2021-12-21 10:23:41.197root 11241100x8000000000000000339770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4546543408db552021-12-21 10:23:41.197root 11241100x8000000000000000339771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31321df0ff3db992021-12-21 10:23:41.197root 11241100x8000000000000000339772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef18065a12906392021-12-21 10:23:41.198root 11241100x8000000000000000339773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0452f6260564e12021-12-21 10:23:41.198root 11241100x8000000000000000339774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54d091ffd89be252021-12-21 10:23:41.198root 11241100x8000000000000000339775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7e6ecffc6aefef2021-12-21 10:23:41.198root 11241100x8000000000000000339776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ca4a20229ade9d2021-12-21 10:23:41.198root 11241100x8000000000000000339777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705dc9a7ff4efe0c2021-12-21 10:23:41.198root 11241100x8000000000000000339778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20729db39c46195d2021-12-21 10:23:41.693root 11241100x8000000000000000339779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44167da77ef7ee922021-12-21 10:23:41.693root 11241100x8000000000000000339780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd0edf132f28ab82021-12-21 10:23:41.694root 11241100x8000000000000000339781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5014eb26084031392021-12-21 10:23:41.694root 11241100x8000000000000000339782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0baf06c13414842021-12-21 10:23:41.694root 11241100x8000000000000000339783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763fd6aea468db822021-12-21 10:23:41.694root 11241100x8000000000000000339784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc99d2aab594e7982021-12-21 10:23:41.695root 11241100x8000000000000000339785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2d79767c655cf52021-12-21 10:23:41.695root 11241100x8000000000000000339786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a951df4c3137a9552021-12-21 10:23:41.695root 11241100x8000000000000000339787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bddf524dcfd7f92021-12-21 10:23:41.695root 11241100x8000000000000000339788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4c4eabf5a9b1ab2021-12-21 10:23:41.696root 11241100x8000000000000000339789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d892ea0cd671952021-12-21 10:23:41.696root 11241100x8000000000000000339790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae81954c34efb0a32021-12-21 10:23:41.696root 11241100x8000000000000000339791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a971ef866dd29a302021-12-21 10:23:41.696root 11241100x8000000000000000339792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd271a14242196392021-12-21 10:23:41.697root 11241100x8000000000000000339793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e536a3c79f7b6d12021-12-21 10:23:41.697root 11241100x8000000000000000339794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803cd1ea0f2be7442021-12-21 10:23:41.697root 11241100x8000000000000000339795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22020b9ce7119d532021-12-21 10:23:41.698root 11241100x8000000000000000339796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fefda23a463f83f2021-12-21 10:23:41.698root 11241100x8000000000000000339797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910cc6d1e1dae1862021-12-21 10:23:41.698root 11241100x8000000000000000339798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faab744ee50b08ab2021-12-21 10:23:41.699root 11241100x8000000000000000339799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54665924dadb89022021-12-21 10:23:41.699root 11241100x8000000000000000339800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4145d0380b91b36d2021-12-21 10:23:41.699root 11241100x8000000000000000339801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756eb2486c9454532021-12-21 10:23:41.700root 11241100x8000000000000000339802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd7ee64485b9dba2021-12-21 10:23:41.700root 11241100x8000000000000000339803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935b0fa8418798cb2021-12-21 10:23:41.700root 11241100x8000000000000000339804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9b5b3e7b281a1f2021-12-21 10:23:41.701root 11241100x8000000000000000339805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56eba90615de46d2021-12-21 10:23:41.701root 11241100x8000000000000000339806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5454be00b111c50e2021-12-21 10:23:41.702root 11241100x8000000000000000339807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d61ae95891f38442021-12-21 10:23:41.702root 11241100x8000000000000000339808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55af6d8ad6bcf9a2021-12-21 10:23:41.702root 11241100x8000000000000000339809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a5fec7cc17436e2021-12-21 10:23:41.703root 11241100x8000000000000000339810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70fb2801fefae7bb2021-12-21 10:23:41.703root 11241100x8000000000000000339811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f45543efad68682021-12-21 10:23:41.703root 11241100x8000000000000000339812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d182bf3437743922021-12-21 10:23:41.704root 11241100x8000000000000000339813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88605ee7e34e24752021-12-21 10:23:41.704root 11241100x8000000000000000339814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ba20174aa51bc02021-12-21 10:23:41.704root 11241100x8000000000000000339815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313a36800197543b2021-12-21 10:23:41.704root 11241100x8000000000000000339816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:41.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47394fb85dfb8b712021-12-21 10:23:41.704root 11241100x8000000000000000339817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3697920b9ef9faf2021-12-21 10:23:42.193root 11241100x8000000000000000339818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d6ba6a661e26132021-12-21 10:23:42.194root 11241100x8000000000000000339819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9148fb1ffa829f192021-12-21 10:23:42.194root 11241100x8000000000000000339820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5fe6440af1f15f2021-12-21 10:23:42.194root 11241100x8000000000000000339821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4dcae1c59eab352021-12-21 10:23:42.194root 11241100x8000000000000000339822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af85f2bc093bd5e52021-12-21 10:23:42.194root 11241100x8000000000000000339823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.097ca4f05c440dc32021-12-21 10:23:42.194root 11241100x8000000000000000339824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920c497fab77a9b82021-12-21 10:23:42.194root 11241100x8000000000000000339825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646d4e9a446705f62021-12-21 10:23:42.194root 11241100x8000000000000000339826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064326dc568180802021-12-21 10:23:42.194root 11241100x8000000000000000339827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7b5056c1b722a52021-12-21 10:23:42.195root 11241100x8000000000000000339828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5bda92dcc8eefc12021-12-21 10:23:42.195root 11241100x8000000000000000339829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13f0ba7963d2fd42021-12-21 10:23:42.195root 11241100x8000000000000000339830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2325c0a774998322021-12-21 10:23:42.195root 11241100x8000000000000000339831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1922e495db0fb9ce2021-12-21 10:23:42.195root 11241100x8000000000000000339832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f3e785956df9e62021-12-21 10:23:42.195root 11241100x8000000000000000339833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c67ae502f5523062021-12-21 10:23:42.195root 11241100x8000000000000000339834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f567b0cd23d40542021-12-21 10:23:42.195root 11241100x8000000000000000339835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e278721e5942f752021-12-21 10:23:42.196root 11241100x8000000000000000339836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b9518766e03cd12021-12-21 10:23:42.196root 11241100x8000000000000000339837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e9e42dccd5341d2021-12-21 10:23:42.196root 11241100x8000000000000000339838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e69c72617b598c2021-12-21 10:23:42.196root 11241100x8000000000000000339839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f6281897a870aa2021-12-21 10:23:42.196root 11241100x8000000000000000339840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ccb54d96b7ff8642021-12-21 10:23:42.196root 11241100x8000000000000000339841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37486e6f64d479fb2021-12-21 10:23:42.196root 11241100x8000000000000000339842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55fcf4074300a162021-12-21 10:23:42.196root 11241100x8000000000000000339843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c34a3fc0539c952021-12-21 10:23:42.196root 11241100x8000000000000000339844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c009a8efcd0bef2021-12-21 10:23:42.197root 11241100x8000000000000000339845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c67cfd4e5d3de912021-12-21 10:23:42.198root 11241100x8000000000000000339846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a06dbbc12817c602021-12-21 10:23:42.198root 11241100x8000000000000000339847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4488b9d2ebfb0092021-12-21 10:23:42.198root 11241100x8000000000000000339848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7cd729cbd7a3f812021-12-21 10:23:42.198root 11241100x8000000000000000339849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3c3aa20351624e2021-12-21 10:23:42.198root 11241100x8000000000000000339850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc8137125f9d9672021-12-21 10:23:42.199root 11241100x8000000000000000339851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1bb5cdd51bc70a2021-12-21 10:23:42.199root 11241100x8000000000000000339852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05c304bcde206b92021-12-21 10:23:42.199root 11241100x8000000000000000339853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d12b4b7b7fc000e2021-12-21 10:23:42.199root 11241100x8000000000000000339854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3af41019ad4be02021-12-21 10:23:42.199root 11241100x8000000000000000339855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864fe2d99abec1e12021-12-21 10:23:42.199root 11241100x8000000000000000339856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49772fd9e58222d2021-12-21 10:23:42.199root 11241100x8000000000000000339857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6431cac45e4f732d2021-12-21 10:23:42.199root 11241100x8000000000000000339858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0116253cca7be3aa2021-12-21 10:23:42.199root 11241100x8000000000000000339859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3078030d81b09d2021-12-21 10:23:42.199root 11241100x8000000000000000339860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db212af3ac447a22021-12-21 10:23:42.200root 11241100x8000000000000000339861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4b0e006af4c7d42021-12-21 10:23:42.693root 11241100x8000000000000000339862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b26c79218a34572021-12-21 10:23:42.693root 11241100x8000000000000000339863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18dd8c2ea2bdc9f82021-12-21 10:23:42.693root 11241100x8000000000000000339864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bd8c4bc8accf51c2021-12-21 10:23:42.694root 11241100x8000000000000000339865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f46773a66ef2882021-12-21 10:23:42.694root 11241100x8000000000000000339866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a56a388c8d2b52c52021-12-21 10:23:42.694root 11241100x8000000000000000339867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4cd0718b6402f9f2021-12-21 10:23:42.694root 11241100x8000000000000000339868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72cb65bb06842d852021-12-21 10:23:42.694root 11241100x8000000000000000339869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e579bc1aca2e64f2021-12-21 10:23:42.694root 11241100x8000000000000000339870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd8f3cd816b2ee42021-12-21 10:23:42.694root 11241100x8000000000000000339871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798b841e9a3be82d2021-12-21 10:23:42.694root 11241100x8000000000000000339872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f6677fe75d10c62021-12-21 10:23:42.695root 11241100x8000000000000000339873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93102161ceba25e72021-12-21 10:23:42.695root 11241100x8000000000000000339874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0120f9fbeeed8a6d2021-12-21 10:23:42.695root 11241100x8000000000000000339875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b423dd2c78685bb2021-12-21 10:23:42.695root 11241100x8000000000000000339876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35dc10cf389b79082021-12-21 10:23:42.695root 11241100x8000000000000000339877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b4ecc417b909132021-12-21 10:23:42.696root 11241100x8000000000000000339878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27553a3256e4901e2021-12-21 10:23:42.696root 11241100x8000000000000000339879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fe6d32237f96d492021-12-21 10:23:42.696root 11241100x8000000000000000339880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8c2cff9a744c3d2021-12-21 10:23:42.696root 11241100x8000000000000000339881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5f10c82cd20da22021-12-21 10:23:42.697root 11241100x8000000000000000339882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075ddd0909f424462021-12-21 10:23:42.697root 11241100x8000000000000000339883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49737c682be7ce122021-12-21 10:23:42.697root 11241100x8000000000000000339884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d5e88da3433e232021-12-21 10:23:42.697root 11241100x8000000000000000339885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d12492d15e026f2021-12-21 10:23:42.698root 11241100x8000000000000000339886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895e248e6aa77dac2021-12-21 10:23:42.698root 11241100x8000000000000000339887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf338b7dfcecce32021-12-21 10:23:42.698root 11241100x8000000000000000339888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a42f34af98cd612021-12-21 10:23:42.698root 11241100x8000000000000000339889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265322cd17a2e30d2021-12-21 10:23:42.698root 11241100x8000000000000000339890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bbb190febb52a772021-12-21 10:23:42.698root 11241100x8000000000000000339891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f142efce6524c2682021-12-21 10:23:42.699root 11241100x8000000000000000339892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c354a305934891052021-12-21 10:23:42.699root 11241100x8000000000000000339893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fca3d0c6878bac2021-12-21 10:23:42.699root 11241100x8000000000000000339894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b4687d8be2cb0a2021-12-21 10:23:42.699root 11241100x8000000000000000339895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a881c6847850a782021-12-21 10:23:42.699root 11241100x8000000000000000339896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce7ca50057c622f2021-12-21 10:23:42.699root 11241100x8000000000000000339897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4adad59b833031532021-12-21 10:23:42.700root 11241100x8000000000000000339898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.551dd0c9b94a4abe2021-12-21 10:23:42.700root 11241100x8000000000000000339899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1adb767d66b776d2021-12-21 10:23:42.700root 11241100x8000000000000000339900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9de45e27351100f2021-12-21 10:23:42.700root 11241100x8000000000000000339901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0da39949861ec8a2021-12-21 10:23:42.700root 11241100x8000000000000000339902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ef76b6c2fb2c262021-12-21 10:23:42.700root 11241100x8000000000000000339903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ad2ae7c10941932021-12-21 10:23:42.701root 11241100x8000000000000000339904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2c7c2e9717a05f2021-12-21 10:23:42.701root 11241100x8000000000000000339905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20d195612b242b02021-12-21 10:23:42.701root 11241100x8000000000000000339906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca18e4bf2c9b36b2021-12-21 10:23:42.701root 11241100x8000000000000000339907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0485ba423f2530962021-12-21 10:23:42.701root 11241100x8000000000000000339908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c261b9de18394a2021-12-21 10:23:42.701root 11241100x8000000000000000339909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:42.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b6aa7cd4cd71342021-12-21 10:23:42.702root 11241100x8000000000000000339910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b86fe7c7107b6912021-12-21 10:23:43.193root 11241100x8000000000000000339911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcf46a581d18d13d2021-12-21 10:23:43.193root 11241100x8000000000000000339912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53bfb68a1e39880b2021-12-21 10:23:43.194root 11241100x8000000000000000339913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce4f61fe81a1abe2021-12-21 10:23:43.194root 11241100x8000000000000000339914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1c2e98d6256f7e2021-12-21 10:23:43.194root 11241100x8000000000000000339915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594778e7ed8af6782021-12-21 10:23:43.194root 11241100x8000000000000000339916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d9b24e391a20b92021-12-21 10:23:43.194root 11241100x8000000000000000339917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a209929ceeac842021-12-21 10:23:43.195root 11241100x8000000000000000339918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55a898237c6a7182021-12-21 10:23:43.195root 11241100x8000000000000000339919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfca77c968cce752021-12-21 10:23:43.195root 11241100x8000000000000000339920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d633dec2f72f44952021-12-21 10:23:43.195root 11241100x8000000000000000339921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9543188c172fa1c22021-12-21 10:23:43.195root 11241100x8000000000000000339922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874ef04d3244c3c12021-12-21 10:23:43.195root 11241100x8000000000000000339923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36493c5dd2a50da2021-12-21 10:23:43.196root 11241100x8000000000000000339924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068827e93c18f8352021-12-21 10:23:43.196root 11241100x8000000000000000339925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d6be5938515f072021-12-21 10:23:43.196root 11241100x8000000000000000339926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775ec6074de78b542021-12-21 10:23:43.196root 11241100x8000000000000000339927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3607c7e3f21e692021-12-21 10:23:43.196root 11241100x8000000000000000339928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5285681d9f6f5db32021-12-21 10:23:43.197root 11241100x8000000000000000339929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab3422033b93f4d2021-12-21 10:23:43.197root 11241100x8000000000000000339930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a1dfc1e29afbf62021-12-21 10:23:43.197root 11241100x8000000000000000339931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.944e8b3e0158d20e2021-12-21 10:23:43.198root 11241100x8000000000000000339932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8356869ca69449e82021-12-21 10:23:43.198root 11241100x8000000000000000339933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5086c190eba6cb2021-12-21 10:23:43.198root 11241100x8000000000000000339934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ac0efdfacff8912021-12-21 10:23:43.198root 11241100x8000000000000000339935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ea86f52986da812021-12-21 10:23:43.198root 11241100x8000000000000000339936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f2515d5a3089012021-12-21 10:23:43.198root 11241100x8000000000000000339937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debbdd57ff2bcbd42021-12-21 10:23:43.199root 11241100x8000000000000000339938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce9712818a5dd2a92021-12-21 10:23:43.199root 11241100x8000000000000000339939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11389fb6b90bdd3d2021-12-21 10:23:43.199root 11241100x8000000000000000339940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c06a8abb688d2362021-12-21 10:23:43.199root 11241100x8000000000000000339941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe119bf02bfa06c2021-12-21 10:23:43.199root 11241100x8000000000000000339942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3a57ec68b648242021-12-21 10:23:43.199root 11241100x8000000000000000339943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64307287c512b4702021-12-21 10:23:43.199root 11241100x8000000000000000339944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7d4164ac79f5eb2021-12-21 10:23:43.199root 11241100x8000000000000000339945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112feb3ccf4453652021-12-21 10:23:43.199root 11241100x8000000000000000339946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58b118c121228c02021-12-21 10:23:43.200root 354300x8000000000000000339947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.226{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47036-false10.0.1.12-8000- 11241100x8000000000000000339948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9225d02e1c7947732021-12-21 10:23:43.693root 11241100x8000000000000000339949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca63288b9631741a2021-12-21 10:23:43.693root 11241100x8000000000000000339950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260b1409129da1ac2021-12-21 10:23:43.693root 11241100x8000000000000000339951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc47a84656709b872021-12-21 10:23:43.693root 11241100x8000000000000000339952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b72961a5f2fb2b2021-12-21 10:23:43.694root 11241100x8000000000000000339953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b333dddf82276c142021-12-21 10:23:43.694root 11241100x8000000000000000339954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4730f70b4c0aa8da2021-12-21 10:23:43.694root 11241100x8000000000000000339955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0e52da280c4bab72021-12-21 10:23:43.694root 11241100x8000000000000000339956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee99f1773e9935852021-12-21 10:23:43.694root 11241100x8000000000000000339957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965994d949c519952021-12-21 10:23:43.694root 11241100x8000000000000000339958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b87847fa686a02a2021-12-21 10:23:43.694root 11241100x8000000000000000339959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4069f2283c1908de2021-12-21 10:23:43.694root 11241100x8000000000000000339960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3444c3252530b0e12021-12-21 10:23:43.694root 11241100x8000000000000000339961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c0e6fdb08184c22021-12-21 10:23:43.694root 11241100x8000000000000000339962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef8b0ae67aa5d762021-12-21 10:23:43.695root 11241100x8000000000000000339963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f67d6a707138cb2021-12-21 10:23:43.695root 11241100x8000000000000000339964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff3e31d98d20a882021-12-21 10:23:43.695root 11241100x8000000000000000339965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d085de2771618d22021-12-21 10:23:43.696root 11241100x8000000000000000339966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec89ecb56742a1242021-12-21 10:23:43.696root 11241100x8000000000000000339967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602ecda8025284592021-12-21 10:23:43.696root 11241100x8000000000000000339968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30db9de9f28403b32021-12-21 10:23:43.697root 11241100x8000000000000000339969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb2ef29b639ba142021-12-21 10:23:43.697root 11241100x8000000000000000339970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e577440b5309852021-12-21 10:23:43.697root 11241100x8000000000000000339971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e326716bbac122fa2021-12-21 10:23:43.697root 11241100x8000000000000000339972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.529f64a7bd0b86c82021-12-21 10:23:43.697root 11241100x8000000000000000339973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c869ba4944f6f4f2021-12-21 10:23:43.698root 11241100x8000000000000000339974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e98cb6d580cd0492021-12-21 10:23:43.698root 11241100x8000000000000000339975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25bf0ef5b09301d12021-12-21 10:23:43.698root 11241100x8000000000000000339976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cd68f221fd277b2021-12-21 10:23:43.698root 11241100x8000000000000000339977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0042356bdc4480c2021-12-21 10:23:43.698root 11241100x8000000000000000339978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40349efaa102aba2021-12-21 10:23:43.699root 11241100x8000000000000000339979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe3e28edae8b9632021-12-21 10:23:43.699root 11241100x8000000000000000339980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34cfb41ff0ff4bd82021-12-21 10:23:43.699root 11241100x8000000000000000339981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d93b54b4644e472021-12-21 10:23:43.699root 11241100x8000000000000000339982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa51fb283f373e52021-12-21 10:23:43.699root 11241100x8000000000000000339983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327a16e17a132ebb2021-12-21 10:23:43.699root 11241100x8000000000000000339984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d48ef667a5a99532021-12-21 10:23:43.700root 11241100x8000000000000000339985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:43.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e72c695ff92dca2021-12-21 10:23:43.700root 11241100x8000000000000000339986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb6c5e1a4f6effd2021-12-21 10:23:44.193root 11241100x8000000000000000339987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a00ad3f2247df7d2021-12-21 10:23:44.193root 11241100x8000000000000000339988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9d953ec094c7052021-12-21 10:23:44.194root 11241100x8000000000000000339989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a717b8ea7d10f8a2021-12-21 10:23:44.194root 11241100x8000000000000000339990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d3bac38b9531e82021-12-21 10:23:44.194root 11241100x8000000000000000339991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a51512e618048a3a2021-12-21 10:23:44.194root 11241100x8000000000000000339992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc27bd426dacd432021-12-21 10:23:44.195root 11241100x8000000000000000339993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac45f85859ab3f22021-12-21 10:23:44.195root 11241100x8000000000000000339994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b810c038668d82a2021-12-21 10:23:44.195root 11241100x8000000000000000339995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865c1088cb13f1f12021-12-21 10:23:44.195root 11241100x8000000000000000339996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9d95ae8b86f55d2021-12-21 10:23:44.195root 11241100x8000000000000000339997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4651533267d647672021-12-21 10:23:44.196root 11241100x8000000000000000339998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c707ca8c0201c12021-12-21 10:23:44.196root 11241100x8000000000000000339999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a778c55a03d363f92021-12-21 10:23:44.196root 11241100x8000000000000000340000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a61d96d36282b52021-12-21 10:23:44.196root 11241100x8000000000000000340001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498496e4792cdd5d2021-12-21 10:23:44.196root 11241100x8000000000000000340002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de13ee92f5ad8b42021-12-21 10:23:44.196root 11241100x8000000000000000340003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164620e92dd5f3402021-12-21 10:23:44.198root 11241100x8000000000000000340004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a764a044158dc322021-12-21 10:23:44.198root 11241100x8000000000000000340005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a959002f794a142021-12-21 10:23:44.198root 11241100x8000000000000000340006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51b17b5d802225d2021-12-21 10:23:44.198root 11241100x8000000000000000340007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef2fd8c257a30852021-12-21 10:23:44.199root 11241100x8000000000000000340008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6044f2cc6f2d0d0d2021-12-21 10:23:44.199root 11241100x8000000000000000340009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc354b6f478ca6f82021-12-21 10:23:44.199root 11241100x8000000000000000340010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4a366ca37e9c8b2021-12-21 10:23:44.199root 11241100x8000000000000000340011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d5ee94b8b3f9942021-12-21 10:23:44.199root 11241100x8000000000000000340012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d352cedd822a16492021-12-21 10:23:44.199root 11241100x8000000000000000340013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e6e40824e3025c2021-12-21 10:23:44.200root 11241100x8000000000000000340014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8becafbeaf10f57f2021-12-21 10:23:44.200root 11241100x8000000000000000340015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0cb4a12ab795142021-12-21 10:23:44.200root 11241100x8000000000000000340016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9f817996343ee92021-12-21 10:23:44.200root 11241100x8000000000000000340017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810ae11debf7ce072021-12-21 10:23:44.200root 11241100x8000000000000000340018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85438254272e66552021-12-21 10:23:44.200root 11241100x8000000000000000340019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f8506a211a80a52021-12-21 10:23:44.201root 11241100x8000000000000000340020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d130b22edf00b5a2021-12-21 10:23:44.201root 11241100x8000000000000000340021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b08c1abfcc294f02021-12-21 10:23:44.201root 11241100x8000000000000000340022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93aad4efa6d04b7a2021-12-21 10:23:44.201root 11241100x8000000000000000340023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0602158b683c22b42021-12-21 10:23:44.201root 11241100x8000000000000000340024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1580e67295c1175c2021-12-21 10:23:44.201root 11241100x8000000000000000340025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063c74456a18895c2021-12-21 10:23:44.202root 11241100x8000000000000000340026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e211093ee4fb44a32021-12-21 10:23:44.693root 11241100x8000000000000000340027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3b81a5b9c118d52021-12-21 10:23:44.693root 11241100x8000000000000000340028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f0d0ebc64f76682021-12-21 10:23:44.694root 11241100x8000000000000000340029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a00f27d6defd8702021-12-21 10:23:44.694root 11241100x8000000000000000340030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e35e4e376c174e2021-12-21 10:23:44.694root 11241100x8000000000000000340031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3341372e648a067e2021-12-21 10:23:44.694root 11241100x8000000000000000340032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27585116b457d712021-12-21 10:23:44.694root 11241100x8000000000000000340033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3dd24c9363cf112021-12-21 10:23:44.694root 11241100x8000000000000000340034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b92890142fc21052021-12-21 10:23:44.695root 11241100x8000000000000000340035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2df112114f3ceb2021-12-21 10:23:44.695root 11241100x8000000000000000340036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101d6034408592622021-12-21 10:23:44.695root 11241100x8000000000000000340037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ac9304de728c522021-12-21 10:23:44.695root 11241100x8000000000000000340038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d88a497ab8158c2021-12-21 10:23:44.695root 11241100x8000000000000000340039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08337885cb054c0d2021-12-21 10:23:44.696root 11241100x8000000000000000340040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4824ca1c3893c2fb2021-12-21 10:23:44.696root 11241100x8000000000000000340041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e723740b94487d622021-12-21 10:23:44.696root 11241100x8000000000000000340042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c50dde32a6ba65f2021-12-21 10:23:44.696root 11241100x8000000000000000340043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6f952c40d51afb2021-12-21 10:23:44.696root 11241100x8000000000000000340044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62aaa101860e13e2021-12-21 10:23:44.696root 11241100x8000000000000000340045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a529b0c4026e9d202021-12-21 10:23:44.697root 11241100x8000000000000000340046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b91f2f05d279ef02021-12-21 10:23:44.697root 11241100x8000000000000000340047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310784b2fadaa2042021-12-21 10:23:44.697root 11241100x8000000000000000340048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8402731105d5612021-12-21 10:23:44.697root 11241100x8000000000000000340049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59959073f18ff01b2021-12-21 10:23:44.698root 11241100x8000000000000000340050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b3fe26721b1a462021-12-21 10:23:44.698root 11241100x8000000000000000340051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ab8ed37d01bf152021-12-21 10:23:44.698root 11241100x8000000000000000340052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1da79dfdaec4072021-12-21 10:23:44.698root 11241100x8000000000000000340053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed03ca04448f9bb92021-12-21 10:23:44.699root 11241100x8000000000000000340054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff123210bafbdcc2021-12-21 10:23:44.699root 11241100x8000000000000000340055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f64eb29b6423842021-12-21 10:23:44.699root 11241100x8000000000000000340056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1f7829f9878e7c2021-12-21 10:23:44.699root 11241100x8000000000000000340057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5eca951cdd58f72021-12-21 10:23:44.699root 11241100x8000000000000000340058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044b6a65c4c2398b2021-12-21 10:23:44.700root 11241100x8000000000000000340059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47085f8ff63590bd2021-12-21 10:23:44.700root 11241100x8000000000000000340060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cdee061caf1b3df2021-12-21 10:23:44.701root 11241100x8000000000000000340061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ab610c0ef4e94d2021-12-21 10:23:44.701root 11241100x8000000000000000340062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf3d2ef2b41995a2021-12-21 10:23:44.701root 11241100x8000000000000000340063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbc969b08a5f6832021-12-21 10:23:44.702root 11241100x8000000000000000340064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea46b0c22f2517542021-12-21 10:23:44.703root 11241100x8000000000000000340065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237c4790bf9326f32021-12-21 10:23:44.703root 11241100x8000000000000000340066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:44.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f80a6221c801962021-12-21 10:23:44.703root 11241100x8000000000000000340067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9132a83de2cd9ad2021-12-21 10:23:45.193root 11241100x8000000000000000340068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c91d6526123e622021-12-21 10:23:45.194root 11241100x8000000000000000340069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ac68e6d57443462021-12-21 10:23:45.194root 11241100x8000000000000000340070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa3745ad99ea2ad92021-12-21 10:23:45.194root 11241100x8000000000000000340071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613e6208630e988e2021-12-21 10:23:45.194root 11241100x8000000000000000340072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b39b2d197ebfce2021-12-21 10:23:45.194root 11241100x8000000000000000340073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcabd21ace4e20d2021-12-21 10:23:45.195root 11241100x8000000000000000340074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36140854e17810b2021-12-21 10:23:45.195root 11241100x8000000000000000340075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add93a157a42e7f52021-12-21 10:23:45.195root 11241100x8000000000000000340076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb72966d16b16812021-12-21 10:23:45.195root 11241100x8000000000000000340077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df913fb5e6fdc3252021-12-21 10:23:45.195root 11241100x8000000000000000340078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8987882483aee52021-12-21 10:23:45.195root 11241100x8000000000000000340079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3d7749a4e1c1362021-12-21 10:23:45.196root 11241100x8000000000000000340080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f8a8e0e0cac81c2021-12-21 10:23:45.196root 11241100x8000000000000000340081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b546beda24c9acf2021-12-21 10:23:45.196root 11241100x8000000000000000340082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8af95fd42f09312021-12-21 10:23:45.196root 11241100x8000000000000000340083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a5ba0cf615d94b2021-12-21 10:23:45.196root 11241100x8000000000000000340084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5192d5522d2996992021-12-21 10:23:45.196root 11241100x8000000000000000340085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e8fc92ff19420f2021-12-21 10:23:45.196root 11241100x8000000000000000340086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e463b9d7b5c0a6e72021-12-21 10:23:45.197root 11241100x8000000000000000340087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13540416689433e72021-12-21 10:23:45.197root 11241100x8000000000000000340088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c582052a6a2b916f2021-12-21 10:23:45.197root 11241100x8000000000000000340089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1cf39c9c993ab62021-12-21 10:23:45.200root 11241100x8000000000000000340090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a9a042b58eb19c2021-12-21 10:23:45.200root 11241100x8000000000000000340091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e89a4bed364f562021-12-21 10:23:45.201root 11241100x8000000000000000340092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7c717e0f538d702021-12-21 10:23:45.201root 11241100x8000000000000000340093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea3eae45ee9d2782021-12-21 10:23:45.201root 11241100x8000000000000000340094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4fa4efede11ab962021-12-21 10:23:45.201root 11241100x8000000000000000340095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15455efbebff3a112021-12-21 10:23:45.201root 11241100x8000000000000000340096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c114cfe05068e7282021-12-21 10:23:45.201root 11241100x8000000000000000340097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5870b11cec851a2b2021-12-21 10:23:45.201root 11241100x8000000000000000340098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8875408fcd9943072021-12-21 10:23:45.202root 11241100x8000000000000000340099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a719147ca758882021-12-21 10:23:45.202root 11241100x8000000000000000340100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24acc8c97515bc582021-12-21 10:23:45.202root 11241100x8000000000000000340101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764a4f11083c3ed62021-12-21 10:23:45.202root 11241100x8000000000000000340102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7132003c6fcc382021-12-21 10:23:45.202root 11241100x8000000000000000340103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3af4654203f1a242021-12-21 10:23:45.202root 11241100x8000000000000000340104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0896a7c59478136d2021-12-21 10:23:45.202root 11241100x8000000000000000340105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852ec46875a3e3892021-12-21 10:23:45.202root 11241100x8000000000000000340106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde01b9a74df7b8f2021-12-21 10:23:45.693root 11241100x8000000000000000340107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec6bc818074eac02021-12-21 10:23:45.693root 11241100x8000000000000000340108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17870297ee1d95e2021-12-21 10:23:45.693root 11241100x8000000000000000340109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981e49ceb63906ce2021-12-21 10:23:45.693root 11241100x8000000000000000340110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03afdf5ae299de82021-12-21 10:23:45.693root 11241100x8000000000000000340111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97368751504bd2942021-12-21 10:23:45.693root 11241100x8000000000000000340112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e82b59d5a58617c2021-12-21 10:23:45.693root 11241100x8000000000000000340113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9384b77e002fee522021-12-21 10:23:45.694root 11241100x8000000000000000340114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb40dfdef24b73882021-12-21 10:23:45.694root 11241100x8000000000000000340115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd747eba0287d9aa2021-12-21 10:23:45.694root 11241100x8000000000000000340116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f72e7563e3be6212021-12-21 10:23:45.694root 11241100x8000000000000000340117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c27ac2e2419b892021-12-21 10:23:45.695root 11241100x8000000000000000340118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c646d1d122f33602021-12-21 10:23:45.695root 11241100x8000000000000000340119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a63f73b66643c772021-12-21 10:23:45.695root 11241100x8000000000000000340120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c14473151c6dc22021-12-21 10:23:45.695root 11241100x8000000000000000340121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abb855f54fe9f3c2021-12-21 10:23:45.696root 11241100x8000000000000000340122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad33a4a3c9bb41a72021-12-21 10:23:45.696root 11241100x8000000000000000340123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12de0c9b7a552e02021-12-21 10:23:45.697root 11241100x8000000000000000340124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708b0e5d212010472021-12-21 10:23:45.697root 11241100x8000000000000000340125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35fdc27ef532ca62021-12-21 10:23:45.697root 11241100x8000000000000000340126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e6989e348e2df82021-12-21 10:23:45.697root 11241100x8000000000000000340127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11abae428a7feabf2021-12-21 10:23:45.698root 11241100x8000000000000000340128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e499c1ee4d2d8d02021-12-21 10:23:45.698root 11241100x8000000000000000340129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8154d062246335fd2021-12-21 10:23:45.698root 11241100x8000000000000000340130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074b1fa804a552a42021-12-21 10:23:45.699root 11241100x8000000000000000340131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23aa7e0121c861422021-12-21 10:23:45.699root 11241100x8000000000000000340132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959fba92838215052021-12-21 10:23:45.699root 11241100x8000000000000000340133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbeb740879d1e7c52021-12-21 10:23:45.700root 11241100x8000000000000000340134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8eaa7510bccf8b2021-12-21 10:23:45.700root 11241100x8000000000000000340135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35268e6f2815bfe12021-12-21 10:23:45.700root 11241100x8000000000000000340136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cdc47ca7da0d09c2021-12-21 10:23:45.700root 11241100x8000000000000000340137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c20cf9506b60b62021-12-21 10:23:45.700root 11241100x8000000000000000340138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9974f0cb4db38f52021-12-21 10:23:45.701root 11241100x8000000000000000340139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a78f56507c73d42021-12-21 10:23:45.701root 11241100x8000000000000000340140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176b2dfd0673c3342021-12-21 10:23:45.701root 11241100x8000000000000000340141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100b4dd22b19d6812021-12-21 10:23:45.701root 11241100x8000000000000000340142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8eb4bf6ea818f12021-12-21 10:23:45.702root 11241100x8000000000000000340143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9d5df8e456bb7c2021-12-21 10:23:45.702root 11241100x8000000000000000340144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0327c65a4f3dd62021-12-21 10:23:45.702root 11241100x8000000000000000340145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:45.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97c02b3abfd70902021-12-21 10:23:45.702root 11241100x8000000000000000340146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d28c7cdfb325bf42021-12-21 10:23:46.193root 11241100x8000000000000000340147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682c8163a469fc742021-12-21 10:23:46.193root 11241100x8000000000000000340148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab627f5242afcd2f2021-12-21 10:23:46.193root 11241100x8000000000000000340149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2a0e5b886db1072021-12-21 10:23:46.193root 11241100x8000000000000000340150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd8c6eacb82e6ba2021-12-21 10:23:46.193root 11241100x8000000000000000340151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3b830c36139e5c2021-12-21 10:23:46.193root 11241100x8000000000000000340152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1f6047a3dbf4682021-12-21 10:23:46.194root 11241100x8000000000000000340153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2daffa1a592680f2021-12-21 10:23:46.194root 11241100x8000000000000000340154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08da6d0d13a2ddd62021-12-21 10:23:46.194root 11241100x8000000000000000340155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90fcb09071041c8f2021-12-21 10:23:46.194root 11241100x8000000000000000340156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a9419d088f8c9b2021-12-21 10:23:46.195root 11241100x8000000000000000340157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e26a89ff3a9a6712021-12-21 10:23:46.195root 11241100x8000000000000000340158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af401b2e6bf72e5f2021-12-21 10:23:46.195root 11241100x8000000000000000340159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a663fc9dd1af2ec52021-12-21 10:23:46.195root 11241100x8000000000000000340160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13172e7fa6222d6d2021-12-21 10:23:46.195root 11241100x8000000000000000340161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a66a18b69a8c27a2021-12-21 10:23:46.195root 11241100x8000000000000000340162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc045fdf36435492021-12-21 10:23:46.196root 11241100x8000000000000000340163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91318a2a93b7548b2021-12-21 10:23:46.196root 11241100x8000000000000000340164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ad824e95d4d70c2021-12-21 10:23:46.196root 11241100x8000000000000000340165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc5bf08d39e56d82021-12-21 10:23:46.196root 11241100x8000000000000000340166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec4122656e5a4492021-12-21 10:23:46.196root 11241100x8000000000000000340167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8673b5154c26582021-12-21 10:23:46.196root 11241100x8000000000000000340168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7449f076d59cdcdc2021-12-21 10:23:46.197root 11241100x8000000000000000340169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e383d0c4922df5722021-12-21 10:23:46.197root 11241100x8000000000000000340170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f172cc598099f62021-12-21 10:23:46.197root 11241100x8000000000000000340171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a92015a5b007992021-12-21 10:23:46.197root 11241100x8000000000000000340172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d027edbaf0476f212021-12-21 10:23:46.198root 11241100x8000000000000000340173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb9f45953ca86b92021-12-21 10:23:46.198root 11241100x8000000000000000340174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6cbb0b7063f205d2021-12-21 10:23:46.198root 11241100x8000000000000000340175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332124056b0e86672021-12-21 10:23:46.199root 11241100x8000000000000000340176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf2d203e2f00ed22021-12-21 10:23:46.199root 11241100x8000000000000000340177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8496681b86f95d2021-12-21 10:23:46.199root 11241100x8000000000000000340178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989d16ba5f01ad902021-12-21 10:23:46.199root 11241100x8000000000000000340179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621990b3b926c0662021-12-21 10:23:46.199root 11241100x8000000000000000340180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66da8f73df53effc2021-12-21 10:23:46.200root 11241100x8000000000000000340181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e481f9eb76bb742021-12-21 10:23:46.200root 11241100x8000000000000000340182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44273497b3b11dd82021-12-21 10:23:46.200root 11241100x8000000000000000340183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9591b8ce371f792021-12-21 10:23:46.200root 11241100x8000000000000000340184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b76a0fe4515a702021-12-21 10:23:46.200root 11241100x8000000000000000340185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d0452a5184a5a42021-12-21 10:23:46.201root 11241100x8000000000000000340186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1dd1ede9df308a92021-12-21 10:23:46.201root 11241100x8000000000000000340187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8252c9f156770852021-12-21 10:23:46.201root 11241100x8000000000000000340188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b79b4ef21d4978e2021-12-21 10:23:46.201root 11241100x8000000000000000340189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6270e024b9bace0f2021-12-21 10:23:46.201root 11241100x8000000000000000340190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91dcbda1710bde7c2021-12-21 10:23:46.201root 11241100x8000000000000000340191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2b7c0b25ac97322021-12-21 10:23:46.693root 11241100x8000000000000000340192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe94e61fe940c622021-12-21 10:23:46.694root 11241100x8000000000000000340193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991fc373e28c35cd2021-12-21 10:23:46.694root 11241100x8000000000000000340194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be35c4a495bb45a2021-12-21 10:23:46.694root 11241100x8000000000000000340195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed447dbf651c7e4e2021-12-21 10:23:46.695root 11241100x8000000000000000340196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335da631ad370e3f2021-12-21 10:23:46.695root 11241100x8000000000000000340197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4282fe33f388311d2021-12-21 10:23:46.695root 11241100x8000000000000000340198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1fa2b47fc5390d2021-12-21 10:23:46.695root 11241100x8000000000000000340199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12e412653355d322021-12-21 10:23:46.695root 11241100x8000000000000000340200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2473d7eccdd6e2212021-12-21 10:23:46.695root 11241100x8000000000000000340201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d4bbabc0aa145c2021-12-21 10:23:46.695root 11241100x8000000000000000340202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e7362c6a4aa1db2021-12-21 10:23:46.695root 11241100x8000000000000000340203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9693a058c44babb2021-12-21 10:23:46.695root 11241100x8000000000000000340204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bace96464532ce7d2021-12-21 10:23:46.695root 11241100x8000000000000000340205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6d138a59aded532021-12-21 10:23:46.696root 11241100x8000000000000000340206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2546ca7cc09c27872021-12-21 10:23:46.696root 11241100x8000000000000000340207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57af21c2fcc0d28b2021-12-21 10:23:46.696root 11241100x8000000000000000340208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b18128631c9b9c32021-12-21 10:23:46.696root 11241100x8000000000000000340209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ee4c7bcb6ef3132021-12-21 10:23:46.696root 11241100x8000000000000000340210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac76a7a98a0798622021-12-21 10:23:46.696root 11241100x8000000000000000340211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c503dd79fd2d71b2021-12-21 10:23:46.696root 11241100x8000000000000000340212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfd43a51412b34a2021-12-21 10:23:46.696root 11241100x8000000000000000340213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2903f90b8b8b422021-12-21 10:23:46.697root 11241100x8000000000000000340214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3098dcbf176e8342021-12-21 10:23:46.697root 11241100x8000000000000000340215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b9548e3a9355992021-12-21 10:23:46.697root 11241100x8000000000000000340216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b801aba06653dfb2021-12-21 10:23:46.697root 11241100x8000000000000000340217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dceef7c9ed327e6e2021-12-21 10:23:46.697root 11241100x8000000000000000340218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54767ea137e5f43d2021-12-21 10:23:46.697root 11241100x8000000000000000340219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3cc3b38439ab8262021-12-21 10:23:46.697root 11241100x8000000000000000340220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f5edbf874a3d812021-12-21 10:23:46.698root 11241100x8000000000000000340221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cebd688354ed323b2021-12-21 10:23:46.698root 11241100x8000000000000000340222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bac1d44088c8cc12021-12-21 10:23:46.698root 11241100x8000000000000000340223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc99612b778a6432021-12-21 10:23:46.698root 11241100x8000000000000000340224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb84ffe2165ed0b2021-12-21 10:23:46.698root 11241100x8000000000000000340225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1931746093f9389e2021-12-21 10:23:46.698root 11241100x8000000000000000340226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7928685b1f7e748a2021-12-21 10:23:46.699root 11241100x8000000000000000340227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b3a09db00d70f92021-12-21 10:23:46.699root 11241100x8000000000000000340228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e0556f9457a2142021-12-21 10:23:46.699root 11241100x8000000000000000340229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1e37ed0cc1ed0b2021-12-21 10:23:46.699root 11241100x8000000000000000340230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:46.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973bf6290fd1418c2021-12-21 10:23:46.699root 11241100x8000000000000000340231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506f869e2124306f2021-12-21 10:23:47.193root 11241100x8000000000000000340232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fe3034f58367162021-12-21 10:23:47.194root 11241100x8000000000000000340233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef84cf91cae37f352021-12-21 10:23:47.194root 11241100x8000000000000000340234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1940f745537a45f62021-12-21 10:23:47.194root 11241100x8000000000000000340235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f01c5b45b08a4d2021-12-21 10:23:47.195root 11241100x8000000000000000340236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c7c6a6e48900172021-12-21 10:23:47.195root 11241100x8000000000000000340237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92cdcf3080c2c32e2021-12-21 10:23:47.195root 11241100x8000000000000000340238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9205c8f937c57fd02021-12-21 10:23:47.195root 11241100x8000000000000000340239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1434ae54a248c42021-12-21 10:23:47.196root 11241100x8000000000000000340240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddcec4c0ed529b12021-12-21 10:23:47.196root 11241100x8000000000000000340241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d14f0bbf9f4dd12021-12-21 10:23:47.196root 11241100x8000000000000000340242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84fd3945cc8187862021-12-21 10:23:47.196root 11241100x8000000000000000340243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a48b96c85118b12021-12-21 10:23:47.197root 11241100x8000000000000000340244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a9886ec29d53842021-12-21 10:23:47.197root 11241100x8000000000000000340245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba41876646c21a92021-12-21 10:23:47.197root 11241100x8000000000000000340246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69669c177a10bc642021-12-21 10:23:47.197root 11241100x8000000000000000340247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8c5164a163b1452021-12-21 10:23:47.198root 11241100x8000000000000000340248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0e0d0452f1eb212021-12-21 10:23:47.198root 11241100x8000000000000000340249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3fdac5dabd985d2021-12-21 10:23:47.198root 11241100x8000000000000000340250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f4baa159e790ae2021-12-21 10:23:47.198root 11241100x8000000000000000340251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471006025ddba4952021-12-21 10:23:47.198root 11241100x8000000000000000340252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f387e2e126c8f0992021-12-21 10:23:47.199root 11241100x8000000000000000340253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0202c330db03eb92021-12-21 10:23:47.199root 11241100x8000000000000000340254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e84e9a99070ad1b2021-12-21 10:23:47.199root 11241100x8000000000000000340255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be003de8f9f2d0e92021-12-21 10:23:47.199root 11241100x8000000000000000340256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71bcc944da2943482021-12-21 10:23:47.199root 11241100x8000000000000000340257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2e8bec6ef74c792021-12-21 10:23:47.199root 11241100x8000000000000000340258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91399eb42db6ea72021-12-21 10:23:47.199root 11241100x8000000000000000340259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfaa936a670b8b62021-12-21 10:23:47.199root 11241100x8000000000000000340260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5faa42d53065782021-12-21 10:23:47.200root 11241100x8000000000000000340261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0942e31a6e33b39e2021-12-21 10:23:47.200root 11241100x8000000000000000340262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bdae25d35f660152021-12-21 10:23:47.200root 11241100x8000000000000000340263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1396f19e73642aba2021-12-21 10:23:47.200root 11241100x8000000000000000340264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e6f8a01b101a9f2021-12-21 10:23:47.200root 11241100x8000000000000000340265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5bd480b5c140e462021-12-21 10:23:47.200root 11241100x8000000000000000340266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a222d6689446e82021-12-21 10:23:47.200root 11241100x8000000000000000340267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c00f7e14f3084c42021-12-21 10:23:47.200root 11241100x8000000000000000340268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974398e7a926d4072021-12-21 10:23:47.200root 11241100x8000000000000000340269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.009a8b20334c04012021-12-21 10:23:47.201root 11241100x8000000000000000340270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e98a393ab5fbf32021-12-21 10:23:47.201root 11241100x8000000000000000340271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01100befd6c50c72021-12-21 10:23:47.201root 11241100x8000000000000000340272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94387830bb67e0062021-12-21 10:23:47.201root 11241100x8000000000000000340273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501de483502897bc2021-12-21 10:23:47.693root 11241100x8000000000000000340274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cad435c356ea0372021-12-21 10:23:47.693root 11241100x8000000000000000340275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6282818c885e80b82021-12-21 10:23:47.693root 11241100x8000000000000000340276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5950c7de4cb7cbd2021-12-21 10:23:47.693root 11241100x8000000000000000340277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a06df38273e3e22021-12-21 10:23:47.694root 11241100x8000000000000000340278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8096f821cc1caebe2021-12-21 10:23:47.694root 11241100x8000000000000000340279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db87aba4cedbef5b2021-12-21 10:23:47.694root 11241100x8000000000000000340280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6b9997a87381642021-12-21 10:23:47.694root 11241100x8000000000000000340281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a99082bcaad56a02021-12-21 10:23:47.694root 11241100x8000000000000000340282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1d43f2d529a9792021-12-21 10:23:47.695root 11241100x8000000000000000340283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d27f164ee9ba3232021-12-21 10:23:47.695root 11241100x8000000000000000340284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a6bd2dc8aa4e762021-12-21 10:23:47.695root 11241100x8000000000000000340285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4155a0985068e6122021-12-21 10:23:47.695root 11241100x8000000000000000340286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0701eb87411a56ab2021-12-21 10:23:47.696root 11241100x8000000000000000340287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a627b4654318f62021-12-21 10:23:47.696root 11241100x8000000000000000340288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa0026ac3f5e9302021-12-21 10:23:47.696root 11241100x8000000000000000340289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e989e8ca9cf11f2021-12-21 10:23:47.697root 11241100x8000000000000000340290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9047f1b426abd3ea2021-12-21 10:23:47.697root 11241100x8000000000000000340291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49055268065335602021-12-21 10:23:47.697root 11241100x8000000000000000340292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.addb8bab32f6a5252021-12-21 10:23:47.697root 11241100x8000000000000000340293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7008336bd9bc04d2021-12-21 10:23:47.697root 11241100x8000000000000000340294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69211165462d06462021-12-21 10:23:47.698root 11241100x8000000000000000340295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71204b3a62a58e22021-12-21 10:23:47.698root 11241100x8000000000000000340296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be6cc6733a962322021-12-21 10:23:47.698root 11241100x8000000000000000340297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10d2543f57413ec2021-12-21 10:23:47.698root 11241100x8000000000000000340298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055908a161678ec42021-12-21 10:23:47.698root 11241100x8000000000000000340299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b5a43e59d0f6892021-12-21 10:23:47.699root 11241100x8000000000000000340300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ae6cb48fd57ff82021-12-21 10:23:47.699root 11241100x8000000000000000340301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803e92cad47d82442021-12-21 10:23:47.699root 11241100x8000000000000000340302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51e2108f22862932021-12-21 10:23:47.699root 11241100x8000000000000000340303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f74a928c905bd5f2021-12-21 10:23:47.700root 11241100x8000000000000000340304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b61bd5b004227622021-12-21 10:23:47.700root 11241100x8000000000000000340305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72126166dfa2842b2021-12-21 10:23:47.700root 11241100x8000000000000000340306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde4360ca84602352021-12-21 10:23:47.700root 11241100x8000000000000000340307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bdbee4fa59e56582021-12-21 10:23:47.700root 11241100x8000000000000000340308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0902c24016d2f5d82021-12-21 10:23:47.700root 11241100x8000000000000000340309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35211ca38a71953e2021-12-21 10:23:47.700root 11241100x8000000000000000340310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a326c6d9c369372021-12-21 10:23:47.700root 11241100x8000000000000000340311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae86ec9acd5962be2021-12-21 10:23:47.700root 11241100x8000000000000000340312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b845f525d205992021-12-21 10:23:47.700root 11241100x8000000000000000340313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5cd1253402e4392021-12-21 10:23:47.701root 11241100x8000000000000000340314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:47.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ed6ba59f7dfc952021-12-21 10:23:47.701root 11241100x8000000000000000340315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566fc611e1d475eb2021-12-21 10:23:48.193root 11241100x8000000000000000340316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a6294a681b226a2021-12-21 10:23:48.193root 11241100x8000000000000000340317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46cfcd8abbbf35632021-12-21 10:23:48.194root 11241100x8000000000000000340318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ea012a26d454832021-12-21 10:23:48.194root 11241100x8000000000000000340319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60ed883074bc3ab2021-12-21 10:23:48.194root 11241100x8000000000000000340320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9827a7925511002021-12-21 10:23:48.194root 11241100x8000000000000000340321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7ba74ac1bb9c5b2021-12-21 10:23:48.194root 11241100x8000000000000000340322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43112491d67165db2021-12-21 10:23:48.195root 11241100x8000000000000000340323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b87d0fc9793b272021-12-21 10:23:48.195root 11241100x8000000000000000340324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b69c6c82de3c04e2021-12-21 10:23:48.195root 11241100x8000000000000000340325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469e731813f2c5e52021-12-21 10:23:48.195root 11241100x8000000000000000340326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c290c7c87bf61d622021-12-21 10:23:48.196root 11241100x8000000000000000340327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89d0189d0ac78c62021-12-21 10:23:48.196root 11241100x8000000000000000340328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426dcae2673ffccc2021-12-21 10:23:48.196root 11241100x8000000000000000340329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4a455fd41407732021-12-21 10:23:48.196root 11241100x8000000000000000340330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a54277781f04a82021-12-21 10:23:48.197root 11241100x8000000000000000340331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0fa82fccda4624f2021-12-21 10:23:48.197root 11241100x8000000000000000340332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a92b8da59da3f32021-12-21 10:23:48.197root 11241100x8000000000000000340333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23767bbd1b176b622021-12-21 10:23:48.197root 11241100x8000000000000000340334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97e9299be67b7862021-12-21 10:23:48.198root 11241100x8000000000000000340335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd03f55850b84302021-12-21 10:23:48.198root 11241100x8000000000000000340336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbc065d5a4fb7bb2021-12-21 10:23:48.198root 11241100x8000000000000000340337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a326e6aea381bf4a2021-12-21 10:23:48.198root 11241100x8000000000000000340338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8532207c30ed212021-12-21 10:23:48.199root 11241100x8000000000000000340339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93bd75adcdde3beb2021-12-21 10:23:48.199root 11241100x8000000000000000340340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca045d8af05f8322021-12-21 10:23:48.199root 11241100x8000000000000000340341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f56f79e86162ade42021-12-21 10:23:48.199root 11241100x8000000000000000340342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6596e01e2659e1052021-12-21 10:23:48.200root 11241100x8000000000000000340343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6873cba6565f602021-12-21 10:23:48.200root 11241100x8000000000000000340344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2916eba8399b66112021-12-21 10:23:48.200root 11241100x8000000000000000340345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e85e0447d75415f2021-12-21 10:23:48.200root 11241100x8000000000000000340346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a7a79170596bd12021-12-21 10:23:48.200root 11241100x8000000000000000340347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936d1e7bee82e8232021-12-21 10:23:48.202root 11241100x8000000000000000340348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54366e0b9952d8b2021-12-21 10:23:48.202root 11241100x8000000000000000340349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212f1f175b4004002021-12-21 10:23:48.202root 11241100x8000000000000000340350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d97a51c19b3b1192021-12-21 10:23:48.202root 11241100x8000000000000000340351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35df95c6a96617662021-12-21 10:23:48.202root 11241100x8000000000000000340352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e2437f686eb54b2021-12-21 10:23:48.202root 11241100x8000000000000000340353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2fb2216e62fff532021-12-21 10:23:48.203root 11241100x8000000000000000340354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21de912fb4a023312021-12-21 10:23:48.203root 11241100x8000000000000000340355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7c123ebfa5139d2021-12-21 10:23:48.203root 11241100x8000000000000000340356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a631c614fad1a162021-12-21 10:23:48.693root 11241100x8000000000000000340357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e11d40202090902021-12-21 10:23:48.694root 11241100x8000000000000000340358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcf04770d6e70e02021-12-21 10:23:48.694root 11241100x8000000000000000340359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23be1472411c8712021-12-21 10:23:48.694root 11241100x8000000000000000340360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65f9f2e9943d5802021-12-21 10:23:48.694root 11241100x8000000000000000340361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f094833d469fadb2021-12-21 10:23:48.694root 11241100x8000000000000000340362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433a4cbca60eb4e92021-12-21 10:23:48.694root 11241100x8000000000000000340363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab39e01dab5b68fc2021-12-21 10:23:48.694root 11241100x8000000000000000340364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621e20b9ece961532021-12-21 10:23:48.694root 11241100x8000000000000000340365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84423717f6d597632021-12-21 10:23:48.694root 11241100x8000000000000000340366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91abd218711d9d82021-12-21 10:23:48.695root 11241100x8000000000000000340367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5cfd9d223dba032021-12-21 10:23:48.695root 11241100x8000000000000000340368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891c601b095c491f2021-12-21 10:23:48.695root 11241100x8000000000000000340369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44ffeec17301cf82021-12-21 10:23:48.695root 11241100x8000000000000000340370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6713100999fe72c52021-12-21 10:23:48.695root 11241100x8000000000000000340371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e7ddef6c72b9202021-12-21 10:23:48.695root 11241100x8000000000000000340372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f171497772bf1fac2021-12-21 10:23:48.696root 11241100x8000000000000000340373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7cd72fbcf89f322021-12-21 10:23:48.696root 11241100x8000000000000000340374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042b80654741363d2021-12-21 10:23:48.696root 11241100x8000000000000000340375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673c5fef4b5f901e2021-12-21 10:23:48.696root 11241100x8000000000000000340376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf5dd2f2ebbe72f2021-12-21 10:23:48.696root 11241100x8000000000000000340377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5434fad631c9bb92021-12-21 10:23:48.696root 11241100x8000000000000000340378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0546040f9c73f22021-12-21 10:23:48.696root 11241100x8000000000000000340379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52719ad24dee96ba2021-12-21 10:23:48.696root 11241100x8000000000000000340380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0c1b075e4a1c882021-12-21 10:23:48.697root 11241100x8000000000000000340381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a434f268d166e43a2021-12-21 10:23:48.697root 11241100x8000000000000000340382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea33f8d99a78aac32021-12-21 10:23:48.697root 11241100x8000000000000000340383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec3b174ab8b8f942021-12-21 10:23:48.697root 11241100x8000000000000000340384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be950b3ff2f480d2021-12-21 10:23:48.697root 11241100x8000000000000000340385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f315bcbeac31d972021-12-21 10:23:48.697root 11241100x8000000000000000340386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103fd064f6881c2d2021-12-21 10:23:48.697root 11241100x8000000000000000340387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a37fa49c81a86e2021-12-21 10:23:48.697root 11241100x8000000000000000340388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c152bf3964c18c2021-12-21 10:23:48.697root 11241100x8000000000000000340389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e1f4af0356dad42021-12-21 10:23:48.698root 11241100x8000000000000000340390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd719b4eedfe1982021-12-21 10:23:48.698root 11241100x8000000000000000340391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047473360e24b7b52021-12-21 10:23:48.698root 11241100x8000000000000000340392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815452bb4fbfe8312021-12-21 10:23:48.698root 11241100x8000000000000000340393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb24c7291d022e32021-12-21 10:23:48.698root 11241100x8000000000000000340394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:48.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21559f2324c555b92021-12-21 10:23:48.698root 354300x8000000000000000340395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.107{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47038-false10.0.1.12-8000- 11241100x8000000000000000340396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14654d0ae3049b562021-12-21 10:23:49.110root 11241100x8000000000000000340397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8b845d9fa3f2f02021-12-21 10:23:49.110root 11241100x8000000000000000340398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee6b4ae3ba7dacd2021-12-21 10:23:49.110root 11241100x8000000000000000340399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14baf22972303fcf2021-12-21 10:23:49.110root 11241100x8000000000000000340400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e01467b2c4efba92021-12-21 10:23:49.110root 11241100x8000000000000000340401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0ce175af92202e2021-12-21 10:23:49.110root 11241100x8000000000000000340402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee5d6b60cd2f4e52021-12-21 10:23:49.110root 11241100x8000000000000000340403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5812f5102f0d9cd72021-12-21 10:23:49.111root 11241100x8000000000000000340404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5953c1d02bed892021-12-21 10:23:49.111root 11241100x8000000000000000340405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1745b30f076634662021-12-21 10:23:49.111root 11241100x8000000000000000340406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1c37189ac9272c2021-12-21 10:23:49.111root 11241100x8000000000000000340407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3ec99688e705ef2021-12-21 10:23:49.111root 11241100x8000000000000000340408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6a9b1936734c6e02021-12-21 10:23:49.112root 11241100x8000000000000000340409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46ff5324f6f19382021-12-21 10:23:49.112root 11241100x8000000000000000340410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d08c125bdb30482021-12-21 10:23:49.112root 11241100x8000000000000000340411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79420a944cccbf352021-12-21 10:23:49.112root 11241100x8000000000000000340412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1bddb48dafb44c2021-12-21 10:23:49.112root 11241100x8000000000000000340413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be266be08b6d15372021-12-21 10:23:49.112root 11241100x8000000000000000340414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8fc90afc99fcaa2021-12-21 10:23:49.112root 11241100x8000000000000000340415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94393fe81f761fbf2021-12-21 10:23:49.112root 11241100x8000000000000000340416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a23234c5070d1f2021-12-21 10:23:49.113root 11241100x8000000000000000340417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a9aaea7978033c2021-12-21 10:23:49.113root 11241100x8000000000000000340418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029570401fa2bee72021-12-21 10:23:49.113root 11241100x8000000000000000340419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c325cad136f4922021-12-21 10:23:49.113root 11241100x8000000000000000340420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f855efcc78e079062021-12-21 10:23:49.114root 11241100x8000000000000000340421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4395af64cd3f2e862021-12-21 10:23:49.114root 11241100x8000000000000000340422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1c1a2456785c7d2021-12-21 10:23:49.114root 11241100x8000000000000000340423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890d28dceb1b12af2021-12-21 10:23:49.115root 11241100x8000000000000000340424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9808aaaad530df812021-12-21 10:23:49.115root 11241100x8000000000000000340425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438cd596e84709332021-12-21 10:23:49.115root 11241100x8000000000000000340426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49c7045a8686e3f2021-12-21 10:23:49.115root 11241100x8000000000000000340427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa745fc72c69b6972021-12-21 10:23:49.115root 11241100x8000000000000000340428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20b1e82fe4d08e92021-12-21 10:23:49.115root 11241100x8000000000000000340429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10726bf33445cd12021-12-21 10:23:49.116root 11241100x8000000000000000340430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee811168f34216e2021-12-21 10:23:49.116root 11241100x8000000000000000340431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310251cbd49a7c572021-12-21 10:23:49.116root 11241100x8000000000000000340432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b63357f4b6680f32021-12-21 10:23:49.116root 11241100x8000000000000000340433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e1cb89180c69422021-12-21 10:23:49.116root 11241100x8000000000000000340434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0450cab393525f1b2021-12-21 10:23:49.116root 11241100x8000000000000000340435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18b25dd9320bfd22021-12-21 10:23:49.117root 11241100x8000000000000000340436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5578efc7e4f18d12021-12-21 10:23:49.443root 11241100x8000000000000000340437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa6d86af8641b912021-12-21 10:23:49.443root 11241100x8000000000000000340438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64cfaa17c5a887bc2021-12-21 10:23:49.443root 11241100x8000000000000000340439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f99edc93b1b5ed2021-12-21 10:23:49.444root 11241100x8000000000000000340440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5350653798d894f62021-12-21 10:23:49.444root 11241100x8000000000000000340441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115467788b84be4f2021-12-21 10:23:49.444root 11241100x8000000000000000340442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ad2ac595fd6df52021-12-21 10:23:49.444root 11241100x8000000000000000340443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.767be9c13f1004eb2021-12-21 10:23:49.445root 11241100x8000000000000000340444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d36f64ac2187cf2021-12-21 10:23:49.445root 11241100x8000000000000000340445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed918244f72324f22021-12-21 10:23:49.445root 11241100x8000000000000000340446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e539b98bfa9a632021-12-21 10:23:49.445root 11241100x8000000000000000340447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231d8db5bd33b9df2021-12-21 10:23:49.445root 11241100x8000000000000000340448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b34e3310430df682021-12-21 10:23:49.446root 11241100x8000000000000000340449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb140b033fa3d2992021-12-21 10:23:49.446root 11241100x8000000000000000340450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67981e9a69f99e202021-12-21 10:23:49.446root 11241100x8000000000000000340451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c347e99145782332021-12-21 10:23:49.446root 11241100x8000000000000000340452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080a690d7f35257f2021-12-21 10:23:49.447root 11241100x8000000000000000340453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4536b76a003ce242021-12-21 10:23:49.447root 11241100x8000000000000000340454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb86282490941632021-12-21 10:23:49.447root 11241100x8000000000000000340455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbcedad380953412021-12-21 10:23:49.447root 11241100x8000000000000000340456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9431ced9d3110832021-12-21 10:23:49.448root 11241100x8000000000000000340457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677933d09a6f1e762021-12-21 10:23:49.448root 11241100x8000000000000000340458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4070d046a18956b12021-12-21 10:23:49.448root 11241100x8000000000000000340459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4038d1f495668732021-12-21 10:23:49.448root 11241100x8000000000000000340460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abffab602d857bc92021-12-21 10:23:49.448root 11241100x8000000000000000340461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21daf14f648e9f1d2021-12-21 10:23:49.449root 11241100x8000000000000000340462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa2026fcffb77542021-12-21 10:23:49.449root 11241100x8000000000000000340463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59846b799cfc6ef92021-12-21 10:23:49.449root 11241100x8000000000000000340464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5603e58d54944492021-12-21 10:23:49.450root 11241100x8000000000000000340465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e2e0d9c2d8bdc32021-12-21 10:23:49.450root 11241100x8000000000000000340466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895dbde7c2b2d89b2021-12-21 10:23:49.451root 11241100x8000000000000000340467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83584c04bfb677f12021-12-21 10:23:49.451root 11241100x8000000000000000340468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352dc34a3dfb355c2021-12-21 10:23:49.452root 11241100x8000000000000000340469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5efaf05e733cac2021-12-21 10:23:49.452root 11241100x8000000000000000340470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5247be6185ac5d2021-12-21 10:23:49.452root 11241100x8000000000000000340471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf85d8f1e37b747a2021-12-21 10:23:49.452root 11241100x8000000000000000340472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ec01f7147343172021-12-21 10:23:49.452root 11241100x8000000000000000340473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638d47c741870dbb2021-12-21 10:23:49.453root 11241100x8000000000000000340474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4118c8d8257af3772021-12-21 10:23:49.453root 11241100x8000000000000000340475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97c1f4faeab63542021-12-21 10:23:49.453root 11241100x8000000000000000340476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ca560281a80afb2021-12-21 10:23:49.453root 11241100x8000000000000000340477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a65118beb763d342021-12-21 10:23:49.453root 11241100x8000000000000000340478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71af40c0e2d32062021-12-21 10:23:49.942root 11241100x8000000000000000340479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2766a7c633064ab42021-12-21 10:23:49.943root 11241100x8000000000000000340480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ee8c85e29cbfaa2021-12-21 10:23:49.943root 11241100x8000000000000000340481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060c1760e4cd84852021-12-21 10:23:49.943root 11241100x8000000000000000340482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c45116e6cf4e01e2021-12-21 10:23:49.944root 11241100x8000000000000000340483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9092331cca6dde6d2021-12-21 10:23:49.944root 11241100x8000000000000000340484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6713729edc381bf22021-12-21 10:23:49.944root 11241100x8000000000000000340485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8e2fd319a5726c2021-12-21 10:23:49.944root 11241100x8000000000000000340486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a029b47451bd25f22021-12-21 10:23:49.945root 11241100x8000000000000000340487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e4f01df23fe2272021-12-21 10:23:49.945root 11241100x8000000000000000340488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdad4f2d55e813782021-12-21 10:23:49.945root 11241100x8000000000000000340489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66cc558d3d3838912021-12-21 10:23:49.945root 11241100x8000000000000000340490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f84f9c3750787de2021-12-21 10:23:49.945root 11241100x8000000000000000340491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5514522c3c43719e2021-12-21 10:23:49.945root 11241100x8000000000000000340492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e4ff4b58fc3f512021-12-21 10:23:49.945root 11241100x8000000000000000340493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975e34bcf058770e2021-12-21 10:23:49.946root 11241100x8000000000000000340494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b28e2ce4b65e8e2021-12-21 10:23:49.946root 11241100x8000000000000000340495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c807980ca20a0b832021-12-21 10:23:49.946root 11241100x8000000000000000340496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965b5fa594f4e7872021-12-21 10:23:49.946root 11241100x8000000000000000340497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603cdc17bbcdfdcd2021-12-21 10:23:49.946root 11241100x8000000000000000340498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50bb08ecafbb1c742021-12-21 10:23:49.946root 11241100x8000000000000000340499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9f2e7ec642c6502021-12-21 10:23:49.946root 11241100x8000000000000000340500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30907b4c14771722021-12-21 10:23:49.947root 11241100x8000000000000000340501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122e71c6120cf2022021-12-21 10:23:49.947root 11241100x8000000000000000340502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed2f6b9636407642021-12-21 10:23:49.947root 11241100x8000000000000000340503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cde7e3b906d030b2021-12-21 10:23:49.947root 11241100x8000000000000000340504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76102ed366bdacb42021-12-21 10:23:49.947root 11241100x8000000000000000340505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4dfeae9711bf6b2021-12-21 10:23:49.947root 11241100x8000000000000000340506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de487eee53526e222021-12-21 10:23:49.947root 11241100x8000000000000000340507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2095fb6a3460d4b2021-12-21 10:23:49.947root 11241100x8000000000000000340508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7dd33ba4e3276752021-12-21 10:23:49.948root 11241100x8000000000000000340509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5ad76f4faa73aa2021-12-21 10:23:49.948root 11241100x8000000000000000340510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6815d775fbe3cfec2021-12-21 10:23:49.948root 11241100x8000000000000000340511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67139f62e4dae2bb2021-12-21 10:23:49.948root 11241100x8000000000000000340512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3518f22d308513c2021-12-21 10:23:49.948root 11241100x8000000000000000340513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391fe7960daf4d612021-12-21 10:23:49.949root 11241100x8000000000000000340514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c273540192b92b9c2021-12-21 10:23:49.949root 11241100x8000000000000000340515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5b366008fa4ea32021-12-21 10:23:49.949root 11241100x8000000000000000340516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910b89f01c82c6be2021-12-21 10:23:49.949root 11241100x8000000000000000340517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2450e84828bed22021-12-21 10:23:49.949root 11241100x8000000000000000340518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ecf8afd936371212021-12-21 10:23:49.949root 11241100x8000000000000000340519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655e309e54e528ca2021-12-21 10:23:49.950root 11241100x8000000000000000340520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e391e6bf2fa6aa2021-12-21 10:23:49.950root 11241100x8000000000000000340521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:49.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c4eccd1686e8cc2021-12-21 10:23:49.950root 11241100x8000000000000000340522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0393f2226f1c132021-12-21 10:23:50.443root 11241100x8000000000000000340523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a046fd2669e95432021-12-21 10:23:50.443root 11241100x8000000000000000340524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d44d0f3e69bf2262021-12-21 10:23:50.443root 11241100x8000000000000000340525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ca5f695530e2d72021-12-21 10:23:50.443root 11241100x8000000000000000340526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865c645f47468bea2021-12-21 10:23:50.443root 11241100x8000000000000000340527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d44e38b2e43aad2021-12-21 10:23:50.443root 11241100x8000000000000000340528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15997a2a97222dad2021-12-21 10:23:50.443root 11241100x8000000000000000340529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b80ce1a0efd28322021-12-21 10:23:50.443root 11241100x8000000000000000340530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.111fedce93cb954e2021-12-21 10:23:50.444root 11241100x8000000000000000340531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0712e49cd08edd2021-12-21 10:23:50.444root 11241100x8000000000000000340532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a945f5e7b33bf172021-12-21 10:23:50.444root 11241100x8000000000000000340533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce778b53d4f8c182021-12-21 10:23:50.444root 11241100x8000000000000000340534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0c310e188e8a892021-12-21 10:23:50.444root 11241100x8000000000000000340535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f95f01b69e9bb1e2021-12-21 10:23:50.444root 11241100x8000000000000000340536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b2f8872f0441302021-12-21 10:23:50.444root 11241100x8000000000000000340537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65cfd77253c7773f2021-12-21 10:23:50.445root 11241100x8000000000000000340538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc5a74f63f5f8922021-12-21 10:23:50.445root 11241100x8000000000000000340539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6336249fd57f5cfa2021-12-21 10:23:50.445root 11241100x8000000000000000340540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e240344f9d18ccf2021-12-21 10:23:50.445root 11241100x8000000000000000340541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008ef7cc74eec5e82021-12-21 10:23:50.445root 11241100x8000000000000000340542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db903f32b180a42f2021-12-21 10:23:50.445root 11241100x8000000000000000340543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb9884f137b10ede2021-12-21 10:23:50.446root 11241100x8000000000000000340544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5279ad3b5eb0c8542021-12-21 10:23:50.446root 11241100x8000000000000000340545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae472c54d7792832021-12-21 10:23:50.447root 11241100x8000000000000000340546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f304e2ea7ff4ac2021-12-21 10:23:50.447root 11241100x8000000000000000340547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf6e5b8156e84c682021-12-21 10:23:50.447root 11241100x8000000000000000340548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd145385e6d37732021-12-21 10:23:50.447root 11241100x8000000000000000340549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58cd08dde41d4fb92021-12-21 10:23:50.447root 11241100x8000000000000000340550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e01cc835d3c65c2021-12-21 10:23:50.447root 11241100x8000000000000000340551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c898dda9919a2c202021-12-21 10:23:50.448root 11241100x8000000000000000340552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66111cea2580aec2021-12-21 10:23:50.448root 11241100x8000000000000000340553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4714b742507c85972021-12-21 10:23:50.448root 11241100x8000000000000000340554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed0c96e2c6154512021-12-21 10:23:50.448root 11241100x8000000000000000340555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285ecbd0b0bc6ff32021-12-21 10:23:50.448root 11241100x8000000000000000340556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0e2bd55ae4a6142021-12-21 10:23:50.448root 11241100x8000000000000000340557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e25f2d165355d22021-12-21 10:23:50.448root 11241100x8000000000000000340558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e37fb7a984658c2021-12-21 10:23:50.451root 11241100x8000000000000000340559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a1bcdf27db72572021-12-21 10:23:50.452root 11241100x8000000000000000340560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8be6d269ce7e7c32021-12-21 10:23:50.452root 11241100x8000000000000000340561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c079d90f7e36b12021-12-21 10:23:50.452root 11241100x8000000000000000340562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0536e6a29cc570472021-12-21 10:23:50.452root 11241100x8000000000000000340563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1285e48b16cce40f2021-12-21 10:23:50.452root 11241100x8000000000000000340564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f04fb8f2cd9bf342021-12-21 10:23:50.452root 11241100x8000000000000000340565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8012d1b8bb242a4a2021-12-21 10:23:50.453root 11241100x8000000000000000340566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4acced1cb2ac40812021-12-21 10:23:50.453root 11241100x8000000000000000340567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26dbff10dbc4d69e2021-12-21 10:23:50.453root 11241100x8000000000000000340568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c8e98e36621b052021-12-21 10:23:50.453root 11241100x8000000000000000340569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ceb3c79f2aee0ac2021-12-21 10:23:50.453root 11241100x8000000000000000340570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0217a40469f800e52021-12-21 10:23:50.453root 11241100x8000000000000000340571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad79986b3eada9eb2021-12-21 10:23:50.453root 11241100x8000000000000000340572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38a858d5156ca932021-12-21 10:23:50.453root 11241100x8000000000000000340573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84225284abef1a502021-12-21 10:23:50.453root 11241100x8000000000000000340574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d601301b402250b42021-12-21 10:23:50.453root 11241100x8000000000000000340575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a375e053d4fe652021-12-21 10:23:50.453root 11241100x8000000000000000340576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35074958c2b1a0e2021-12-21 10:23:50.453root 11241100x8000000000000000340577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644734768409198a2021-12-21 10:23:50.454root 11241100x8000000000000000340578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096ad74f4d57ad252021-12-21 10:23:50.454root 11241100x8000000000000000340579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1415dd2023545762021-12-21 10:23:50.454root 11241100x8000000000000000340580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375e9a7f0647a0132021-12-21 10:23:50.454root 11241100x8000000000000000340581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aff0e666d043a5b2021-12-21 10:23:50.943root 11241100x8000000000000000340582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8854302c6d17e0aa2021-12-21 10:23:50.943root 11241100x8000000000000000340583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abee4b5651dc9522021-12-21 10:23:50.943root 11241100x8000000000000000340584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.138fe1a0d48599b22021-12-21 10:23:50.943root 11241100x8000000000000000340585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5122feac113f542021-12-21 10:23:50.944root 11241100x8000000000000000340586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4095346917bc82852021-12-21 10:23:50.944root 11241100x8000000000000000340587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17ed6dc81217fdb2021-12-21 10:23:50.944root 11241100x8000000000000000340588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c8085197cf72de2021-12-21 10:23:50.944root 11241100x8000000000000000340589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4459deb625d5e82021-12-21 10:23:50.945root 11241100x8000000000000000340590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd6d8b52e3cae982021-12-21 10:23:50.945root 11241100x8000000000000000340591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920568784e397f202021-12-21 10:23:50.945root 11241100x8000000000000000340592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34a19c392cf6c7a2021-12-21 10:23:50.945root 11241100x8000000000000000340593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117480479c5a7c562021-12-21 10:23:50.947root 11241100x8000000000000000340594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe3ede052df60c92021-12-21 10:23:50.947root 11241100x8000000000000000340595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6018a2caa8fcd92021-12-21 10:23:50.948root 11241100x8000000000000000340596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac4ef90211d8b932021-12-21 10:23:50.948root 11241100x8000000000000000340597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37b3487f3de44632021-12-21 10:23:50.948root 11241100x8000000000000000340598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9237ab110cd29a2021-12-21 10:23:50.949root 11241100x8000000000000000340599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dde91f62aee07d82021-12-21 10:23:50.949root 11241100x8000000000000000340600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c6b140623b7a8db2021-12-21 10:23:50.949root 11241100x8000000000000000340601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0877677f5c71283d2021-12-21 10:23:50.949root 11241100x8000000000000000340602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d1b6e2da8a10072021-12-21 10:23:50.950root 11241100x8000000000000000340603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9baaab5b9555820a2021-12-21 10:23:50.950root 11241100x8000000000000000340604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9ee7ba985b31212021-12-21 10:23:50.951root 11241100x8000000000000000340605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa99e9b57e7b054d2021-12-21 10:23:50.951root 11241100x8000000000000000340606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beeb2e91fdf398fc2021-12-21 10:23:50.951root 11241100x8000000000000000340607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7956e41e85135eff2021-12-21 10:23:50.951root 11241100x8000000000000000340608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a3a37df9d59ec42021-12-21 10:23:50.952root 11241100x8000000000000000340609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d112afc6cd5a3d2021-12-21 10:23:50.952root 11241100x8000000000000000340610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4928f11d19cc1a12021-12-21 10:23:50.952root 11241100x8000000000000000340611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf625784cd139f02021-12-21 10:23:50.953root 11241100x8000000000000000340612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d02c3fb85072b42021-12-21 10:23:50.953root 11241100x8000000000000000340613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf59e224b0b19e412021-12-21 10:23:50.953root 11241100x8000000000000000340614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad908d9dfe60d3202021-12-21 10:23:50.954root 11241100x8000000000000000340615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046f200a8f34912d2021-12-21 10:23:50.954root 11241100x8000000000000000340616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb23d672bbe5d3ed2021-12-21 10:23:50.954root 11241100x8000000000000000340617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528d467cccbb926f2021-12-21 10:23:50.954root 11241100x8000000000000000340618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc7824cdf5d73962021-12-21 10:23:50.955root 11241100x8000000000000000340619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efbe019a56b699d92021-12-21 10:23:50.955root 11241100x8000000000000000340620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ac30badc8f20dc2021-12-21 10:23:50.955root 11241100x8000000000000000340621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4338d00b9349bf182021-12-21 10:23:50.955root 11241100x8000000000000000340622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4c40f30dd9e0472021-12-21 10:23:50.956root 11241100x8000000000000000340623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b59cf75c1ca783b2021-12-21 10:23:50.956root 11241100x8000000000000000340624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:50.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbf6f369e4363682021-12-21 10:23:50.956root 11241100x8000000000000000340625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a777ab69cd8199c2021-12-21 10:23:51.443root 11241100x8000000000000000340626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6801e1c551f4ba2021-12-21 10:23:51.443root 11241100x8000000000000000340627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e045ec719703882021-12-21 10:23:51.443root 11241100x8000000000000000340628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec1d428ca1e5f5f2021-12-21 10:23:51.444root 11241100x8000000000000000340629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affcd7d3c1fdd7d42021-12-21 10:23:51.444root 11241100x8000000000000000340630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac8a1f056a238242021-12-21 10:23:51.444root 11241100x8000000000000000340631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1313692aef3dc70d2021-12-21 10:23:51.444root 11241100x8000000000000000340632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116c04fb345a13ef2021-12-21 10:23:51.444root 11241100x8000000000000000340633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6df5e1d9711bf362021-12-21 10:23:51.444root 11241100x8000000000000000340634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2628dc34cf6e41f2021-12-21 10:23:51.444root 11241100x8000000000000000340635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7162fe2131fe3d2021-12-21 10:23:51.445root 11241100x8000000000000000340636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b07f24ac5344452021-12-21 10:23:51.445root 11241100x8000000000000000340637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a6d4ecb00506022021-12-21 10:23:51.445root 11241100x8000000000000000340638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf80a4a4196fcf52021-12-21 10:23:51.445root 11241100x8000000000000000340639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e6c455f9c29a542021-12-21 10:23:51.445root 11241100x8000000000000000340640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a5cc96a23b00e92021-12-21 10:23:51.445root 11241100x8000000000000000340641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd0960c97bea9532021-12-21 10:23:51.445root 11241100x8000000000000000340642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4114d7c495dd612021-12-21 10:23:51.445root 11241100x8000000000000000340643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc40fe34a29eec12021-12-21 10:23:51.445root 11241100x8000000000000000340644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08b55df96f3cc7d2021-12-21 10:23:51.445root 11241100x8000000000000000340645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225dcf2df20699122021-12-21 10:23:51.446root 11241100x8000000000000000340646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aba7069d340f0fa2021-12-21 10:23:51.446root 11241100x8000000000000000340647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4bbe22185c9e1d32021-12-21 10:23:51.446root 11241100x8000000000000000340648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a87049e6f94051f2021-12-21 10:23:51.446root 11241100x8000000000000000340649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f902b4a3ccda9e22021-12-21 10:23:51.446root 11241100x8000000000000000340650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8105902f72610cc02021-12-21 10:23:51.446root 11241100x8000000000000000340651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0bc13dd220a6462021-12-21 10:23:51.446root 11241100x8000000000000000340652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5584c7de826289312021-12-21 10:23:51.446root 11241100x8000000000000000340653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7ce9b9c0a273692021-12-21 10:23:51.447root 11241100x8000000000000000340654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd0b439fea1af912021-12-21 10:23:51.447root 11241100x8000000000000000340655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c17df0462b1a4022021-12-21 10:23:51.447root 11241100x8000000000000000340656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d2728ccb3724f22021-12-21 10:23:51.447root 11241100x8000000000000000340657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c208ff7f42b20cc2021-12-21 10:23:51.447root 11241100x8000000000000000340658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9304fdc33bc01e2d2021-12-21 10:23:51.447root 11241100x8000000000000000340659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b80757dc4d8c512021-12-21 10:23:51.447root 11241100x8000000000000000340660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77162e3ff3e1c3772021-12-21 10:23:51.447root 11241100x8000000000000000340661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abcb7433a3bda812021-12-21 10:23:51.447root 11241100x8000000000000000340662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a0e09d79c149ef2021-12-21 10:23:51.448root 11241100x8000000000000000340663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed2e8ea1b5620972021-12-21 10:23:51.448root 11241100x8000000000000000340664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3edee35d686ae2b2021-12-21 10:23:51.448root 11241100x8000000000000000340665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08642eab4fab28072021-12-21 10:23:51.448root 11241100x8000000000000000340666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0432d7ad2f57d3be2021-12-21 10:23:51.448root 11241100x8000000000000000340667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e1ae318a0ae7fd2021-12-21 10:23:51.448root 11241100x8000000000000000340668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e651d300c2c98082021-12-21 10:23:51.448root 11241100x8000000000000000340669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ad74644edd86d82021-12-21 10:23:51.448root 11241100x8000000000000000340670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d028386d0c05c5c2021-12-21 10:23:51.448root 11241100x8000000000000000340671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839996d154d74b4f2021-12-21 10:23:51.449root 11241100x8000000000000000340672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c8dc799fbcba7d2021-12-21 10:23:51.449root 11241100x8000000000000000340673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e995e9c2c036342f2021-12-21 10:23:51.449root 11241100x8000000000000000340674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162230f63eee42b22021-12-21 10:23:51.449root 11241100x8000000000000000340675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89f4d8fe426218e2021-12-21 10:23:51.449root 11241100x8000000000000000340676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b0f87f9e368bf52021-12-21 10:23:51.943root 11241100x8000000000000000340677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a09886637d6fed2021-12-21 10:23:51.943root 11241100x8000000000000000340678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0a5afd6b60fa402021-12-21 10:23:51.943root 11241100x8000000000000000340679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bc2610b08825072021-12-21 10:23:51.943root 11241100x8000000000000000340680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e08b5b6db4609b2021-12-21 10:23:51.943root 11241100x8000000000000000340681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a074d704aa158fb42021-12-21 10:23:51.943root 11241100x8000000000000000340682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0fd9914003e02092021-12-21 10:23:51.943root 11241100x8000000000000000340683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002e2e2e03a20bf02021-12-21 10:23:51.943root 11241100x8000000000000000340684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2ddc4dec8fff092021-12-21 10:23:51.944root 11241100x8000000000000000340685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7de10c6343afceb2021-12-21 10:23:51.944root 11241100x8000000000000000340686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e5f09bcfeca9152021-12-21 10:23:51.944root 11241100x8000000000000000340687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45111e4da3a1006e2021-12-21 10:23:51.944root 11241100x8000000000000000340688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec69f24afc6e5d162021-12-21 10:23:51.945root 11241100x8000000000000000340689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73397bdfb70449be2021-12-21 10:23:51.945root 11241100x8000000000000000340690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e5c6dd2b5d0a2a2021-12-21 10:23:51.945root 11241100x8000000000000000340691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db681d3268e403172021-12-21 10:23:51.945root 11241100x8000000000000000340692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d7fc3a76f4d9932021-12-21 10:23:51.945root 11241100x8000000000000000340693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35f379ae47071632021-12-21 10:23:51.945root 11241100x8000000000000000340694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b296a2aa5e08e8242021-12-21 10:23:51.945root 11241100x8000000000000000340695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9fe61f9dbb4e8012021-12-21 10:23:51.945root 11241100x8000000000000000340696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc11edd7bc418d1a2021-12-21 10:23:51.945root 11241100x8000000000000000340697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9006d280e6230d12021-12-21 10:23:51.946root 11241100x8000000000000000340698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3fd60c3e8ccec8e2021-12-21 10:23:51.946root 11241100x8000000000000000340699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33098833dce29db22021-12-21 10:23:51.946root 11241100x8000000000000000340700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9344aea25faf23112021-12-21 10:23:51.946root 11241100x8000000000000000340701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7dc5dd1986bbfd62021-12-21 10:23:51.946root 11241100x8000000000000000340702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50e436d9b3e6c432021-12-21 10:23:51.946root 11241100x8000000000000000340703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32dba670ce1c5d212021-12-21 10:23:51.946root 11241100x8000000000000000340704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be51f94f9669fee2021-12-21 10:23:51.946root 11241100x8000000000000000340705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a329ba7850bc87e52021-12-21 10:23:51.946root 11241100x8000000000000000340706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc460715fb63fec2021-12-21 10:23:51.947root 11241100x8000000000000000340707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a0c1778de5ff7e2021-12-21 10:23:51.947root 11241100x8000000000000000340708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf6d60d4f3452d52021-12-21 10:23:51.947root 11241100x8000000000000000340709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d26dc3efe0dd57b2021-12-21 10:23:51.947root 11241100x8000000000000000340710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d49f77faed3c572021-12-21 10:23:51.947root 11241100x8000000000000000340711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9554c6190aea8552021-12-21 10:23:51.947root 11241100x8000000000000000340712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de883d35a0c316f92021-12-21 10:23:51.947root 11241100x8000000000000000340713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bccf05924ac892e52021-12-21 10:23:51.948root 11241100x8000000000000000340714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eff8f50f3c64f9342021-12-21 10:23:51.948root 11241100x8000000000000000340715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d097b256f8d69e662021-12-21 10:23:51.948root 11241100x8000000000000000340716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ded6e6ceaa795f72021-12-21 10:23:51.948root 11241100x8000000000000000340717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99eff754aae7dc192021-12-21 10:23:51.948root 11241100x8000000000000000340718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abc018f9a1b9d822021-12-21 10:23:51.949root 11241100x8000000000000000340719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13655faa23d29d752021-12-21 10:23:51.949root 11241100x8000000000000000340720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8eed4b37da637a2021-12-21 10:23:51.949root 11241100x8000000000000000340721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1280c110b0f4e2eb2021-12-21 10:23:51.949root 11241100x8000000000000000340722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c07d3e0881460b2021-12-21 10:23:51.949root 11241100x8000000000000000340723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa4aee24e2782bb2021-12-21 10:23:51.949root 11241100x8000000000000000340724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5bed44b417caac2021-12-21 10:23:51.949root 11241100x8000000000000000340725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465e6452105e2bd12021-12-21 10:23:51.949root 11241100x8000000000000000340726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963f15d0fe5fc24b2021-12-21 10:23:51.950root 11241100x8000000000000000340727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf459670b1f28a6d2021-12-21 10:23:51.950root 11241100x8000000000000000340728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856cab186b0b0e862021-12-21 10:23:51.950root 11241100x8000000000000000340729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dba01d2e34208c772021-12-21 10:23:51.950root 11241100x8000000000000000340730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79d23e2ab4c68932021-12-21 10:23:51.950root 11241100x8000000000000000340731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c79e225e8cdb55e2021-12-21 10:23:51.951root 11241100x8000000000000000340732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47cc0c8c493e2d8e2021-12-21 10:23:51.952root 11241100x8000000000000000340733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03dc680b42313b002021-12-21 10:23:51.952root 11241100x8000000000000000340734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73089ab379cc52f02021-12-21 10:23:51.952root 11241100x8000000000000000340735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d80cb3c0b8ecc02021-12-21 10:23:51.952root 11241100x8000000000000000340736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf1a804879b1fc22021-12-21 10:23:51.952root 11241100x8000000000000000340737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36304aeb972b2dee2021-12-21 10:23:51.952root 11241100x8000000000000000340738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e8ab3a345eb7732021-12-21 10:23:51.952root 11241100x8000000000000000340739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5197e0cfd3a3cfbd2021-12-21 10:23:51.953root 11241100x8000000000000000340740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d749ee835de590d2021-12-21 10:23:51.953root 11241100x8000000000000000340741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d068033ea1127e622021-12-21 10:23:51.953root 11241100x8000000000000000340742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10990cf2e2e3b1ea2021-12-21 10:23:51.953root 11241100x8000000000000000340743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d988439a97e878d52021-12-21 10:23:51.953root 11241100x8000000000000000340744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c8c3a5918303a32021-12-21 10:23:51.953root 11241100x8000000000000000340745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173395662a92142b2021-12-21 10:23:51.953root 11241100x8000000000000000340746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a4c534d96beec62021-12-21 10:23:51.954root 11241100x8000000000000000340747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0e8a21c47ef0162021-12-21 10:23:51.954root 11241100x8000000000000000340748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c4ce1ce42a888d2021-12-21 10:23:51.954root 11241100x8000000000000000340749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:51.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aab4d2e4db67ea82021-12-21 10:23:51.954root 11241100x8000000000000000340750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b0039a684e9bf22021-12-21 10:23:52.443root 11241100x8000000000000000340751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8335c3cedccf8b02021-12-21 10:23:52.443root 11241100x8000000000000000340752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984454e5a1797ad82021-12-21 10:23:52.443root 11241100x8000000000000000340753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbdfcd6dae116bb42021-12-21 10:23:52.443root 11241100x8000000000000000340754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4489b2704198e8f2021-12-21 10:23:52.444root 11241100x8000000000000000340755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918087ebd30882b82021-12-21 10:23:52.444root 11241100x8000000000000000340756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff5ea50d6c57b862021-12-21 10:23:52.444root 11241100x8000000000000000340757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbfff611f259071d2021-12-21 10:23:52.444root 11241100x8000000000000000340758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a704df80cf4ce552021-12-21 10:23:52.444root 11241100x8000000000000000340759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139204df455c72882021-12-21 10:23:52.444root 11241100x8000000000000000340760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85a799eaac7b6512021-12-21 10:23:52.444root 11241100x8000000000000000340761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f36aac401113be2021-12-21 10:23:52.444root 11241100x8000000000000000340762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10c0574a71530fa2021-12-21 10:23:52.444root 11241100x8000000000000000340763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd5b65ddb8766a22021-12-21 10:23:52.444root 11241100x8000000000000000340764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde8a2136e8431df2021-12-21 10:23:52.444root 11241100x8000000000000000340765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b9bb2640402c0a52021-12-21 10:23:52.444root 11241100x8000000000000000340766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69bcfa10bec37e762021-12-21 10:23:52.444root 11241100x8000000000000000340767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4891f8946ae6ad2021-12-21 10:23:52.445root 11241100x8000000000000000340768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d0ae4fff69c59d2021-12-21 10:23:52.445root 11241100x8000000000000000340769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577007affb8673042021-12-21 10:23:52.445root 11241100x8000000000000000340770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0021611b34c84a2021-12-21 10:23:52.445root 11241100x8000000000000000340771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce8f9b6c3cd2f942021-12-21 10:23:52.445root 11241100x8000000000000000340772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a30a185e5df26c42021-12-21 10:23:52.445root 11241100x8000000000000000340773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d474a05e28caf6e22021-12-21 10:23:52.445root 11241100x8000000000000000340774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dbdb572255b192d2021-12-21 10:23:52.445root 11241100x8000000000000000340775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82df8fbb4db8c442021-12-21 10:23:52.445root 11241100x8000000000000000340776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14d2717574a00832021-12-21 10:23:52.445root 11241100x8000000000000000340777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a005b968b72b8ee62021-12-21 10:23:52.445root 11241100x8000000000000000340778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039778f0788360212021-12-21 10:23:52.446root 11241100x8000000000000000340779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962769a0964319792021-12-21 10:23:52.446root 11241100x8000000000000000340780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da6c764fbfc87ef2021-12-21 10:23:52.446root 11241100x8000000000000000340781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d76ea2a82cd88762021-12-21 10:23:52.446root 11241100x8000000000000000340782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067be585e6c50dab2021-12-21 10:23:52.446root 11241100x8000000000000000340783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65ded8f14d5dbe32021-12-21 10:23:52.446root 11241100x8000000000000000340784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ff6f602380bc4a2021-12-21 10:23:52.446root 11241100x8000000000000000340785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d519afdaf3fa1c862021-12-21 10:23:52.446root 11241100x8000000000000000340786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3580dc9f42f112c62021-12-21 10:23:52.446root 11241100x8000000000000000340787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f1efd8110fce792021-12-21 10:23:52.446root 11241100x8000000000000000340788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d418e10b2aad32962021-12-21 10:23:52.446root 11241100x8000000000000000340789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc59d46807f69ee82021-12-21 10:23:52.446root 11241100x8000000000000000340790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61157450f562a54a2021-12-21 10:23:52.446root 11241100x8000000000000000340791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75ca19311a7ee612021-12-21 10:23:52.447root 11241100x8000000000000000340792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbcc78987dfaf162021-12-21 10:23:52.447root 11241100x8000000000000000340793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6e2bd65db5d1b052021-12-21 10:23:52.447root 11241100x8000000000000000340794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d2f666b07d93962021-12-21 10:23:52.447root 11241100x8000000000000000340795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57839b05bcb35c2f2021-12-21 10:23:52.447root 11241100x8000000000000000340796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded52e81f8efe0c62021-12-21 10:23:52.447root 11241100x8000000000000000340797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ccf84e43f5429ea2021-12-21 10:23:52.447root 11241100x8000000000000000340798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f837b5b6eb72f6b82021-12-21 10:23:52.447root 11241100x8000000000000000340799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07f1a957bd579292021-12-21 10:23:52.447root 11241100x8000000000000000340800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5abb0c72e955832021-12-21 10:23:52.447root 11241100x8000000000000000340801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759bfc00c42a87bb2021-12-21 10:23:52.448root 11241100x8000000000000000340802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcaf99c12a53ec52021-12-21 10:23:52.448root 11241100x8000000000000000340803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6028af53bf167b652021-12-21 10:23:52.448root 11241100x8000000000000000340804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23e26b1da6fb4952021-12-21 10:23:52.448root 11241100x8000000000000000340805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d783bb19fe85f62021-12-21 10:23:52.448root 11241100x8000000000000000340806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954fdb70ff3a74c42021-12-21 10:23:52.448root 11241100x8000000000000000340807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0fe6b516df125f82021-12-21 10:23:52.448root 11241100x8000000000000000340808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23102d0b4cd98c92021-12-21 10:23:52.448root 11241100x8000000000000000340809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b7373d33cc38fa2021-12-21 10:23:52.448root 11241100x8000000000000000340810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d7511a41f057e42021-12-21 10:23:52.449root 11241100x8000000000000000340811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15b715869000f302021-12-21 10:23:52.449root 11241100x8000000000000000340812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b523efa4974b6b3a2021-12-21 10:23:52.449root 11241100x8000000000000000340813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967cee816703d2d92021-12-21 10:23:52.449root 11241100x8000000000000000340814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85df9f1a413d5372021-12-21 10:23:52.449root 11241100x8000000000000000340815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488ee1e3d3ba01292021-12-21 10:23:52.449root 11241100x8000000000000000340816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e68677ddf8e0a82021-12-21 10:23:52.449root 11241100x8000000000000000340817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd6daca635dd2f62021-12-21 10:23:52.449root 11241100x8000000000000000340818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa0f674ecf1f8882021-12-21 10:23:52.450root 11241100x8000000000000000340819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8f3691758d82742021-12-21 10:23:52.450root 11241100x8000000000000000340820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40d5fe674ccdefd2021-12-21 10:23:52.450root 11241100x8000000000000000340821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62f56f91b43e92b2021-12-21 10:23:52.943root 11241100x8000000000000000340822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c225caa485c48d2021-12-21 10:23:52.943root 11241100x8000000000000000340823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c975e2f9c7fad0b2021-12-21 10:23:52.944root 11241100x8000000000000000340824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c21eb73e0b07f682021-12-21 10:23:52.944root 11241100x8000000000000000340825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef57542923ae0582021-12-21 10:23:52.944root 11241100x8000000000000000340826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6592c5cb3cd0d3ab2021-12-21 10:23:52.944root 11241100x8000000000000000340827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d6b161b671557a2021-12-21 10:23:52.944root 11241100x8000000000000000340828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b60c307174343812021-12-21 10:23:52.944root 11241100x8000000000000000340829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cfad05b923feccd2021-12-21 10:23:52.944root 11241100x8000000000000000340830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4bb178ad027f812021-12-21 10:23:52.944root 11241100x8000000000000000340831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a470d54bdfc071c02021-12-21 10:23:52.944root 11241100x8000000000000000340832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf5e4a1d70fc86f2021-12-21 10:23:52.944root 11241100x8000000000000000340833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2976153a8a86f8912021-12-21 10:23:52.944root 11241100x8000000000000000340834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4b743b90f30cac2021-12-21 10:23:52.944root 11241100x8000000000000000340835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ac224f0da8f4cc2021-12-21 10:23:52.944root 11241100x8000000000000000340836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388ec9f0ebf96e102021-12-21 10:23:52.945root 11241100x8000000000000000340837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d0a7d1c47461f612021-12-21 10:23:52.945root 11241100x8000000000000000340838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc38b184a29d75892021-12-21 10:23:52.945root 11241100x8000000000000000340839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b67b6f2b496216882021-12-21 10:23:52.945root 11241100x8000000000000000340840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b7b22de98b5d632021-12-21 10:23:52.945root 11241100x8000000000000000340841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1add54fbf02766f72021-12-21 10:23:52.945root 11241100x8000000000000000340842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260cd4ea9910f8de2021-12-21 10:23:52.945root 11241100x8000000000000000340843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eefe16e8cc8d9af52021-12-21 10:23:52.945root 11241100x8000000000000000340844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3cafa5a86bc6e532021-12-21 10:23:52.945root 11241100x8000000000000000340845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdce3c99c0d5a7722021-12-21 10:23:52.945root 11241100x8000000000000000340846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3572c639f26dc742021-12-21 10:23:52.945root 11241100x8000000000000000340847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342cbd0af47413a62021-12-21 10:23:52.945root 11241100x8000000000000000340848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc3d14c41b979282021-12-21 10:23:52.945root 11241100x8000000000000000340849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b27765821faea802021-12-21 10:23:52.946root 11241100x8000000000000000340850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d56e2550916f2d32021-12-21 10:23:52.946root 11241100x8000000000000000340851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20de0ce2362ad5432021-12-21 10:23:52.946root 11241100x8000000000000000340852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0902c4c5401fba72021-12-21 10:23:52.946root 11241100x8000000000000000340853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad9d0cad464523c2021-12-21 10:23:52.946root 11241100x8000000000000000340854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b7942f693457452021-12-21 10:23:52.946root 11241100x8000000000000000340855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454fdb510ae03c8a2021-12-21 10:23:52.946root 11241100x8000000000000000340856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53c94ecd2c58f902021-12-21 10:23:52.946root 11241100x8000000000000000340857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2044d7c268de0df2021-12-21 10:23:52.946root 11241100x8000000000000000340858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08011dabf0338f2c2021-12-21 10:23:52.947root 11241100x8000000000000000340859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9f5e94260190f462021-12-21 10:23:52.947root 11241100x8000000000000000340860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:52.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e572f7199a1c8362021-12-21 10:23:52.950root 11241100x8000000000000000340861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414ebf3c9ff11b8c2021-12-21 10:23:53.443root 11241100x8000000000000000340862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339d647a7bb2049a2021-12-21 10:23:53.443root 11241100x8000000000000000340863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9024e4184eb3e09c2021-12-21 10:23:53.443root 11241100x8000000000000000340864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20cd000101139b02021-12-21 10:23:53.443root 11241100x8000000000000000340865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641c94c59370bcdb2021-12-21 10:23:53.444root 11241100x8000000000000000340866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1067022d8f47cf2021-12-21 10:23:53.444root 11241100x8000000000000000340867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302239e9b17a1f892021-12-21 10:23:53.444root 11241100x8000000000000000340868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c70444ac0abac9a2021-12-21 10:23:53.444root 11241100x8000000000000000340869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143bae91c3391d7e2021-12-21 10:23:53.444root 11241100x8000000000000000340870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08aae7c5949b2f52021-12-21 10:23:53.444root 11241100x8000000000000000340871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33c109bf39d60402021-12-21 10:23:53.444root 11241100x8000000000000000340872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79749f6e8dc5de782021-12-21 10:23:53.444root 11241100x8000000000000000340873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12137e889335b1fd2021-12-21 10:23:53.445root 11241100x8000000000000000340874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37031c884cfefc7f2021-12-21 10:23:53.445root 11241100x8000000000000000340875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a6fa8c24148f332021-12-21 10:23:53.445root 11241100x8000000000000000340876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd71c22679e9bdc2021-12-21 10:23:53.445root 11241100x8000000000000000340877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7842827f1ec468272021-12-21 10:23:53.445root 11241100x8000000000000000340878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2db223e872dc5ff2021-12-21 10:23:53.445root 11241100x8000000000000000340879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbb74eebd3979632021-12-21 10:23:53.445root 11241100x8000000000000000340880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1a5998c5e35c212021-12-21 10:23:53.445root 11241100x8000000000000000340881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23125c5b66753e82021-12-21 10:23:53.445root 11241100x8000000000000000340882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4c240c5d0e241b2021-12-21 10:23:53.445root 11241100x8000000000000000340883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f083fa45577fda82021-12-21 10:23:53.446root 11241100x8000000000000000340884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5a793b453ada592021-12-21 10:23:53.446root 11241100x8000000000000000340885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3760e13557ca45532021-12-21 10:23:53.446root 11241100x8000000000000000340886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1f6f5f4adfef2c2021-12-21 10:23:53.446root 11241100x8000000000000000340887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aea6618913b86c52021-12-21 10:23:53.446root 11241100x8000000000000000340888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc11e55a487dbb42021-12-21 10:23:53.446root 11241100x8000000000000000340889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4ff6f3809e68812021-12-21 10:23:53.446root 11241100x8000000000000000340890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8537062b94e82ae2021-12-21 10:23:53.446root 11241100x8000000000000000340891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f46a929adc44cd2021-12-21 10:23:53.447root 11241100x8000000000000000340892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e34b924626b8f7e2021-12-21 10:23:53.447root 11241100x8000000000000000340893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9776ff4c97b9643a2021-12-21 10:23:53.447root 11241100x8000000000000000340894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027f8b0a0b8faa862021-12-21 10:23:53.447root 11241100x8000000000000000340895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc896e28598e2572021-12-21 10:23:53.447root 11241100x8000000000000000340896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4814259e1dd5fe862021-12-21 10:23:53.447root 11241100x8000000000000000340897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ea3822828d0a202021-12-21 10:23:53.447root 11241100x8000000000000000340898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d43593573dcf63a2021-12-21 10:23:53.448root 11241100x8000000000000000340899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a3cfaf4d22cf482021-12-21 10:23:53.448root 11241100x8000000000000000340900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7109c3f2d7533b6d2021-12-21 10:23:53.448root 11241100x8000000000000000340901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d82293e1a09a992021-12-21 10:23:53.448root 11241100x8000000000000000340902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ba70436ddb854c2021-12-21 10:23:53.448root 11241100x8000000000000000340903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170c1f16ac5992f42021-12-21 10:23:53.943root 11241100x8000000000000000340904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f00875223b49e3b2021-12-21 10:23:53.943root 11241100x8000000000000000340905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2b52950ab96ff72021-12-21 10:23:53.943root 11241100x8000000000000000340906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebbfd30f7ea57b932021-12-21 10:23:53.943root 11241100x8000000000000000340907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473a38b877fc68412021-12-21 10:23:53.944root 11241100x8000000000000000340908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ecec8bd7d2710e2021-12-21 10:23:53.944root 11241100x8000000000000000340909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f51d3d3d83db712021-12-21 10:23:53.944root 11241100x8000000000000000340910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a05a0238d61c3b2021-12-21 10:23:53.944root 11241100x8000000000000000340911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43bf4bd72f83a6a2021-12-21 10:23:53.944root 11241100x8000000000000000340912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fcb3f4d221a9312021-12-21 10:23:53.944root 11241100x8000000000000000340913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a020c4f06b1ec9702021-12-21 10:23:53.945root 11241100x8000000000000000340914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f736d36c6a778d52021-12-21 10:23:53.945root 11241100x8000000000000000340915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1fea3e01b0597f92021-12-21 10:23:53.945root 11241100x8000000000000000340916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6ba06c4d4b60f42021-12-21 10:23:53.945root 11241100x8000000000000000340917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdbbf752b4ca3e22021-12-21 10:23:53.945root 11241100x8000000000000000340918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73db74848bfd89722021-12-21 10:23:53.945root 11241100x8000000000000000340919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de575eb8fdfc37612021-12-21 10:23:53.945root 11241100x8000000000000000340920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd27e5c8b3184892021-12-21 10:23:53.945root 11241100x8000000000000000340921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bbdf4312d59da9e2021-12-21 10:23:53.945root 11241100x8000000000000000340922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377d27be1f8d53e82021-12-21 10:23:53.945root 11241100x8000000000000000340923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e315650922b57f2021-12-21 10:23:53.945root 11241100x8000000000000000340924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad3361d4dbaec7c2021-12-21 10:23:53.945root 11241100x8000000000000000340925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f3ba50469c61882021-12-21 10:23:53.945root 11241100x8000000000000000340926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5d8165bfd0992b2021-12-21 10:23:53.946root 11241100x8000000000000000340927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1111a3dc840f3e7f2021-12-21 10:23:53.946root 11241100x8000000000000000340928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6121c2d6be07d2b2021-12-21 10:23:53.946root 11241100x8000000000000000340929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a578f34849d7272021-12-21 10:23:53.946root 11241100x8000000000000000340930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1c3d532df3eb442021-12-21 10:23:53.946root 11241100x8000000000000000340931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96be456a84950f3d2021-12-21 10:23:53.946root 11241100x8000000000000000340932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6f0dc514d45c2d2021-12-21 10:23:53.946root 11241100x8000000000000000340933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90732bf187455082021-12-21 10:23:53.946root 11241100x8000000000000000340934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a4d0915cb0d9492021-12-21 10:23:53.946root 11241100x8000000000000000340935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10789c3f91627822021-12-21 10:23:53.946root 11241100x8000000000000000340936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac130ba6e6d03a02021-12-21 10:23:53.946root 11241100x8000000000000000340937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0081f98a995332932021-12-21 10:23:53.946root 11241100x8000000000000000340938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c974119eaee4cc2021-12-21 10:23:53.947root 11241100x8000000000000000340939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f776bd1a1306c012021-12-21 10:23:53.947root 11241100x8000000000000000340940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba356380d9f56a182021-12-21 10:23:53.947root 11241100x8000000000000000340941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e13448b776cb82352021-12-21 10:23:53.947root 11241100x8000000000000000340942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52d51dae48f765c2021-12-21 10:23:53.948root 11241100x8000000000000000340943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73941ab1212f6822021-12-21 10:23:53.948root 354300x8000000000000000340944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.119{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47040-false10.0.1.12-8000- 11241100x8000000000000000340945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e317c82e8bfef9e2021-12-21 10:23:54.443root 11241100x8000000000000000340946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509d7cccb0eb057b2021-12-21 10:23:54.443root 11241100x8000000000000000340947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c848a45b42e8d8e2021-12-21 10:23:54.443root 11241100x8000000000000000340948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9679e0c54dccc52021-12-21 10:23:54.443root 11241100x8000000000000000340949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081d65c7599c9fcb2021-12-21 10:23:54.444root 11241100x8000000000000000340950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ddde4063eb56d3a2021-12-21 10:23:54.444root 11241100x8000000000000000340951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39dff26d3bf183142021-12-21 10:23:54.444root 11241100x8000000000000000340952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fddc2306ec020a32021-12-21 10:23:54.444root 11241100x8000000000000000340953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139ea5dadb9a373e2021-12-21 10:23:54.444root 11241100x8000000000000000340954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dac852f41fd2dbf2021-12-21 10:23:54.444root 11241100x8000000000000000340955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78f3da7f707d3ee2021-12-21 10:23:54.444root 11241100x8000000000000000340956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abbf5fa2f2d7eeb2021-12-21 10:23:54.444root 11241100x8000000000000000340957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f78add9514049bf92021-12-21 10:23:54.444root 11241100x8000000000000000340958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1915e41b040f81232021-12-21 10:23:54.444root 11241100x8000000000000000340959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1bddc4ecb947872021-12-21 10:23:54.444root 11241100x8000000000000000340960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7112b43d17960032021-12-21 10:23:54.445root 11241100x8000000000000000340961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1298dc8c48a209a62021-12-21 10:23:54.445root 11241100x8000000000000000340962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958e0ae2799b12f32021-12-21 10:23:54.445root 11241100x8000000000000000340963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b06b6d989088472021-12-21 10:23:54.445root 11241100x8000000000000000340964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6069ff19f136262021-12-21 10:23:54.445root 11241100x8000000000000000340965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736c10ba2d40de242021-12-21 10:23:54.445root 11241100x8000000000000000340966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2d836623c8a4712021-12-21 10:23:54.445root 11241100x8000000000000000340967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5d02b4a14852432021-12-21 10:23:54.445root 11241100x8000000000000000340968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d8cba3279b5d3d2021-12-21 10:23:54.445root 11241100x8000000000000000340969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd42d3c0319effe52021-12-21 10:23:54.445root 11241100x8000000000000000340970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5dbf6f7628de3b2021-12-21 10:23:54.446root 11241100x8000000000000000340971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f29b9870136fbce2021-12-21 10:23:54.446root 11241100x8000000000000000340972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7c40225aad63a92021-12-21 10:23:54.446root 11241100x8000000000000000340973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44cd40558178ffbc2021-12-21 10:23:54.446root 11241100x8000000000000000340974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd896c1129fe1d02021-12-21 10:23:54.446root 11241100x8000000000000000340975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562d6a79e99e14472021-12-21 10:23:54.446root 11241100x8000000000000000340976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e75995a6650c6af2021-12-21 10:23:54.446root 11241100x8000000000000000340977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b0ed970b0befb12021-12-21 10:23:54.446root 11241100x8000000000000000340978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc1d4e3b4cd21902021-12-21 10:23:54.446root 11241100x8000000000000000340979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8fe953c4627c06d2021-12-21 10:23:54.446root 11241100x8000000000000000340980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695b76d4def1a8e42021-12-21 10:23:54.447root 11241100x8000000000000000340981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2633362110923f2021-12-21 10:23:54.447root 11241100x8000000000000000340982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026d2166f9a59f922021-12-21 10:23:54.447root 11241100x8000000000000000340983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3f34bce4bfc6882021-12-21 10:23:54.447root 11241100x8000000000000000340984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510916cea2a05ca22021-12-21 10:23:54.447root 11241100x8000000000000000340985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3dc0167ec76d8792021-12-21 10:23:54.447root 11241100x8000000000000000340986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487f3587fc10b4e22021-12-21 10:23:54.447root 11241100x8000000000000000340987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93210225e3db6b62021-12-21 10:23:54.448root 11241100x8000000000000000340988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b883e185f72b9eb2021-12-21 10:23:54.942root 11241100x8000000000000000340989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8fc8bcff39b4e612021-12-21 10:23:54.943root 11241100x8000000000000000340990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caa588b5845f51002021-12-21 10:23:54.943root 11241100x8000000000000000340991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b3159fefd0a14a02021-12-21 10:23:54.943root 11241100x8000000000000000340992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a74a78579654e222021-12-21 10:23:54.943root 11241100x8000000000000000340993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e824ea9e81a77bf32021-12-21 10:23:54.943root 11241100x8000000000000000340994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ab3e7b0344c5622021-12-21 10:23:54.943root 11241100x8000000000000000340995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269cdea786ccd1272021-12-21 10:23:54.943root 11241100x8000000000000000340996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c28a735017eda72021-12-21 10:23:54.944root 11241100x8000000000000000340997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca355efe9ec290e62021-12-21 10:23:54.944root 11241100x8000000000000000340998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16fe4b68536f0b5f2021-12-21 10:23:54.944root 11241100x8000000000000000340999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c89a8cc8ecd66d72021-12-21 10:23:54.944root 11241100x8000000000000000341000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8481ae309929c1622021-12-21 10:23:54.944root 11241100x8000000000000000341001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d7b96e7ccd2d322021-12-21 10:23:54.944root 11241100x8000000000000000341002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7db4244567892a2021-12-21 10:23:54.944root 11241100x8000000000000000341003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8c329b46ae326a2021-12-21 10:23:54.944root 11241100x8000000000000000341004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f4afda25d40def2021-12-21 10:23:54.944root 11241100x8000000000000000341005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f16f3c0b917b902021-12-21 10:23:54.945root 11241100x8000000000000000341006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c0efb7300889f82021-12-21 10:23:54.945root 11241100x8000000000000000341007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e556684383159e2021-12-21 10:23:54.945root 11241100x8000000000000000341008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd9119cc5e783192021-12-21 10:23:54.945root 11241100x8000000000000000341009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718a7a3a15cb5c982021-12-21 10:23:54.945root 11241100x8000000000000000341010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96f7cf82b5dcb752021-12-21 10:23:54.945root 11241100x8000000000000000341011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525e8d68136d9f432021-12-21 10:23:54.945root 11241100x8000000000000000341012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750eeaff3794b93d2021-12-21 10:23:54.945root 11241100x8000000000000000341013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e23dab8da1cc43b2021-12-21 10:23:54.946root 11241100x8000000000000000341014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737f419f1aef2ddf2021-12-21 10:23:54.946root 11241100x8000000000000000341015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1253f78b14cd3f162021-12-21 10:23:54.946root 11241100x8000000000000000341016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca72d0561abaeb6f2021-12-21 10:23:54.946root 11241100x8000000000000000341017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bded78079fd0cdc52021-12-21 10:23:54.946root 11241100x8000000000000000341018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e728d547374ec6442021-12-21 10:23:54.946root 11241100x8000000000000000341019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58c569d2b73d8982021-12-21 10:23:54.946root 11241100x8000000000000000341020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd41ffa888f27ed2021-12-21 10:23:54.946root 11241100x8000000000000000341021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae00200943dcfbd62021-12-21 10:23:54.946root 11241100x8000000000000000341022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e52d7673f65cb62021-12-21 10:23:54.946root 11241100x8000000000000000341023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43be00aa623332082021-12-21 10:23:54.947root 11241100x8000000000000000341024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d88760febac099d2021-12-21 10:23:54.947root 11241100x8000000000000000341025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ddad5fb1c513ea82021-12-21 10:23:54.947root 11241100x8000000000000000341026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5103908bfcaf34572021-12-21 10:23:54.947root 11241100x8000000000000000341027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b8d81fd76a2b132021-12-21 10:23:54.947root 11241100x8000000000000000341028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ce07f8e3129e2d2021-12-21 10:23:54.947root 11241100x8000000000000000341029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc438d25c4a6c0e2021-12-21 10:23:54.947root 11241100x8000000000000000341030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63474575bb79abd82021-12-21 10:23:54.948root 11241100x8000000000000000341031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105e409377f113e82021-12-21 10:23:54.948root 11241100x8000000000000000341032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:54.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fba643036b06fdd2021-12-21 10:23:54.948root 11241100x8000000000000000341033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1801e343f7da1842021-12-21 10:23:55.443root 11241100x8000000000000000341034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e7f17eb62ac25c72021-12-21 10:23:55.443root 11241100x8000000000000000341035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5e874204c939202021-12-21 10:23:55.443root 11241100x8000000000000000341036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d08d5ddd0233ee2021-12-21 10:23:55.444root 11241100x8000000000000000341037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3a6aa62172aa4c2021-12-21 10:23:55.444root 11241100x8000000000000000341038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ae4e1a3089afb72021-12-21 10:23:55.444root 11241100x8000000000000000341039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb48289d51015272021-12-21 10:23:55.444root 11241100x8000000000000000341040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1eb1e01dced45d2021-12-21 10:23:55.444root 11241100x8000000000000000341041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd95120567b517fa2021-12-21 10:23:55.444root 11241100x8000000000000000341042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90f26c363cdc12f2021-12-21 10:23:55.444root 11241100x8000000000000000341043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de164e1d65f13b92021-12-21 10:23:55.444root 11241100x8000000000000000341044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b2a816dc83bded2021-12-21 10:23:55.444root 11241100x8000000000000000341045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471e1a6ea4d174092021-12-21 10:23:55.444root 11241100x8000000000000000341046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49fc344ef481fc22021-12-21 10:23:55.444root 11241100x8000000000000000341047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df18decedaf186a62021-12-21 10:23:55.445root 11241100x8000000000000000341048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82913bc3814d595c2021-12-21 10:23:55.445root 11241100x8000000000000000341049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31be0913db5984a2021-12-21 10:23:55.445root 11241100x8000000000000000341050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e5afe9081940392021-12-21 10:23:55.445root 11241100x8000000000000000341051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c61d1d717719a022021-12-21 10:23:55.445root 11241100x8000000000000000341052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d4fc1bdab35df62021-12-21 10:23:55.445root 11241100x8000000000000000341053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d3882c270f9b6f2021-12-21 10:23:55.445root 11241100x8000000000000000341054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7d0ee78ea692bb2021-12-21 10:23:55.445root 11241100x8000000000000000341055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c64c31ac76c3232021-12-21 10:23:55.445root 11241100x8000000000000000341056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e001ce6af77f652021-12-21 10:23:55.446root 11241100x8000000000000000341057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee385b9db6a53d42021-12-21 10:23:55.446root 11241100x8000000000000000341058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6316194945be0e9d2021-12-21 10:23:55.446root 11241100x8000000000000000341059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5b11e5126364072021-12-21 10:23:55.446root 11241100x8000000000000000341060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c57a775f1f49de2021-12-21 10:23:55.446root 11241100x8000000000000000341061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02c5cb3b7d685942021-12-21 10:23:55.446root 11241100x8000000000000000341062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82099e42dcb6d382021-12-21 10:23:55.446root 11241100x8000000000000000341063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7297a387577014db2021-12-21 10:23:55.446root 11241100x8000000000000000341064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc616a9d3c90fbf2021-12-21 10:23:55.446root 11241100x8000000000000000341065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22e50d5df66b0002021-12-21 10:23:55.447root 11241100x8000000000000000341066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58449bab40a2c312021-12-21 10:23:55.447root 11241100x8000000000000000341067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ca63d825e762fd2021-12-21 10:23:55.447root 11241100x8000000000000000341068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c4f9f35b7d414d2021-12-21 10:23:55.447root 11241100x8000000000000000341069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b2edb36c8b57832021-12-21 10:23:55.447root 11241100x8000000000000000341070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd98eceeaec62d262021-12-21 10:23:55.447root 11241100x8000000000000000341071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e9164b8e519e1e2021-12-21 10:23:55.447root 11241100x8000000000000000341072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a2bff11b7e585e2021-12-21 10:23:55.448root 11241100x8000000000000000341073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72778876316b6d142021-12-21 10:23:55.448root 11241100x8000000000000000341074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa681b57102ae8f52021-12-21 10:23:55.448root 11241100x8000000000000000341075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10a6c953e590ee32021-12-21 10:23:55.448root 11241100x8000000000000000341076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5e77c46156fad92021-12-21 10:23:55.448root 11241100x8000000000000000341077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fa09bd2f5698bc2021-12-21 10:23:55.448root 11241100x8000000000000000341078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f29cc88d75ddae2021-12-21 10:23:55.448root 11241100x8000000000000000341079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9306360dd6a9b12021-12-21 10:23:55.448root 11241100x8000000000000000341080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288039fe7ee32c6a2021-12-21 10:23:55.448root 11241100x8000000000000000341081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99187c8f76cd51b2021-12-21 10:23:55.448root 11241100x8000000000000000341082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a449679f112963a82021-12-21 10:23:55.448root 11241100x8000000000000000341083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452f1c81315fb00e2021-12-21 10:23:55.448root 11241100x8000000000000000341084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbb7972a8c72e852021-12-21 10:23:55.449root 11241100x8000000000000000341085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae20580df985ceec2021-12-21 10:23:55.449root 11241100x8000000000000000341086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d84ab756786a2a2021-12-21 10:23:55.449root 11241100x8000000000000000341087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6aecc56f8caec92021-12-21 10:23:55.449root 11241100x8000000000000000341088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b17fc0996ce292a2021-12-21 10:23:55.453root 11241100x8000000000000000341089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee85c744b5e5b502021-12-21 10:23:55.453root 11241100x8000000000000000341090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70005f7a669832312021-12-21 10:23:55.943root 11241100x8000000000000000341091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96bc121a2c8751252021-12-21 10:23:55.943root 11241100x8000000000000000341092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9dbaaddf518ec922021-12-21 10:23:55.943root 11241100x8000000000000000341093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64774317745cfe042021-12-21 10:23:55.943root 11241100x8000000000000000341094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e0935aee82956c2021-12-21 10:23:55.943root 11241100x8000000000000000341095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bd3f19821ca8402021-12-21 10:23:55.944root 11241100x8000000000000000341096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc4ffb29208051d2021-12-21 10:23:55.944root 11241100x8000000000000000341097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164348b483b86f7c2021-12-21 10:23:55.944root 11241100x8000000000000000341098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5fcc1dafa6368ed2021-12-21 10:23:55.944root 11241100x8000000000000000341099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f59385649bc7c22021-12-21 10:23:55.944root 11241100x8000000000000000341100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8380fa2b68f89352021-12-21 10:23:55.944root 11241100x8000000000000000341101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709095a0b68bfc522021-12-21 10:23:55.944root 11241100x8000000000000000341102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6145dab69c7059e2021-12-21 10:23:55.944root 11241100x8000000000000000341103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d5d00f1ee988cc2021-12-21 10:23:55.945root 11241100x8000000000000000341104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baab0016c51c26df2021-12-21 10:23:55.945root 11241100x8000000000000000341105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e770aae9071604e82021-12-21 10:23:55.945root 11241100x8000000000000000341106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b57d53ac83285ae72021-12-21 10:23:55.945root 11241100x8000000000000000341107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273a0b17275cee722021-12-21 10:23:55.945root 11241100x8000000000000000341108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c88f02f3bdc8ccd2021-12-21 10:23:55.945root 11241100x8000000000000000341109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62bf89db81fc9c722021-12-21 10:23:55.945root 11241100x8000000000000000341110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7914e15521d7a1f72021-12-21 10:23:55.946root 11241100x8000000000000000341111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10a75c3f06a982a2021-12-21 10:23:55.946root 11241100x8000000000000000341112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4572494741bbc6a2021-12-21 10:23:55.946root 11241100x8000000000000000341113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50fe389b7594bd262021-12-21 10:23:55.946root 11241100x8000000000000000341114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dced94cf88a6944d2021-12-21 10:23:55.946root 11241100x8000000000000000341115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040aa7072ebcb3372021-12-21 10:23:55.946root 11241100x8000000000000000341116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9b964ebace6ab42021-12-21 10:23:55.946root 11241100x8000000000000000341117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e4e06395a95eca2021-12-21 10:23:55.947root 11241100x8000000000000000341118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f01ec24793893c2021-12-21 10:23:55.947root 11241100x8000000000000000341119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed154c891c7bd182021-12-21 10:23:55.947root 11241100x8000000000000000341120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e245ee0d54cabb2021-12-21 10:23:55.947root 11241100x8000000000000000341121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d9309f9dffbaa92021-12-21 10:23:55.947root 11241100x8000000000000000341122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8676baf65c8fd5f82021-12-21 10:23:55.947root 11241100x8000000000000000341123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c12d99ddab5f39b2021-12-21 10:23:55.947root 11241100x8000000000000000341124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34bca11bf8b293912021-12-21 10:23:55.948root 11241100x8000000000000000341125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72dfbc4e14cbef862021-12-21 10:23:55.948root 11241100x8000000000000000341126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f92d097718240e82021-12-21 10:23:55.948root 11241100x8000000000000000341127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5701f838d367062021-12-21 10:23:55.948root 11241100x8000000000000000341128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a9d5ccdbabfaf92021-12-21 10:23:55.948root 11241100x8000000000000000341129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1659e1a4a345752021-12-21 10:23:55.948root 11241100x8000000000000000341130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8216abee4c119b9e2021-12-21 10:23:56.443root 11241100x8000000000000000341131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9cfe802291b81602021-12-21 10:23:56.443root 11241100x8000000000000000341132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5ad3e8c8cbd5a12021-12-21 10:23:56.444root 11241100x8000000000000000341133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84982559f51aa39c2021-12-21 10:23:56.444root 11241100x8000000000000000341134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0bfae43dd9bbb92021-12-21 10:23:56.444root 11241100x8000000000000000341135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6837a8844b81b7d02021-12-21 10:23:56.444root 11241100x8000000000000000341136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49ab8344deaea1a2021-12-21 10:23:56.445root 11241100x8000000000000000341137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6152f53fc04738e32021-12-21 10:23:56.445root 11241100x8000000000000000341138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa4aa0dbff2b2722021-12-21 10:23:56.446root 11241100x8000000000000000341139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40286425f1ed00fe2021-12-21 10:23:56.446root 11241100x8000000000000000341140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80684163a401df42021-12-21 10:23:56.446root 11241100x8000000000000000341141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3614e435d92fd0d2021-12-21 10:23:56.448root 11241100x8000000000000000341142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50190f638c00bcd72021-12-21 10:23:56.448root 11241100x8000000000000000341143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8920d17f8f4657f2021-12-21 10:23:56.448root 11241100x8000000000000000341144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26447324f0425fea2021-12-21 10:23:56.448root 11241100x8000000000000000341145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4158a27f061d58d92021-12-21 10:23:56.448root 11241100x8000000000000000341146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417b4c217ea4ee002021-12-21 10:23:56.448root 11241100x8000000000000000341147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b07517b33b8774022021-12-21 10:23:56.448root 11241100x8000000000000000341148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed60fd5c9fa9a1fc2021-12-21 10:23:56.448root 11241100x8000000000000000341149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f51b6c914187c362021-12-21 10:23:56.450root 11241100x8000000000000000341150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182853531a39d1232021-12-21 10:23:56.450root 11241100x8000000000000000341151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02cc98d1a9777042021-12-21 10:23:56.450root 11241100x8000000000000000341152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27df08d4ea3243d2021-12-21 10:23:56.452root 11241100x8000000000000000341153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1fa0f3f030bd2ba2021-12-21 10:23:56.452root 11241100x8000000000000000341154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91468dc7b8aab39a2021-12-21 10:23:56.452root 11241100x8000000000000000341155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f80d5f6deb8e422021-12-21 10:23:56.452root 11241100x8000000000000000341156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b943da6ad7ae41d2021-12-21 10:23:56.452root 11241100x8000000000000000341157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3877a08db3be952021-12-21 10:23:56.452root 11241100x8000000000000000341158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44149f71cfd0fe2e2021-12-21 10:23:56.452root 11241100x8000000000000000341159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3adb3bb8bf0f85912021-12-21 10:23:56.454root 11241100x8000000000000000341160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49647607b98e10022021-12-21 10:23:56.454root 11241100x8000000000000000341161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386ae04683ca14aa2021-12-21 10:23:56.454root 11241100x8000000000000000341162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55adedc2be7d85e2021-12-21 10:23:56.454root 11241100x8000000000000000341163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051a190deefd4e332021-12-21 10:23:56.454root 11241100x8000000000000000341164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220d25336f9b1dfd2021-12-21 10:23:56.454root 11241100x8000000000000000341165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b758773c874b5fe2021-12-21 10:23:56.454root 11241100x8000000000000000341166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90093817c649018b2021-12-21 10:23:56.454root 11241100x8000000000000000341167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f047ffdc1a3910c2021-12-21 10:23:56.456root 11241100x8000000000000000341168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e310c0e5dc4351362021-12-21 10:23:56.456root 11241100x8000000000000000341169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554f57d8101107772021-12-21 10:23:56.456root 11241100x8000000000000000341170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee573936e7c49c5a2021-12-21 10:23:56.456root 11241100x8000000000000000341171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c27cc7139326962021-12-21 10:23:56.456root 11241100x8000000000000000341172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371e6d7be2e701032021-12-21 10:23:56.456root 11241100x8000000000000000341173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77c99f9b039e38a2021-12-21 10:23:56.456root 11241100x8000000000000000341174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265b9315b4e985162021-12-21 10:23:56.456root 11241100x8000000000000000341175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38731f549d3d9392021-12-21 10:23:56.942root 11241100x8000000000000000341176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa75a8a3743086b2021-12-21 10:23:56.943root 11241100x8000000000000000341177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232c1cc5c15acf012021-12-21 10:23:56.943root 11241100x8000000000000000341178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2f51f98c5822c12021-12-21 10:23:56.943root 11241100x8000000000000000341179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4413e0d7584b75d52021-12-21 10:23:56.943root 11241100x8000000000000000341180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3538bf391c057782021-12-21 10:23:56.943root 11241100x8000000000000000341181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce87c528c2b849af2021-12-21 10:23:56.943root 11241100x8000000000000000341182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da7caf060f40c73a2021-12-21 10:23:56.943root 11241100x8000000000000000341183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36139983e2a61bfe2021-12-21 10:23:56.943root 11241100x8000000000000000341184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e592e606054c7bd2021-12-21 10:23:56.943root 11241100x8000000000000000341185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538f1d3b5ce3a5f02021-12-21 10:23:56.944root 11241100x8000000000000000341186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabb50ae085b7ad32021-12-21 10:23:56.944root 11241100x8000000000000000341187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424b0d7f1504cebc2021-12-21 10:23:56.944root 11241100x8000000000000000341188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec3d4cad2e036942021-12-21 10:23:56.944root 11241100x8000000000000000341189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3e1f066998abc52021-12-21 10:23:56.944root 11241100x8000000000000000341190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a76e9620b3bb2cb72021-12-21 10:23:56.944root 11241100x8000000000000000341191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348b8f1de57e1c142021-12-21 10:23:56.944root 11241100x8000000000000000341192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388800dfb8f5a69e2021-12-21 10:23:56.944root 11241100x8000000000000000341193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15efddec2687369b2021-12-21 10:23:56.945root 11241100x8000000000000000341194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb5b4d2bb8ec54f2021-12-21 10:23:56.945root 11241100x8000000000000000341195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be1be9e3d51df7722021-12-21 10:23:56.945root 11241100x8000000000000000341196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3516023d0c5b0c2021-12-21 10:23:56.945root 11241100x8000000000000000341197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b7638324b13b142021-12-21 10:23:56.945root 11241100x8000000000000000341198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99a03dad5bc22592021-12-21 10:23:56.945root 11241100x8000000000000000341199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472e0884a8db5f0f2021-12-21 10:23:56.945root 11241100x8000000000000000341200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a25aad1e5f7132d72021-12-21 10:23:56.946root 11241100x8000000000000000341201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5706a375a4e30d702021-12-21 10:23:56.946root 11241100x8000000000000000341202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b30eeff09b99d142021-12-21 10:23:56.946root 11241100x8000000000000000341203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2312a773dd0b532021-12-21 10:23:56.946root 11241100x8000000000000000341204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6f883442d479882021-12-21 10:23:56.946root 11241100x8000000000000000341205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11184bb08c7bc3992021-12-21 10:23:56.946root 11241100x8000000000000000341206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3666d29f3d32992021-12-21 10:23:56.946root 11241100x8000000000000000341207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c09e288a40d9c0e2021-12-21 10:23:56.946root 11241100x8000000000000000341208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43c30c7368bbca32021-12-21 10:23:56.946root 11241100x8000000000000000341209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e473eb629e404d52021-12-21 10:23:56.946root 11241100x8000000000000000341210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1184f57fcbd60df2021-12-21 10:23:56.947root 11241100x8000000000000000341211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986d328e93e032c12021-12-21 10:23:56.947root 11241100x8000000000000000341212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11872bc8bb26b15f2021-12-21 10:23:56.947root 11241100x8000000000000000341213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5eb80b36fb7bece2021-12-21 10:23:56.947root 11241100x8000000000000000341214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.208578675037d0122021-12-21 10:23:56.947root 11241100x8000000000000000341215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:56.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9115ff4e4dfd824f2021-12-21 10:23:56.947root 11241100x8000000000000000341216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e464bc50c123e98d2021-12-21 10:23:57.442root 11241100x8000000000000000341217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804a68adeb06b8792021-12-21 10:23:57.443root 11241100x8000000000000000341218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e704419a139ec02021-12-21 10:23:57.443root 11241100x8000000000000000341219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd19762224e455122021-12-21 10:23:57.443root 11241100x8000000000000000341220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee08dfb9408705ed2021-12-21 10:23:57.443root 11241100x8000000000000000341221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3db9cfaf791ca432021-12-21 10:23:57.443root 11241100x8000000000000000341222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db47401848616ff32021-12-21 10:23:57.443root 11241100x8000000000000000341223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d992d1476381e9442021-12-21 10:23:57.444root 11241100x8000000000000000341224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0ef51668cd91642021-12-21 10:23:57.444root 11241100x8000000000000000341225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26df6075108214312021-12-21 10:23:57.444root 11241100x8000000000000000341226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba13edbb2f95ed12021-12-21 10:23:57.444root 11241100x8000000000000000341227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2269ae2d8c44b0d2021-12-21 10:23:57.444root 11241100x8000000000000000341228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712b250f4dbf01132021-12-21 10:23:57.444root 11241100x8000000000000000341229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22627b54c66f927f2021-12-21 10:23:57.444root 11241100x8000000000000000341230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e71d88342920dc82021-12-21 10:23:57.444root 11241100x8000000000000000341231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5e45bd80d7bf932021-12-21 10:23:57.444root 11241100x8000000000000000341232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ba2880d81c1c582021-12-21 10:23:57.445root 11241100x8000000000000000341233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547ad0b5dda8a74f2021-12-21 10:23:57.445root 11241100x8000000000000000341234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df6fe321b09b4322021-12-21 10:23:57.445root 11241100x8000000000000000341235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3549d4074565ba702021-12-21 10:23:57.445root 11241100x8000000000000000341236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72494de0a3efdc882021-12-21 10:23:57.445root 11241100x8000000000000000341237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8bdfb01e7de20b42021-12-21 10:23:57.445root 11241100x8000000000000000341238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf39aaa8f2e669c2021-12-21 10:23:57.445root 11241100x8000000000000000341239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10c99af6c7f0b542021-12-21 10:23:57.446root 11241100x8000000000000000341240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f9d8c84bcf54b62021-12-21 10:23:57.446root 11241100x8000000000000000341241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5050e00f2bafd80e2021-12-21 10:23:57.446root 11241100x8000000000000000341242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9929c7a3a285e8c42021-12-21 10:23:57.446root 11241100x8000000000000000341243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09cdfe44d07dd79c2021-12-21 10:23:57.446root 11241100x8000000000000000341244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c915215e88261762021-12-21 10:23:57.446root 11241100x8000000000000000341245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5276fca31f741ff72021-12-21 10:23:57.447root 11241100x8000000000000000341246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190c1b085dfa85382021-12-21 10:23:57.447root 11241100x8000000000000000341247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345b1996245bc6862021-12-21 10:23:57.447root 11241100x8000000000000000341248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ee31b6fd7f06d12021-12-21 10:23:57.447root 11241100x8000000000000000341249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab08a917df13b6732021-12-21 10:23:57.448root 11241100x8000000000000000341250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c292061a0d9e90a2021-12-21 10:23:57.448root 11241100x8000000000000000341251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fecd8fb7abaec2b2021-12-21 10:23:57.448root 11241100x8000000000000000341252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d75084c1156f102021-12-21 10:23:57.448root 11241100x8000000000000000341253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5d6a7f50b5af612021-12-21 10:23:57.448root 11241100x8000000000000000341254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61f3b03af466a3c2021-12-21 10:23:57.448root 11241100x8000000000000000341255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c770b90fc6c2e502021-12-21 10:23:57.448root 11241100x8000000000000000341256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68725bbed4bb53412021-12-21 10:23:57.448root 11241100x8000000000000000341257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef93c1ee0b8496b2021-12-21 10:23:57.449root 11241100x8000000000000000341258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a88c6216a6681ca2021-12-21 10:23:57.449root 11241100x8000000000000000341259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623375416565786b2021-12-21 10:23:57.449root 11241100x8000000000000000341260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f06d42cee3e1eec2021-12-21 10:23:57.943root 11241100x8000000000000000341261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746eab4ac923feec2021-12-21 10:23:57.943root 11241100x8000000000000000341262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0373dc3d2b98c7852021-12-21 10:23:57.944root 11241100x8000000000000000341263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fd173305ad45c52021-12-21 10:23:57.944root 11241100x8000000000000000341264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655438dded5a0d3f2021-12-21 10:23:57.944root 11241100x8000000000000000341265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b10f033b94722802021-12-21 10:23:57.945root 11241100x8000000000000000341266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19d04fe9c067c6a2021-12-21 10:23:57.945root 11241100x8000000000000000341267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afe17d0ea32f4022021-12-21 10:23:57.945root 11241100x8000000000000000341268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee8a48c025c91242021-12-21 10:23:57.946root 11241100x8000000000000000341269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5f6c2484f529b22021-12-21 10:23:57.946root 11241100x8000000000000000341270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225863381b81b2da2021-12-21 10:23:57.946root 11241100x8000000000000000341271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c1e8fb62c8f8ff2021-12-21 10:23:57.946root 11241100x8000000000000000341272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4db2882f658d4922021-12-21 10:23:57.946root 11241100x8000000000000000341273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d64884616f1b8c2021-12-21 10:23:57.946root 11241100x8000000000000000341274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c39e2834d40334c2021-12-21 10:23:57.946root 11241100x8000000000000000341275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45216d6921e58d092021-12-21 10:23:57.946root 11241100x8000000000000000341276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d44c0b497ccee842021-12-21 10:23:57.946root 11241100x8000000000000000341277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd151b4f141518692021-12-21 10:23:57.947root 11241100x8000000000000000341278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159e3f9905978d452021-12-21 10:23:57.947root 11241100x8000000000000000341279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9155b6fe94f3d0162021-12-21 10:23:57.947root 11241100x8000000000000000341280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e3f5ec7bbdcdec2021-12-21 10:23:57.947root 11241100x8000000000000000341281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c1ca34c35c08692021-12-21 10:23:57.947root 11241100x8000000000000000341282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ca5cb66a24f6b82021-12-21 10:23:57.947root 11241100x8000000000000000341283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d6f8f6643c7cfa2021-12-21 10:23:57.947root 11241100x8000000000000000341284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ef2714e1baffdf2021-12-21 10:23:57.947root 11241100x8000000000000000341285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef53c9a8be11b4a52021-12-21 10:23:57.947root 11241100x8000000000000000341286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fd3c403619351ca2021-12-21 10:23:57.948root 11241100x8000000000000000341287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261b16e8805a5c562021-12-21 10:23:57.948root 11241100x8000000000000000341288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231b19a2f81293872021-12-21 10:23:57.948root 11241100x8000000000000000341289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa9480a5d46ac272021-12-21 10:23:57.948root 11241100x8000000000000000341290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61336ef2a8b92fb2021-12-21 10:23:57.948root 11241100x8000000000000000341291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18c9f700f058af82021-12-21 10:23:57.948root 11241100x8000000000000000341292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a688b6f9b599a9b2021-12-21 10:23:57.948root 11241100x8000000000000000341293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d25a6b7847eeec2021-12-21 10:23:57.948root 11241100x8000000000000000341294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff9b2964e4dff6b2021-12-21 10:23:57.948root 11241100x8000000000000000341295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df231b143b2897a52021-12-21 10:23:57.948root 11241100x8000000000000000341296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c2cc5efa2ebdf62021-12-21 10:23:57.948root 11241100x8000000000000000341297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab512c4b9e97aa6b2021-12-21 10:23:57.948root 11241100x8000000000000000341298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1a68fafd59ad3e2021-12-21 10:23:57.949root 11241100x8000000000000000341299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5adf4b8fdc8c064d2021-12-21 10:23:57.949root 11241100x8000000000000000341300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686c8462928a16492021-12-21 10:23:57.949root 11241100x8000000000000000341301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b128dc3fe379b4bd2021-12-21 10:23:58.443root 11241100x8000000000000000341302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e644967fa793d8b2021-12-21 10:23:58.443root 11241100x8000000000000000341303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9623809a306d640f2021-12-21 10:23:58.443root 11241100x8000000000000000341304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b11fda0119a91f92021-12-21 10:23:58.443root 11241100x8000000000000000341305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c293aae986ab8a2f2021-12-21 10:23:58.444root 11241100x8000000000000000341306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd637155d9d90712021-12-21 10:23:58.444root 11241100x8000000000000000341307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d96442a063f09d2021-12-21 10:23:58.444root 11241100x8000000000000000341308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c65a6579e13d3c42021-12-21 10:23:58.444root 11241100x8000000000000000341309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f83a8dcba4634e12021-12-21 10:23:58.444root 11241100x8000000000000000341310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b859dafed1b52da42021-12-21 10:23:58.445root 11241100x8000000000000000341311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45b717786f902312021-12-21 10:23:58.445root 11241100x8000000000000000341312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c51eb92909927702021-12-21 10:23:58.445root 11241100x8000000000000000341313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f0d1f8ff33fa592021-12-21 10:23:58.445root 11241100x8000000000000000341314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d30c80c92ffc60d2021-12-21 10:23:58.445root 11241100x8000000000000000341315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6793abf0bc70b3f52021-12-21 10:23:58.446root 11241100x8000000000000000341316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517956760a69cde52021-12-21 10:23:58.446root 11241100x8000000000000000341317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00ff1de628b1eb12021-12-21 10:23:58.446root 11241100x8000000000000000341318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1b826cd37d7ae62021-12-21 10:23:58.446root 11241100x8000000000000000341319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b557e0719276c0372021-12-21 10:23:58.446root 11241100x8000000000000000341320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825f8837aa3345512021-12-21 10:23:58.447root 11241100x8000000000000000341321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a92c033c00305a92021-12-21 10:23:58.447root 11241100x8000000000000000341322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae20b2b0fe3478342021-12-21 10:23:58.447root 11241100x8000000000000000341323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7655f8e9bcbf4352021-12-21 10:23:58.447root 11241100x8000000000000000341324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c861a075e92caf2021-12-21 10:23:58.447root 11241100x8000000000000000341325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77270e40b663e932021-12-21 10:23:58.447root 11241100x8000000000000000341326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eae5d978d4ca8df2021-12-21 10:23:58.448root 11241100x8000000000000000341327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783b1735155fedef2021-12-21 10:23:58.448root 11241100x8000000000000000341328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2715e99e69673aa52021-12-21 10:23:58.448root 11241100x8000000000000000341329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c590ed4bb80a924c2021-12-21 10:23:58.448root 11241100x8000000000000000341330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b58ea7a067cd8552021-12-21 10:23:58.449root 11241100x8000000000000000341331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297ecb60fee650812021-12-21 10:23:58.449root 11241100x8000000000000000341332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bdef2774d302052021-12-21 10:23:58.449root 11241100x8000000000000000341333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c7b2237a80fa5c2021-12-21 10:23:58.449root 11241100x8000000000000000341334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e59f51dd021567c2021-12-21 10:23:58.449root 11241100x8000000000000000341335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370f035ac867afee2021-12-21 10:23:58.449root 11241100x8000000000000000341336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9dcab70a0f2cecb2021-12-21 10:23:58.450root 11241100x8000000000000000341337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa110985ef71f512021-12-21 10:23:58.450root 11241100x8000000000000000341338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152de40287eb50002021-12-21 10:23:58.450root 11241100x8000000000000000341339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0071e79b3231c4a2021-12-21 10:23:58.450root 11241100x8000000000000000341340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6516c44088a346fa2021-12-21 10:23:58.450root 11241100x8000000000000000341341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d42bbd287c4f4322021-12-21 10:23:58.450root 11241100x8000000000000000341342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a5da456e068f302021-12-21 10:23:58.450root 11241100x8000000000000000341343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318f5e47c050bfa92021-12-21 10:23:58.450root 11241100x8000000000000000341344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c7c806db773b062021-12-21 10:23:58.451root 11241100x8000000000000000341345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1d05a0d2ec4aba2021-12-21 10:23:58.451root 11241100x8000000000000000341346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a58976e633bc302021-12-21 10:23:58.451root 11241100x8000000000000000341347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4528a1b6c5c3a32021-12-21 10:23:58.451root 11241100x8000000000000000341348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2b39a2051df2c82021-12-21 10:23:58.451root 11241100x8000000000000000341349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb03fa7562d114d12021-12-21 10:23:58.451root 11241100x8000000000000000341350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5608d6955dc7492021-12-21 10:23:58.943root 11241100x8000000000000000341351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a0ad8fa551b6e92021-12-21 10:23:58.943root 11241100x8000000000000000341352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57317816a032afc2021-12-21 10:23:58.943root 11241100x8000000000000000341353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5335aa5c8a3459e2021-12-21 10:23:58.943root 11241100x8000000000000000341354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7016f4e3c48d042021-12-21 10:23:58.943root 11241100x8000000000000000341355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4217f5ea22a649212021-12-21 10:23:58.944root 11241100x8000000000000000341356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a498856811b2ee3c2021-12-21 10:23:58.944root 11241100x8000000000000000341357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327b92aa0024c8812021-12-21 10:23:58.944root 11241100x8000000000000000341358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0594cce30336f47c2021-12-21 10:23:58.944root 11241100x8000000000000000341359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa5e0991ef3583a2021-12-21 10:23:58.944root 11241100x8000000000000000341360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49365aad61f92062021-12-21 10:23:58.944root 11241100x8000000000000000341361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591ccb26708b2c8d2021-12-21 10:23:58.944root 11241100x8000000000000000341362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.043bceba742153f02021-12-21 10:23:58.945root 11241100x8000000000000000341363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ccd1f014a1187b2021-12-21 10:23:58.945root 11241100x8000000000000000341364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952d8f2e99760bc62021-12-21 10:23:58.945root 11241100x8000000000000000341365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f2f079ab6c14672021-12-21 10:23:58.945root 11241100x8000000000000000341366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6292c388818742d52021-12-21 10:23:58.945root 11241100x8000000000000000341367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b937b7d3023fa732021-12-21 10:23:58.945root 11241100x8000000000000000341368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b7dc10b31dbd8c2021-12-21 10:23:58.945root 11241100x8000000000000000341369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5404aead0b691e2021-12-21 10:23:58.945root 11241100x8000000000000000341370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d207d66cb9674212021-12-21 10:23:58.946root 11241100x8000000000000000341371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b999cb79e6303e072021-12-21 10:23:58.946root 11241100x8000000000000000341372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e61e2afef87bb822021-12-21 10:23:58.946root 11241100x8000000000000000341373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8deb7e5cb8ab21392021-12-21 10:23:58.946root 11241100x8000000000000000341374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4065a4c5235f6b682021-12-21 10:23:58.946root 11241100x8000000000000000341375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38dd567ac8d2980c2021-12-21 10:23:58.946root 11241100x8000000000000000341376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd597c038273b512021-12-21 10:23:58.946root 11241100x8000000000000000341377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316089d651a046652021-12-21 10:23:58.946root 11241100x8000000000000000341378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49322fee21af73052021-12-21 10:23:58.946root 11241100x8000000000000000341379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab011372423ae5442021-12-21 10:23:58.946root 11241100x8000000000000000341380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2c17205ebaeb802021-12-21 10:23:58.946root 11241100x8000000000000000341381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a75c4f0306153a2021-12-21 10:23:58.946root 11241100x8000000000000000341382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc99b4d6e8e19c692021-12-21 10:23:58.946root 11241100x8000000000000000341383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9257b75e88988ea2021-12-21 10:23:58.946root 11241100x8000000000000000341384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd8dcca7fc989da2021-12-21 10:23:58.947root 11241100x8000000000000000341385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ff061a7bb1f33d2021-12-21 10:23:58.947root 11241100x8000000000000000341386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e0d381847d8b112021-12-21 10:23:58.947root 11241100x8000000000000000341387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae06e87d493a06d2021-12-21 10:23:58.947root 11241100x8000000000000000341388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d183e1cbdc3a71c42021-12-21 10:23:58.947root 11241100x8000000000000000341389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006826dc3d82551a2021-12-21 10:23:58.947root 11241100x8000000000000000341390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaecb85b0fb086342021-12-21 10:23:58.947root 11241100x8000000000000000341391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d78efb215fb6122021-12-21 10:23:58.947root 11241100x8000000000000000341392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e329b6cdc163292021-12-21 10:23:58.947root 354300x8000000000000000341393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.238{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47042-false10.0.1.12-8000- 11241100x8000000000000000341394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9738c9a6780c2e892021-12-21 10:23:59.239root 11241100x8000000000000000341395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f28b2347e44c0072021-12-21 10:23:59.239root 11241100x8000000000000000341396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d60cbe14becec82021-12-21 10:23:59.239root 11241100x8000000000000000341397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5b0cb7fd9a9b132021-12-21 10:23:59.239root 11241100x8000000000000000341398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8591ae571baef5612021-12-21 10:23:59.240root 11241100x8000000000000000341399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a472ae6847a45efb2021-12-21 10:23:59.240root 11241100x8000000000000000341400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8298f13e2f106962021-12-21 10:23:59.240root 11241100x8000000000000000341401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42980128fa930f02021-12-21 10:23:59.240root 11241100x8000000000000000341402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5251ee058d2048ca2021-12-21 10:23:59.240root 11241100x8000000000000000341403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4892a52728cb14832021-12-21 10:23:59.240root 11241100x8000000000000000341404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a9fe4dbce6dc522021-12-21 10:23:59.240root 11241100x8000000000000000341405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3039fd06371b97e52021-12-21 10:23:59.240root 11241100x8000000000000000341406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d61abaee02ddf07f2021-12-21 10:23:59.241root 11241100x8000000000000000341407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2b9bb21cc5bdc32021-12-21 10:23:59.241root 11241100x8000000000000000341408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98bcce7371b0ddf22021-12-21 10:23:59.241root 11241100x8000000000000000341409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875daff9ec57c2b82021-12-21 10:23:59.241root 11241100x8000000000000000341410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c61177690cf8b942021-12-21 10:23:59.241root 11241100x8000000000000000341411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703a2194043e508a2021-12-21 10:23:59.241root 11241100x8000000000000000341412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbcadc4bb0c2f132021-12-21 10:23:59.241root 11241100x8000000000000000341413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0858352ecc1f3622021-12-21 10:23:59.242root 11241100x8000000000000000341414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9adcaa02a147302021-12-21 10:23:59.242root 11241100x8000000000000000341415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7797d22399a6282021-12-21 10:23:59.242root 11241100x8000000000000000341416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d05243c89e1c0e2021-12-21 10:23:59.242root 11241100x8000000000000000341417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97b044e85eb84a82021-12-21 10:23:59.242root 11241100x8000000000000000341418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9c1209e4f0e6872021-12-21 10:23:59.242root 11241100x8000000000000000341419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92bfc522bb50f2d2021-12-21 10:23:59.242root 11241100x8000000000000000341420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ae91e02e08a6d02021-12-21 10:23:59.243root 11241100x8000000000000000341421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568f9cfc9ad50f332021-12-21 10:23:59.243root 11241100x8000000000000000341422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d370ba9d7b031212021-12-21 10:23:59.244root 11241100x8000000000000000341423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8bc5e17638bbee2021-12-21 10:23:59.244root 11241100x8000000000000000341424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e5ab49112816922021-12-21 10:23:59.244root 11241100x8000000000000000341425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c134589dbb96664c2021-12-21 10:23:59.245root 11241100x8000000000000000341426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770ef3a914f2264a2021-12-21 10:23:59.245root 11241100x8000000000000000341427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014cfe592755ff012021-12-21 10:23:59.245root 11241100x8000000000000000341428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dbffe8cff537c0a2021-12-21 10:23:59.245root 11241100x8000000000000000341429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1fd81988d6a9f3c2021-12-21 10:23:59.245root 11241100x8000000000000000341430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d790045576c729072021-12-21 10:23:59.246root 11241100x8000000000000000341431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ba54ffc71df64d2021-12-21 10:23:59.247root 11241100x8000000000000000341432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01118f49bd284e462021-12-21 10:23:59.247root 11241100x8000000000000000341433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dccfd4436f0c4f882021-12-21 10:23:59.247root 11241100x8000000000000000341434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e79492ec8853142021-12-21 10:23:59.247root 11241100x8000000000000000341435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edaf04d5fbf10b132021-12-21 10:23:59.247root 11241100x8000000000000000341436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b17bb6afb524c692021-12-21 10:23:59.247root 11241100x8000000000000000341437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd2e42e1eddd5762021-12-21 10:23:59.247root 11241100x8000000000000000341438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ef2964cf9256412021-12-21 10:23:59.247root 11241100x8000000000000000341439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f578b385e1a8582021-12-21 10:23:59.248root 11241100x8000000000000000341440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760f39b0cdd058f72021-12-21 10:23:59.248root 11241100x8000000000000000341441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f34fe49270ea4152021-12-21 10:23:59.248root 11241100x8000000000000000341442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0edb4471c2281052021-12-21 10:23:59.248root 11241100x8000000000000000341443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e09ca665c3e0e222021-12-21 10:23:59.248root 11241100x8000000000000000341444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a352862dc1d6f92021-12-21 10:23:59.248root 11241100x8000000000000000341445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca01d777bddca322021-12-21 10:23:59.248root 11241100x8000000000000000341446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6139feaf265e56072021-12-21 10:23:59.248root 11241100x8000000000000000341447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f461bc45b4a9d5a62021-12-21 10:23:59.248root 11241100x8000000000000000341448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e032316dec60af2021-12-21 10:23:59.248root 11241100x8000000000000000341449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f1669286d02dc42021-12-21 10:23:59.248root 11241100x8000000000000000341450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7fbf88ab5c993102021-12-21 10:23:59.249root 11241100x8000000000000000341451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b60718b2712d7562021-12-21 10:23:59.249root 11241100x8000000000000000341452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48252dc6543a41572021-12-21 10:23:59.249root 11241100x8000000000000000341453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01eafa888426c6982021-12-21 10:23:59.249root 11241100x8000000000000000341454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e223d1b7eaf13672021-12-21 10:23:59.249root 11241100x8000000000000000341455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29e5ee2502122bf2021-12-21 10:23:59.249root 11241100x8000000000000000341456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c33ab879f2e57c2021-12-21 10:23:59.249root 11241100x8000000000000000341457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940d643a89931f942021-12-21 10:23:59.249root 11241100x8000000000000000341458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539dfcc3cf2ed2042021-12-21 10:23:59.249root 11241100x8000000000000000341459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0366b2278eb84932021-12-21 10:23:59.249root 11241100x8000000000000000341460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a43098c8255a8522021-12-21 10:23:59.249root 11241100x8000000000000000341461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a327d8f6d1d5d552021-12-21 10:23:59.693root 11241100x8000000000000000341462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f65b72968a88ba2021-12-21 10:23:59.694root 11241100x8000000000000000341463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81468afecf924322021-12-21 10:23:59.694root 11241100x8000000000000000341464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a60a2fb986196e12021-12-21 10:23:59.694root 11241100x8000000000000000341465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a937d98ec9831c72021-12-21 10:23:59.694root 11241100x8000000000000000341466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625bcec2125bc0ee2021-12-21 10:23:59.695root 11241100x8000000000000000341467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837b653aec7f458d2021-12-21 10:23:59.695root 11241100x8000000000000000341468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f8f595af4d6ecc2021-12-21 10:23:59.695root 11241100x8000000000000000341469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde168dd9a8374f32021-12-21 10:23:59.695root 11241100x8000000000000000341470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a846eb3e5c1db6ad2021-12-21 10:23:59.696root 11241100x8000000000000000341471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147ca1379d626da92021-12-21 10:23:59.696root 11241100x8000000000000000341472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31988631cb00a9bf2021-12-21 10:23:59.696root 11241100x8000000000000000341473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdcad9e9d408558c2021-12-21 10:23:59.696root 11241100x8000000000000000341474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6c57eab0d066c12021-12-21 10:23:59.696root 11241100x8000000000000000341475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f1fc73dce6d00a2021-12-21 10:23:59.696root 11241100x8000000000000000341476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d924cfce7549225e2021-12-21 10:23:59.697root 11241100x8000000000000000341477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede29670318164992021-12-21 10:23:59.697root 11241100x8000000000000000341478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f89d6f5c7bb37cc2021-12-21 10:23:59.697root 11241100x8000000000000000341479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d324c27d8c0180172021-12-21 10:23:59.697root 11241100x8000000000000000341480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49ddc49e7bcf6a72021-12-21 10:23:59.697root 11241100x8000000000000000341481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d126b9b1f65aae62021-12-21 10:23:59.697root 11241100x8000000000000000341482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e66b043145e81542021-12-21 10:23:59.697root 11241100x8000000000000000341483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7039936f69e575272021-12-21 10:23:59.698root 11241100x8000000000000000341484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa02a64bf527d3ff2021-12-21 10:23:59.698root 11241100x8000000000000000341485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fbc2a7cf393a242021-12-21 10:23:59.698root 11241100x8000000000000000341486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309f238316e94ce42021-12-21 10:23:59.698root 11241100x8000000000000000341487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b42f87146d7aa152021-12-21 10:23:59.698root 11241100x8000000000000000341488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee09ab29e0283e222021-12-21 10:23:59.699root 11241100x8000000000000000341489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d338fb4818cc2ad72021-12-21 10:23:59.699root 11241100x8000000000000000341490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f2f2797b8aadae2021-12-21 10:23:59.699root 11241100x8000000000000000341491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491ecbbf59e8e2002021-12-21 10:23:59.699root 11241100x8000000000000000341492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574b4227038a52842021-12-21 10:23:59.699root 11241100x8000000000000000341493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4f04753deca4e82021-12-21 10:23:59.699root 11241100x8000000000000000341494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3158b00365043b2021-12-21 10:23:59.700root 11241100x8000000000000000341495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcab1408fa9acede2021-12-21 10:23:59.700root 11241100x8000000000000000341496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f716855ac271f3592021-12-21 10:23:59.700root 11241100x8000000000000000341497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78bcf63ef9a615e2021-12-21 10:23:59.700root 11241100x8000000000000000341498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630db787dc06997c2021-12-21 10:23:59.700root 11241100x8000000000000000341499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3acd3c6c3d43efd82021-12-21 10:23:59.700root 11241100x8000000000000000341500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea24c8698a5e49e2021-12-21 10:23:59.700root 11241100x8000000000000000341501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314ee6f293fb82ff2021-12-21 10:23:59.701root 11241100x8000000000000000341502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:23:59.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3af2ed7ef571352021-12-21 10:23:59.701root 11241100x8000000000000000341503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28e42a11a2428992021-12-21 10:24:00.193root 11241100x8000000000000000341504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad63e385316971b52021-12-21 10:24:00.193root 11241100x8000000000000000341505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b1853bd8b551f62021-12-21 10:24:00.193root 11241100x8000000000000000341506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efadf53350c712ea2021-12-21 10:24:00.193root 11241100x8000000000000000341507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1856a0326e60b392021-12-21 10:24:00.193root 11241100x8000000000000000341508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba236d95de8ca3c82021-12-21 10:24:00.193root 11241100x8000000000000000341509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6e3422277a0be82021-12-21 10:24:00.193root 11241100x8000000000000000341510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2931d3571ea379b2021-12-21 10:24:00.194root 11241100x8000000000000000341511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5bfd0d27a2f054e2021-12-21 10:24:00.194root 11241100x8000000000000000341512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb44591b48694ad42021-12-21 10:24:00.194root 11241100x8000000000000000341513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5d062e7e9559452021-12-21 10:24:00.194root 11241100x8000000000000000341514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c994e8244127242021-12-21 10:24:00.195root 11241100x8000000000000000341515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06acbd40dcd134f02021-12-21 10:24:00.195root 11241100x8000000000000000341516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ff60735a8b89612021-12-21 10:24:00.195root 11241100x8000000000000000341517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4daf50e7ff0366322021-12-21 10:24:00.196root 11241100x8000000000000000341518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc55328d77c8ab632021-12-21 10:24:00.196root 11241100x8000000000000000341519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad464075605e1b6c2021-12-21 10:24:00.196root 11241100x8000000000000000341520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8238002f5566f32021-12-21 10:24:00.197root 11241100x8000000000000000341521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ce10a0a8e236282021-12-21 10:24:00.197root 11241100x8000000000000000341522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecf0c884149de472021-12-21 10:24:00.197root 11241100x8000000000000000341523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172da2a0e77f29242021-12-21 10:24:00.198root 11241100x8000000000000000341524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60da2f5158bef8d82021-12-21 10:24:00.198root 11241100x8000000000000000341525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bd5836edb701652021-12-21 10:24:00.198root 11241100x8000000000000000341526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40cd5bd7cdfbd0d2021-12-21 10:24:00.199root 11241100x8000000000000000341527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de0da46d8a8b8972021-12-21 10:24:00.199root 11241100x8000000000000000341528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55505f644bc87e92021-12-21 10:24:00.200root 11241100x8000000000000000341529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2dca209096035e32021-12-21 10:24:00.201root 11241100x8000000000000000341530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5921ef54f3271c2021-12-21 10:24:00.201root 11241100x8000000000000000341531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5752a4f9683e3f2021-12-21 10:24:00.201root 11241100x8000000000000000341532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072e3f865e2faed52021-12-21 10:24:00.202root 11241100x8000000000000000341533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518fb29c384092d42021-12-21 10:24:00.202root 11241100x8000000000000000341534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98cc4bc1414a8c7e2021-12-21 10:24:00.202root 11241100x8000000000000000341535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af05bfac10e49c92021-12-21 10:24:00.203root 11241100x8000000000000000341536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb584aa1d1ac0942021-12-21 10:24:00.203root 11241100x8000000000000000341537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64db0bbf2e7e7f3f2021-12-21 10:24:00.204root 11241100x8000000000000000341538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261adb0207e975942021-12-21 10:24:00.204root 11241100x8000000000000000341539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6ca492b8cdecfb2021-12-21 10:24:00.204root 11241100x8000000000000000341540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df2b008baf96b092021-12-21 10:24:00.205root 11241100x8000000000000000341541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2fe25a48a552ef2021-12-21 10:24:00.205root 11241100x8000000000000000341542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f6d1493c56fe242021-12-21 10:24:00.205root 11241100x8000000000000000341543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f2492909c4295a2021-12-21 10:24:00.206root 11241100x8000000000000000341544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7445ecb16199b92021-12-21 10:24:00.206root 11241100x8000000000000000341545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0d500e8733aebb2021-12-21 10:24:00.207root 11241100x8000000000000000341546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7067a7da58cd5a2021-12-21 10:24:00.207root 11241100x8000000000000000341547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d94e5169a10db102021-12-21 10:24:00.207root 11241100x8000000000000000341548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae767812debeb1c2021-12-21 10:24:00.208root 11241100x8000000000000000341549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433242a606dcb6702021-12-21 10:24:00.208root 11241100x8000000000000000341550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3324d2bea2b7312021-12-21 10:24:00.208root 11241100x8000000000000000341551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b43c62753c28bdb2021-12-21 10:24:00.208root 11241100x8000000000000000341552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543c0e46943fe70e2021-12-21 10:24:00.209root 11241100x8000000000000000341553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1362a66d85445202021-12-21 10:24:00.209root 11241100x8000000000000000341554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f323bc8f0d34382021-12-21 10:24:00.693root 11241100x8000000000000000341555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f576e3d7895d4b2021-12-21 10:24:00.693root 11241100x8000000000000000341556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199028231e69f7a02021-12-21 10:24:00.693root 11241100x8000000000000000341557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8638b84c31270c72021-12-21 10:24:00.694root 11241100x8000000000000000341558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760ce117538cbf672021-12-21 10:24:00.694root 11241100x8000000000000000341559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7106afa93c36af62021-12-21 10:24:00.694root 11241100x8000000000000000341560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bac0824f7adab262021-12-21 10:24:00.695root 11241100x8000000000000000341561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad7b247c469a9ac2021-12-21 10:24:00.695root 11241100x8000000000000000341562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b694886df7b154d72021-12-21 10:24:00.695root 11241100x8000000000000000341563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a76cc977bc34e49e2021-12-21 10:24:00.695root 11241100x8000000000000000341564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9318931af8a315812021-12-21 10:24:00.696root 11241100x8000000000000000341565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3cad7018520ff462021-12-21 10:24:00.696root 11241100x8000000000000000341566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395580e33469ec992021-12-21 10:24:00.696root 11241100x8000000000000000341567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff22dd87d5baa232021-12-21 10:24:00.697root 11241100x8000000000000000341568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc03f5385687415e2021-12-21 10:24:00.697root 11241100x8000000000000000341569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dcbf9ea7185d4392021-12-21 10:24:00.697root 11241100x8000000000000000341570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb45a4f9db0b2342021-12-21 10:24:00.697root 11241100x8000000000000000341571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e425d3f433ec632021-12-21 10:24:00.698root 11241100x8000000000000000341572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935f575a99a18a2b2021-12-21 10:24:00.698root 11241100x8000000000000000341573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0d2fe64bc087b32021-12-21 10:24:00.698root 11241100x8000000000000000341574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acdcd31b15c0fbb22021-12-21 10:24:00.698root 11241100x8000000000000000341575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9e9ad150fdd1d12021-12-21 10:24:00.699root 11241100x8000000000000000341576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476486180dc4e15c2021-12-21 10:24:00.699root 11241100x8000000000000000341577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2181d64d20f8e0f2021-12-21 10:24:00.699root 11241100x8000000000000000341578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747a2aa09a2abd8e2021-12-21 10:24:00.699root 11241100x8000000000000000341579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5436ec99a0ccbe572021-12-21 10:24:00.700root 11241100x8000000000000000341580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86a9212dd80ba6d2021-12-21 10:24:00.700root 11241100x8000000000000000341581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb4e6374c8887d42021-12-21 10:24:00.700root 11241100x8000000000000000341582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c72a3426f96fcd82021-12-21 10:24:00.701root 11241100x8000000000000000341583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6978fb591e85d9c2021-12-21 10:24:00.701root 11241100x8000000000000000341584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8ace935f43374f2021-12-21 10:24:00.701root 11241100x8000000000000000341585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dea2896219c34952021-12-21 10:24:00.701root 11241100x8000000000000000341586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e841e61173c06d602021-12-21 10:24:00.702root 11241100x8000000000000000341587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8bb9634bae894c92021-12-21 10:24:00.702root 11241100x8000000000000000341588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9cc7c7b3aba6ce2021-12-21 10:24:00.702root 11241100x8000000000000000341589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9eb7c8f27c9a452021-12-21 10:24:00.702root 11241100x8000000000000000341590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21d75c3285396f42021-12-21 10:24:00.703root 11241100x8000000000000000341591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abdf716e25ae9f42021-12-21 10:24:00.703root 11241100x8000000000000000341592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865ef04f4625302b2021-12-21 10:24:00.703root 11241100x8000000000000000341593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20442ae1632d1f92021-12-21 10:24:00.703root 11241100x8000000000000000341594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588f6e0aa0fa739a2021-12-21 10:24:00.704root 11241100x8000000000000000341595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378b54c2a3f846db2021-12-21 10:24:00.704root 11241100x8000000000000000341596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5a9e538577ad4c2021-12-21 10:24:00.704root 11241100x8000000000000000341597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee767a0ee00cbdbc2021-12-21 10:24:00.704root 11241100x8000000000000000341598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:00.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77144bf67d40cc652021-12-21 10:24:00.704root 11241100x8000000000000000341599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e685d5a6ca844c2021-12-21 10:24:01.192root 11241100x8000000000000000341600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830beae93f182fab2021-12-21 10:24:01.193root 11241100x8000000000000000341601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f195a9b73a22f92021-12-21 10:24:01.193root 11241100x8000000000000000341602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9571d4bd25a4149c2021-12-21 10:24:01.193root 11241100x8000000000000000341603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1491a0595bdc7f5f2021-12-21 10:24:01.193root 11241100x8000000000000000341604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a86fb948f89d4a2021-12-21 10:24:01.193root 11241100x8000000000000000341605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.102f0c45423f01582021-12-21 10:24:01.194root 11241100x8000000000000000341606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902524e116989a442021-12-21 10:24:01.194root 11241100x8000000000000000341607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b8ce316dc7485e2021-12-21 10:24:01.194root 11241100x8000000000000000341608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c3f17f0469bf222021-12-21 10:24:01.194root 11241100x8000000000000000341609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0db64aa3935f6d72021-12-21 10:24:01.194root 11241100x8000000000000000341610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93762ca4c2bed67a2021-12-21 10:24:01.194root 11241100x8000000000000000341611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e4a5a0e13c66262021-12-21 10:24:01.195root 11241100x8000000000000000341612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a939676c2dde852021-12-21 10:24:01.195root 11241100x8000000000000000341613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd6a309207fa1ec2021-12-21 10:24:01.195root 11241100x8000000000000000341614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d959fd5ff60d42aa2021-12-21 10:24:01.195root 11241100x8000000000000000341615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4f3d12133bf2a22021-12-21 10:24:01.195root 11241100x8000000000000000341616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d075b2838f75732021-12-21 10:24:01.195root 11241100x8000000000000000341617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057ede3419aac9042021-12-21 10:24:01.196root 11241100x8000000000000000341618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3753b266878d95b2021-12-21 10:24:01.196root 11241100x8000000000000000341619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54a050b110451dd2021-12-21 10:24:01.197root 11241100x8000000000000000341620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9a193869bf6aba2021-12-21 10:24:01.199root 11241100x8000000000000000341621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c3086f569a75942021-12-21 10:24:01.199root 11241100x8000000000000000341622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c967b513982d701c2021-12-21 10:24:01.200root 11241100x8000000000000000341623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1d23183635d1052021-12-21 10:24:01.200root 11241100x8000000000000000341624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5238467b77c758252021-12-21 10:24:01.200root 11241100x8000000000000000341625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1e846081e8aa1d2021-12-21 10:24:01.200root 11241100x8000000000000000341626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405525e58783745a2021-12-21 10:24:01.200root 11241100x8000000000000000341627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bff81d0226f87e62021-12-21 10:24:01.201root 11241100x8000000000000000341628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c12ac55b5edf8f12021-12-21 10:24:01.201root 11241100x8000000000000000341629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ac914736fd1cad2021-12-21 10:24:01.202root 11241100x8000000000000000341630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800e7762c1aebee72021-12-21 10:24:01.202root 11241100x8000000000000000341631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f53371371d25b302021-12-21 10:24:01.202root 11241100x8000000000000000341632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50aa8fd9d8359dc22021-12-21 10:24:01.202root 11241100x8000000000000000341633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ecc83201bf6ab12021-12-21 10:24:01.202root 11241100x8000000000000000341634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba04a1a4deada4c82021-12-21 10:24:01.203root 11241100x8000000000000000341635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807b6dba29d800c92021-12-21 10:24:01.203root 11241100x8000000000000000341636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b08f75c08cb16c72021-12-21 10:24:01.203root 11241100x8000000000000000341637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5a8a138e8e361c2021-12-21 10:24:01.203root 11241100x8000000000000000341638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2767533c95be1002021-12-21 10:24:01.203root 11241100x8000000000000000341639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823f817ab8b6eedb2021-12-21 10:24:01.203root 11241100x8000000000000000341640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e351484d92b9b4362021-12-21 10:24:01.203root 11241100x8000000000000000341641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d7b0ee1d3b756e2021-12-21 10:24:01.204root 11241100x8000000000000000341642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817c807e16accc892021-12-21 10:24:01.204root 11241100x8000000000000000341643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a18581bea9168702021-12-21 10:24:01.205root 11241100x8000000000000000341644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf2d1640e1200d42021-12-21 10:24:01.205root 11241100x8000000000000000341645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3a62aa44a3e37e2021-12-21 10:24:01.205root 11241100x8000000000000000341646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ecf6b671ed45fd12021-12-21 10:24:01.205root 11241100x8000000000000000341647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf970584c85e61b2021-12-21 10:24:01.205root 11241100x8000000000000000341648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26df6fdf2396b35e2021-12-21 10:24:01.205root 11241100x8000000000000000341649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5dd4c92652476312021-12-21 10:24:01.206root 11241100x8000000000000000341650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1041290ad12a29cb2021-12-21 10:24:01.206root 11241100x8000000000000000341651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a92d29b4c916c82021-12-21 10:24:01.693root 11241100x8000000000000000341652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b1edf9c7b6f2d52021-12-21 10:24:01.694root 11241100x8000000000000000341653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f205b916697efd352021-12-21 10:24:01.694root 11241100x8000000000000000341654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4885c60a26cb182021-12-21 10:24:01.694root 11241100x8000000000000000341655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415b09d1a11497282021-12-21 10:24:01.694root 11241100x8000000000000000341656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63168c5c2e6aa53a2021-12-21 10:24:01.695root 11241100x8000000000000000341657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263efb06a400a6b52021-12-21 10:24:01.695root 11241100x8000000000000000341658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f5200fde7c0ed72021-12-21 10:24:01.695root 11241100x8000000000000000341659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75dc77f6e4248a8c2021-12-21 10:24:01.695root 11241100x8000000000000000341660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9067e3b3b5a7f66e2021-12-21 10:24:01.696root 11241100x8000000000000000341661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cb9e1fb28b7a862021-12-21 10:24:01.696root 11241100x8000000000000000341662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c25a4dce52a588c2021-12-21 10:24:01.696root 11241100x8000000000000000341663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d39da9d71005f062021-12-21 10:24:01.697root 11241100x8000000000000000341664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecf7d1859c32d862021-12-21 10:24:01.697root 11241100x8000000000000000341665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8acd2c52fe22efb12021-12-21 10:24:01.697root 11241100x8000000000000000341666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.668bc8ccc8382ae82021-12-21 10:24:01.698root 11241100x8000000000000000341667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178f2c65eafea64a2021-12-21 10:24:01.698root 11241100x8000000000000000341668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ab8dbfbfd0753b2021-12-21 10:24:01.698root 11241100x8000000000000000341669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68a268753dd1a382021-12-21 10:24:01.698root 11241100x8000000000000000341670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5215ecdd93570c632021-12-21 10:24:01.699root 11241100x8000000000000000341671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb4b579fcac6fa12021-12-21 10:24:01.699root 11241100x8000000000000000341672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f05114fd33343102021-12-21 10:24:01.699root 11241100x8000000000000000341673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7392e4dfe96f94a2021-12-21 10:24:01.699root 11241100x8000000000000000341674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a011f2b8c981342021-12-21 10:24:01.700root 11241100x8000000000000000341675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd880ab98b4814132021-12-21 10:24:01.700root 11241100x8000000000000000341676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca784c4e7979d932021-12-21 10:24:01.700root 11241100x8000000000000000341677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b34c91a00c08332021-12-21 10:24:01.701root 11241100x8000000000000000341678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535ed2c42c3325aa2021-12-21 10:24:01.701root 11241100x8000000000000000341679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626860786b1471872021-12-21 10:24:01.701root 11241100x8000000000000000341680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a57292f3159a3282021-12-21 10:24:01.701root 11241100x8000000000000000341681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1c07f1d21ae5442021-12-21 10:24:01.702root 11241100x8000000000000000341682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6deddfab2e0a5ec62021-12-21 10:24:01.702root 11241100x8000000000000000341683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ad9653a570f8fb2021-12-21 10:24:01.702root 11241100x8000000000000000341684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e73ba2c285243e72021-12-21 10:24:01.702root 11241100x8000000000000000341685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3856b1c10c61832021-12-21 10:24:01.703root 11241100x8000000000000000341686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41a5836af64b82e2021-12-21 10:24:01.703root 11241100x8000000000000000341687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8946ea8cd831ff832021-12-21 10:24:01.703root 11241100x8000000000000000341688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97198f48079640c82021-12-21 10:24:01.703root 11241100x8000000000000000341689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c34818c1810f182021-12-21 10:24:01.703root 11241100x8000000000000000341690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227f709753dfc3132021-12-21 10:24:01.704root 11241100x8000000000000000341691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe08498dae64c582021-12-21 10:24:01.704root 11241100x8000000000000000341692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526e6746383c5ba62021-12-21 10:24:01.704root 11241100x8000000000000000341693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70bf80dda8849942021-12-21 10:24:01.704root 11241100x8000000000000000341694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:01.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36d6ea4d057c1052021-12-21 10:24:01.704root 11241100x8000000000000000341695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c8add539eb3c252021-12-21 10:24:02.193root 11241100x8000000000000000341696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753c479cf8be66962021-12-21 10:24:02.193root 11241100x8000000000000000341697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cff3fdfb6e552a52021-12-21 10:24:02.193root 11241100x8000000000000000341698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abcc884776747732021-12-21 10:24:02.193root 11241100x8000000000000000341699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56dae525e302db752021-12-21 10:24:02.193root 11241100x8000000000000000341700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dde0b4897c1caa62021-12-21 10:24:02.194root 11241100x8000000000000000341701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131b2e4d6706336e2021-12-21 10:24:02.194root 11241100x8000000000000000341702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b1836e2da0ec8f2021-12-21 10:24:02.194root 11241100x8000000000000000341703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6828957473ee79322021-12-21 10:24:02.194root 11241100x8000000000000000341704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58129a86b5d350fc2021-12-21 10:24:02.194root 11241100x8000000000000000341705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1393346e91d755992021-12-21 10:24:02.194root 11241100x8000000000000000341706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c773af60eb1830b82021-12-21 10:24:02.195root 11241100x8000000000000000341707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de74945b51962f82021-12-21 10:24:02.195root 11241100x8000000000000000341708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75f09a9516490db2021-12-21 10:24:02.195root 11241100x8000000000000000341709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ba4e5f57c7bc662021-12-21 10:24:02.195root 11241100x8000000000000000341710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa078b09c133748e2021-12-21 10:24:02.195root 11241100x8000000000000000341711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064ba4edbbab1a422021-12-21 10:24:02.195root 11241100x8000000000000000341712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02095b85db8720a12021-12-21 10:24:02.196root 11241100x8000000000000000341713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb42ea28622b39e92021-12-21 10:24:02.196root 11241100x8000000000000000341714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2789e7905082a01c2021-12-21 10:24:02.197root 11241100x8000000000000000341715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5c5f198f901fb52021-12-21 10:24:02.197root 11241100x8000000000000000341716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0544bd5214872ca2021-12-21 10:24:02.197root 11241100x8000000000000000341717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5764ac415ac980352021-12-21 10:24:02.197root 11241100x8000000000000000341718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560a1ae31482326c2021-12-21 10:24:02.197root 11241100x8000000000000000341719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1ed233f6311b122021-12-21 10:24:02.197root 11241100x8000000000000000341720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ffafd30b749c702021-12-21 10:24:02.197root 11241100x8000000000000000341721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b28fbd39904bbd2021-12-21 10:24:02.198root 11241100x8000000000000000341722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f6b88f85c643b92021-12-21 10:24:02.198root 11241100x8000000000000000341723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd9c0176f794fa62021-12-21 10:24:02.198root 11241100x8000000000000000341724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99e350b78ee1a2f2021-12-21 10:24:02.198root 11241100x8000000000000000341725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc483f5f07eb5d92021-12-21 10:24:02.198root 11241100x8000000000000000341726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cda8da8020e8062021-12-21 10:24:02.198root 11241100x8000000000000000341727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c7e9136eeafa752021-12-21 10:24:02.199root 11241100x8000000000000000341728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac04e19c00adaf3e2021-12-21 10:24:02.199root 11241100x8000000000000000341729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f73dbd107d313f32021-12-21 10:24:02.199root 11241100x8000000000000000341730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365d25fffb5028472021-12-21 10:24:02.199root 11241100x8000000000000000341731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136add979c3749042021-12-21 10:24:02.199root 11241100x8000000000000000341732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18945eafee3dc3fa2021-12-21 10:24:02.199root 11241100x8000000000000000341733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7345cf52734c0ad2021-12-21 10:24:02.199root 11241100x8000000000000000341734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61aff2505244a16a2021-12-21 10:24:02.199root 11241100x8000000000000000341735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4499db05be1d7c32021-12-21 10:24:02.199root 11241100x8000000000000000341736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e27a6f01dbafec62021-12-21 10:24:02.199root 11241100x8000000000000000341737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756ae42d7920c42e2021-12-21 10:24:02.200root 11241100x8000000000000000341738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b29c9ff30b668e2021-12-21 10:24:02.200root 11241100x8000000000000000341739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea10df1a7bc9c9a2021-12-21 10:24:02.200root 11241100x8000000000000000341740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39fcbd4728708652021-12-21 10:24:02.200root 11241100x8000000000000000341741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c41bb2cc9342ca2021-12-21 10:24:02.200root 11241100x8000000000000000341742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf6f81c0ed7f9c12021-12-21 10:24:02.200root 11241100x8000000000000000341743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb7cebbce6a96102021-12-21 10:24:02.200root 11241100x8000000000000000341744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63947c2d7e165ec2021-12-21 10:24:02.200root 11241100x8000000000000000341745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662a3d0be42f38512021-12-21 10:24:02.201root 11241100x8000000000000000341746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7503ca42401652442021-12-21 10:24:02.693root 11241100x8000000000000000341747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee72cf173e7f91182021-12-21 10:24:02.693root 11241100x8000000000000000341748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96086ef3bf28ceb2021-12-21 10:24:02.694root 11241100x8000000000000000341749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65884f1b87e34be42021-12-21 10:24:02.694root 11241100x8000000000000000341750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c830a1b64e255c2021-12-21 10:24:02.694root 11241100x8000000000000000341751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3f48881180c4bc2021-12-21 10:24:02.694root 11241100x8000000000000000341752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713024f3872c0fc22021-12-21 10:24:02.694root 11241100x8000000000000000341753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ab69e1235549882021-12-21 10:24:02.695root 11241100x8000000000000000341754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f6222627d7ebc22021-12-21 10:24:02.695root 11241100x8000000000000000341755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b214814c537a8b252021-12-21 10:24:02.695root 11241100x8000000000000000341756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64583010ef6d4682021-12-21 10:24:02.695root 11241100x8000000000000000341757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9839eff362e2e302021-12-21 10:24:02.695root 11241100x8000000000000000341758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f068134bf0c7802021-12-21 10:24:02.696root 11241100x8000000000000000341759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1538a494b439ad2021-12-21 10:24:02.696root 11241100x8000000000000000341760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78321329dc4e9ccd2021-12-21 10:24:02.696root 11241100x8000000000000000341761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f73b62731b2d4b2021-12-21 10:24:02.696root 11241100x8000000000000000341762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382e3a6065481c902021-12-21 10:24:02.696root 11241100x8000000000000000341763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5491bcf2f960712021-12-21 10:24:02.696root 11241100x8000000000000000341764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0bf27f3f8e9d172021-12-21 10:24:02.696root 11241100x8000000000000000341765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae4ae598f60be4c2021-12-21 10:24:02.696root 11241100x8000000000000000341766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4236abc0902450f42021-12-21 10:24:02.696root 11241100x8000000000000000341767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7da0acea8aa5ba2021-12-21 10:24:02.696root 11241100x8000000000000000341768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d6867058d0674d2021-12-21 10:24:02.696root 11241100x8000000000000000341769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d42d6fadc4cf0952021-12-21 10:24:02.697root 11241100x8000000000000000341770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7014668390de3fbb2021-12-21 10:24:02.697root 11241100x8000000000000000341771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f8cbea76f611412021-12-21 10:24:02.697root 11241100x8000000000000000341772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707d5b789805283a2021-12-21 10:24:02.697root 11241100x8000000000000000341773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f21ae32328ad51d2021-12-21 10:24:02.697root 11241100x8000000000000000341774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442d5d33fa5634fc2021-12-21 10:24:02.697root 11241100x8000000000000000341775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50e6f2f3ef991d82021-12-21 10:24:02.697root 11241100x8000000000000000341776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60eea173bbda899d2021-12-21 10:24:02.700root 11241100x8000000000000000341777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62c72cac1f631772021-12-21 10:24:02.700root 11241100x8000000000000000341778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe286bab575904d2021-12-21 10:24:02.700root 11241100x8000000000000000341779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68fd73b44a7e80d2021-12-21 10:24:02.701root 11241100x8000000000000000341780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f1416f8138b5022021-12-21 10:24:02.701root 11241100x8000000000000000341781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c322522a650a5e2021-12-21 10:24:02.701root 11241100x8000000000000000341782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a30da1614c48482021-12-21 10:24:02.701root 11241100x8000000000000000341783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58d5dccdf047b832021-12-21 10:24:02.701root 11241100x8000000000000000341784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6120b57633eb32fe2021-12-21 10:24:02.701root 11241100x8000000000000000341785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b631b9bf96c0ce5a2021-12-21 10:24:02.701root 11241100x8000000000000000341786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98088899bbdd53d82021-12-21 10:24:02.701root 11241100x8000000000000000341787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a506a98982b1967f2021-12-21 10:24:02.702root 11241100x8000000000000000341788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20869bef7f756132021-12-21 10:24:02.702root 11241100x8000000000000000341789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c343ee3effb86582021-12-21 10:24:02.702root 11241100x8000000000000000341790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:02.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d9655fb7bf144e22021-12-21 10:24:02.702root 11241100x8000000000000000341791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc0c1acf9a9e96b2021-12-21 10:24:03.193root 11241100x8000000000000000341792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7662f306bfaf32ff2021-12-21 10:24:03.193root 11241100x8000000000000000341793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc4b1694c5047422021-12-21 10:24:03.193root 11241100x8000000000000000341794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb3f9068d14bce82021-12-21 10:24:03.194root 11241100x8000000000000000341795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb49bcc056ed42642021-12-21 10:24:03.194root 11241100x8000000000000000341796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5f1000f2f480d12021-12-21 10:24:03.194root 11241100x8000000000000000341797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9723dd9adacd73c2021-12-21 10:24:03.194root 11241100x8000000000000000341798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f495938cdc8e4442021-12-21 10:24:03.195root 11241100x8000000000000000341799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea7a89c541c41b32021-12-21 10:24:03.195root 11241100x8000000000000000341800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5957261d08118bef2021-12-21 10:24:03.195root 11241100x8000000000000000341801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fbb6f4838433fcf2021-12-21 10:24:03.195root 11241100x8000000000000000341802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299df2238b8844952021-12-21 10:24:03.196root 11241100x8000000000000000341803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c89ff004e2357c2021-12-21 10:24:03.196root 11241100x8000000000000000341804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8baf58ffd213a72021-12-21 10:24:03.196root 11241100x8000000000000000341805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cea134b406fbc662021-12-21 10:24:03.197root 11241100x8000000000000000341806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497d9cdae3e80c862021-12-21 10:24:03.197root 11241100x8000000000000000341807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8b2778a7e67a982021-12-21 10:24:03.197root 11241100x8000000000000000341808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3019f1d7e98f6a2021-12-21 10:24:03.197root 11241100x8000000000000000341809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2fea29e54751b5c2021-12-21 10:24:03.198root 11241100x8000000000000000341810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a75ad727769b302021-12-21 10:24:03.198root 11241100x8000000000000000341811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901dd5351a668f8c2021-12-21 10:24:03.198root 11241100x8000000000000000341812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc69c45679a0de32021-12-21 10:24:03.198root 11241100x8000000000000000341813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd6a9038f087a262021-12-21 10:24:03.198root 11241100x8000000000000000341814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.494e02fbb5fbea482021-12-21 10:24:03.199root 11241100x8000000000000000341815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501ebe5b7c5459412021-12-21 10:24:03.199root 11241100x8000000000000000341816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95f132d3575b3dd2021-12-21 10:24:03.199root 11241100x8000000000000000341817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ec2f6f645c07a12021-12-21 10:24:03.199root 11241100x8000000000000000341818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9ed9860bbce6692021-12-21 10:24:03.199root 11241100x8000000000000000341819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7359e314ef74bc2021-12-21 10:24:03.200root 11241100x8000000000000000341820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57de376493b252e82021-12-21 10:24:03.200root 11241100x8000000000000000341821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a876127ed720b82021-12-21 10:24:03.200root 11241100x8000000000000000341822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3551503e7ec9b3052021-12-21 10:24:03.201root 11241100x8000000000000000341823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e442d9504fc743022021-12-21 10:24:03.201root 11241100x8000000000000000341824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462e6cffb92587142021-12-21 10:24:03.201root 11241100x8000000000000000341825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70e82dad45268412021-12-21 10:24:03.202root 11241100x8000000000000000341826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2cbaf12161bff4b2021-12-21 10:24:03.203root 11241100x8000000000000000341827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3b118c404778912021-12-21 10:24:03.203root 11241100x8000000000000000341828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9e82dabfc6367e2021-12-21 10:24:03.203root 11241100x8000000000000000341829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd3429517360c182021-12-21 10:24:03.203root 11241100x8000000000000000341830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510950273fc594122021-12-21 10:24:03.203root 11241100x8000000000000000341831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4bb82bc505abfe32021-12-21 10:24:03.203root 11241100x8000000000000000341832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8011c5d284e5fd7d2021-12-21 10:24:03.204root 11241100x8000000000000000341833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e53bbb0e9f9aadf2021-12-21 10:24:03.693root 11241100x8000000000000000341834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6023f2cd8e331d2021-12-21 10:24:03.693root 11241100x8000000000000000341835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993e8ee23ab4f89f2021-12-21 10:24:03.693root 11241100x8000000000000000341836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb461308d40810a2021-12-21 10:24:03.693root 11241100x8000000000000000341837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce42831db0ca5ef2021-12-21 10:24:03.694root 11241100x8000000000000000341838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2829453acb2bf63d2021-12-21 10:24:03.694root 11241100x8000000000000000341839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c01d99d39d157a92021-12-21 10:24:03.694root 11241100x8000000000000000341840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edf818e3480c3be2021-12-21 10:24:03.694root 11241100x8000000000000000341841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4130ff7fcaa9d5662021-12-21 10:24:03.694root 11241100x8000000000000000341842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61605cafbdf10f642021-12-21 10:24:03.694root 11241100x8000000000000000341843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b7ed2b024d0d4d2021-12-21 10:24:03.694root 11241100x8000000000000000341844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe5d3f0435c15d62021-12-21 10:24:03.695root 11241100x8000000000000000341845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472564ca651a30172021-12-21 10:24:03.695root 11241100x8000000000000000341846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7151046b6b6a6a2021-12-21 10:24:03.695root 11241100x8000000000000000341847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022b6322a284be992021-12-21 10:24:03.695root 11241100x8000000000000000341848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543089f339fc2bc72021-12-21 10:24:03.695root 11241100x8000000000000000341849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78de3f494844c4d2021-12-21 10:24:03.695root 11241100x8000000000000000341850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c6bb314f32ab692021-12-21 10:24:03.696root 11241100x8000000000000000341851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3fccf6a0f6a9082021-12-21 10:24:03.696root 11241100x8000000000000000341852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18546bc672414fe32021-12-21 10:24:03.696root 11241100x8000000000000000341853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a9f3dd32661fdf2021-12-21 10:24:03.696root 11241100x8000000000000000341854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdb1e83340fee682021-12-21 10:24:03.696root 11241100x8000000000000000341855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c959bc91cfcd56602021-12-21 10:24:03.696root 11241100x8000000000000000341856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a4729120b659ae2021-12-21 10:24:03.696root 11241100x8000000000000000341857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8283954619ba2612021-12-21 10:24:03.696root 11241100x8000000000000000341858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc542d47125e3f312021-12-21 10:24:03.697root 11241100x8000000000000000341859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5a7ac575fc55462021-12-21 10:24:03.697root 11241100x8000000000000000341860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77979aff8a83c232021-12-21 10:24:03.697root 11241100x8000000000000000341861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be3695b392016a02021-12-21 10:24:03.697root 11241100x8000000000000000341862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88d15c318bef6682021-12-21 10:24:03.697root 11241100x8000000000000000341863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d019329d6d8bcc0a2021-12-21 10:24:03.698root 11241100x8000000000000000341864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39cc3f5b59c7e022021-12-21 10:24:03.698root 11241100x8000000000000000341865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae2ddc1d178eb2d2021-12-21 10:24:03.698root 11241100x8000000000000000341866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8ed63ae31d47202021-12-21 10:24:03.698root 11241100x8000000000000000341867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9478dd550f46fff92021-12-21 10:24:03.699root 11241100x8000000000000000341868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a962da669923cac22021-12-21 10:24:03.699root 11241100x8000000000000000341869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b46d418c34907972021-12-21 10:24:03.699root 11241100x8000000000000000341870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d2023e126af5bf2021-12-21 10:24:03.700root 11241100x8000000000000000341871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389426d12f5cb6172021-12-21 10:24:03.700root 11241100x8000000000000000341872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6cadac3707d70332021-12-21 10:24:03.700root 11241100x8000000000000000341873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f6092bde9bb9522021-12-21 10:24:03.701root 11241100x8000000000000000341874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd0d3726a2a0a6b2021-12-21 10:24:03.701root 11241100x8000000000000000341875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23bb63cbd05737d2021-12-21 10:24:03.701root 11241100x8000000000000000341876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a14043945ff57b2021-12-21 10:24:03.702root 11241100x8000000000000000341877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e870aa016a5f4a72021-12-21 10:24:03.702root 11241100x8000000000000000341878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c2bb0d1fd906812021-12-21 10:24:03.702root 11241100x8000000000000000341879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc2770002bc46af2021-12-21 10:24:03.702root 11241100x8000000000000000341880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26cda0030b7ed3f92021-12-21 10:24:03.703root 11241100x8000000000000000341881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e65cf0cf298c812021-12-21 10:24:03.703root 11241100x8000000000000000341882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:03.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c357edd49e3e322021-12-21 10:24:03.703root 11241100x8000000000000000341883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a442ab950fc0340c2021-12-21 10:24:04.193root 11241100x8000000000000000341884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e101e122037d7e12021-12-21 10:24:04.193root 11241100x8000000000000000341885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d427129959af931f2021-12-21 10:24:04.194root 11241100x8000000000000000341886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4043834c6ada8f2021-12-21 10:24:04.194root 11241100x8000000000000000341887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554b41e2556420d92021-12-21 10:24:04.194root 11241100x8000000000000000341888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d5191e219096f82021-12-21 10:24:04.194root 11241100x8000000000000000341889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e776662e631a6fb2021-12-21 10:24:04.195root 11241100x8000000000000000341890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259543c044c920292021-12-21 10:24:04.195root 11241100x8000000000000000341891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7877ff5f35c00e2f2021-12-21 10:24:04.195root 11241100x8000000000000000341892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e714877116eefee2021-12-21 10:24:04.195root 11241100x8000000000000000341893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9d79bf440672982021-12-21 10:24:04.196root 11241100x8000000000000000341894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83da0dfcb34ceb912021-12-21 10:24:04.196root 11241100x8000000000000000341895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa49950c59e2889b2021-12-21 10:24:04.196root 11241100x8000000000000000341896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af287d5896aa86222021-12-21 10:24:04.196root 11241100x8000000000000000341897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3617113216b1fa392021-12-21 10:24:04.197root 11241100x8000000000000000341898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94e1df625f00d2332021-12-21 10:24:04.197root 11241100x8000000000000000341899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c322aa5585cc9fb2021-12-21 10:24:04.197root 11241100x8000000000000000341900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1610ca982a575182021-12-21 10:24:04.197root 11241100x8000000000000000341901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a93ecffa28c7d9a12021-12-21 10:24:04.197root 11241100x8000000000000000341902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ee286b84a846612021-12-21 10:24:04.197root 11241100x8000000000000000341903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063d4974de80300e2021-12-21 10:24:04.198root 11241100x8000000000000000341904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8a98f627010b962021-12-21 10:24:04.198root 11241100x8000000000000000341905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b4b64055f3a97c2021-12-21 10:24:04.198root 11241100x8000000000000000341906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bdf1739f9755222021-12-21 10:24:04.198root 11241100x8000000000000000341907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d617f6a2761b1ef2021-12-21 10:24:04.198root 11241100x8000000000000000341908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2655f1c699aa7a2021-12-21 10:24:04.199root 11241100x8000000000000000341909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6344040b6e32282021-12-21 10:24:04.199root 11241100x8000000000000000341910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01942fc2bab04c0a2021-12-21 10:24:04.199root 11241100x8000000000000000341911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be4b5bbacd035762021-12-21 10:24:04.199root 11241100x8000000000000000341912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc03734069e82282021-12-21 10:24:04.200root 11241100x8000000000000000341913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e05ee5bc786a732021-12-21 10:24:04.200root 11241100x8000000000000000341914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f407353d21ae81032021-12-21 10:24:04.200root 11241100x8000000000000000341915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b06b8a1ab8c4862021-12-21 10:24:04.200root 11241100x8000000000000000341916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e05607db6d429c82021-12-21 10:24:04.201root 11241100x8000000000000000341917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f4002b9769380d2021-12-21 10:24:04.201root 11241100x8000000000000000341918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cec556b1b9600fc2021-12-21 10:24:04.201root 11241100x8000000000000000341919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683220db08b926f52021-12-21 10:24:04.201root 11241100x8000000000000000341920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2301fdae9e35712021-12-21 10:24:04.202root 11241100x8000000000000000341921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2feb6a36f223b1e32021-12-21 10:24:04.202root 11241100x8000000000000000341922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91027caec96280a72021-12-21 10:24:04.202root 11241100x8000000000000000341923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56be68c3f4b6f3ea2021-12-21 10:24:04.202root 11241100x8000000000000000341924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba178d515dd95682021-12-21 10:24:04.202root 11241100x8000000000000000341925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8363d170ad74f7c02021-12-21 10:24:04.203root 11241100x8000000000000000341926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad41649b05e2cc22021-12-21 10:24:04.203root 11241100x8000000000000000341927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c9725e91cc786e2021-12-21 10:24:04.203root 11241100x8000000000000000341928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab3748068b2b9cc2021-12-21 10:24:04.693root 11241100x8000000000000000341929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1b533f70c99d2c2021-12-21 10:24:04.693root 11241100x8000000000000000341930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1636c2b92f0c202021-12-21 10:24:04.693root 11241100x8000000000000000341931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb99cd1efa656e72021-12-21 10:24:04.693root 11241100x8000000000000000341932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a460096a667d7162021-12-21 10:24:04.693root 11241100x8000000000000000341933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a152d0c4dacd912021-12-21 10:24:04.693root 11241100x8000000000000000341934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb218c5f45fe1a92021-12-21 10:24:04.693root 11241100x8000000000000000341935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bceb760720b6fb8a2021-12-21 10:24:04.694root 11241100x8000000000000000341936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3652f8fdff75d7662021-12-21 10:24:04.694root 11241100x8000000000000000341937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875be5e8deb8b7122021-12-21 10:24:04.694root 11241100x8000000000000000341938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc36be9fc7504bb22021-12-21 10:24:04.694root 11241100x8000000000000000341939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1634d9d6d5896762021-12-21 10:24:04.694root 11241100x8000000000000000341940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b4773e3b8cade52021-12-21 10:24:04.694root 11241100x8000000000000000341941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d617d9a2d15e6cb12021-12-21 10:24:04.694root 11241100x8000000000000000341942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1fc7a08c46dfa122021-12-21 10:24:04.694root 11241100x8000000000000000341943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639c387d5f67f3362021-12-21 10:24:04.695root 11241100x8000000000000000341944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48ca3c18cff87dd2021-12-21 10:24:04.695root 11241100x8000000000000000341945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b3309913d5f01f2021-12-21 10:24:04.695root 11241100x8000000000000000341946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1b13c32503b71d2021-12-21 10:24:04.695root 11241100x8000000000000000341947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830dacdb971c5d642021-12-21 10:24:04.695root 11241100x8000000000000000341948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38df962e7ce2d2f02021-12-21 10:24:04.695root 11241100x8000000000000000341949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6315d18f3668eecf2021-12-21 10:24:04.696root 11241100x8000000000000000341950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f405b81b6effc152021-12-21 10:24:04.696root 11241100x8000000000000000341951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd9812389132cd62021-12-21 10:24:04.696root 11241100x8000000000000000341952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad122796bf43b6fd2021-12-21 10:24:04.696root 11241100x8000000000000000341953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df98c5925583d3362021-12-21 10:24:04.696root 11241100x8000000000000000341954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa4d796ee9bb3052021-12-21 10:24:04.697root 11241100x8000000000000000341955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97f1412095452192021-12-21 10:24:04.697root 11241100x8000000000000000341956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969a5cec90e628362021-12-21 10:24:04.697root 11241100x8000000000000000341957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990b97a53097b1462021-12-21 10:24:04.697root 11241100x8000000000000000341958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d275449f310428f32021-12-21 10:24:04.697root 11241100x8000000000000000341959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcdb1dccf67124092021-12-21 10:24:04.697root 11241100x8000000000000000341960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbcf8700f8fb5e3c2021-12-21 10:24:04.698root 11241100x8000000000000000341961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29bb22eef049c0c2021-12-21 10:24:04.698root 11241100x8000000000000000341962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf02ca2b5ca7f562021-12-21 10:24:04.698root 11241100x8000000000000000341963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f225d11981bddbf2021-12-21 10:24:04.698root 11241100x8000000000000000341964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a7880b71a8eb482021-12-21 10:24:04.698root 11241100x8000000000000000341965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4b44613220d27c2021-12-21 10:24:04.699root 11241100x8000000000000000341966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2dc8d5d00391a7e2021-12-21 10:24:04.699root 11241100x8000000000000000341967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0646188d43bcbfee2021-12-21 10:24:04.699root 11241100x8000000000000000341968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e4bccfcae473db2021-12-21 10:24:04.699root 11241100x8000000000000000341969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0a0aace8ac4d102021-12-21 10:24:04.700root 11241100x8000000000000000341970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aaf8683e26ef24f2021-12-21 10:24:04.700root 11241100x8000000000000000341971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396bd2a41ec780c42021-12-21 10:24:04.701root 11241100x8000000000000000341972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490b18febdf468bf2021-12-21 10:24:04.702root 11241100x8000000000000000341973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd3a096d136f3772021-12-21 10:24:04.702root 11241100x8000000000000000341974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b27fc0516fdef2e62021-12-21 10:24:04.703root 11241100x8000000000000000341975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31a4d1dd8ff79702021-12-21 10:24:04.703root 11241100x8000000000000000341976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a45968b90dc4df2021-12-21 10:24:04.704root 11241100x8000000000000000341977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423617377d725b7b2021-12-21 10:24:04.704root 11241100x8000000000000000341978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01b03f10d1d3f032021-12-21 10:24:04.705root 11241100x8000000000000000341979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d29867eb8b4bb482021-12-21 10:24:04.705root 11241100x8000000000000000341980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4cd30de19a108172021-12-21 10:24:04.705root 11241100x8000000000000000341981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c620d9f72f4db1cd2021-12-21 10:24:04.705root 11241100x8000000000000000341982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0768302cdcd6be2021-12-21 10:24:04.705root 11241100x8000000000000000341983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2fde1dc3baa5a392021-12-21 10:24:04.706root 11241100x8000000000000000341984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262569776419e7fa2021-12-21 10:24:04.706root 11241100x8000000000000000341985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:04.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.737816d593717a8d2021-12-21 10:24:04.706root 354300x8000000000000000341986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.184{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47044-false10.0.1.12-8000- 11241100x8000000000000000341987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc285045aa0e595f2021-12-21 10:24:05.186root 11241100x8000000000000000341988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74221820d55e41ce2021-12-21 10:24:05.186root 11241100x8000000000000000341989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbd2c04d01792ae2021-12-21 10:24:05.186root 11241100x8000000000000000341990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f41fa4ea86888c2021-12-21 10:24:05.186root 11241100x8000000000000000341991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d284672894f7cf2021-12-21 10:24:05.186root 11241100x8000000000000000341992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e960a7779156f92021-12-21 10:24:05.186root 11241100x8000000000000000341993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.186{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ccf1ecdf5d6ee22021-12-21 10:24:05.186root 11241100x8000000000000000341994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a307cd633f4e00232021-12-21 10:24:05.187root 11241100x8000000000000000341995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ebd29795970b8c2021-12-21 10:24:05.187root 11241100x8000000000000000341996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabea328641563612021-12-21 10:24:05.187root 11241100x8000000000000000341997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f193d6fe0b38e09d2021-12-21 10:24:05.187root 11241100x8000000000000000341998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689246967eb298842021-12-21 10:24:05.187root 11241100x8000000000000000341999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c0f3930df7d8f72021-12-21 10:24:05.187root 11241100x8000000000000000342000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abe31ec1dc308b22021-12-21 10:24:05.187root 11241100x8000000000000000342001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1c2678dc232a482021-12-21 10:24:05.188root 11241100x8000000000000000342002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4804e7e925bf997b2021-12-21 10:24:05.188root 11241100x8000000000000000342003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54cbb5a242eb0da02021-12-21 10:24:05.188root 11241100x8000000000000000342004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4291d2b910c0b8562021-12-21 10:24:05.188root 11241100x8000000000000000342005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1161e762659cd7dc2021-12-21 10:24:05.188root 11241100x8000000000000000342006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9ae624a659c0292021-12-21 10:24:05.188root 11241100x8000000000000000342007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2769ece5f81f1ba82021-12-21 10:24:05.188root 11241100x8000000000000000342008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba9516d6c7dafe82021-12-21 10:24:05.188root 11241100x8000000000000000342009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0154171818e3b32021-12-21 10:24:05.188root 11241100x8000000000000000342010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80cec4b5d4873882021-12-21 10:24:05.188root 11241100x8000000000000000342011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d085793d4741f5a12021-12-21 10:24:05.189root 11241100x8000000000000000342012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f4afdfe0e3864b2021-12-21 10:24:05.189root 11241100x8000000000000000342013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3434eb279fea2a2d2021-12-21 10:24:05.189root 11241100x8000000000000000342014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06546248fbbadbe72021-12-21 10:24:05.189root 11241100x8000000000000000342015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc3ab02a22b42ec62021-12-21 10:24:05.189root 11241100x8000000000000000342016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f5f2d8cb9e48ed2021-12-21 10:24:05.190root 11241100x8000000000000000342017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd66d3dd8367d512021-12-21 10:24:05.190root 11241100x8000000000000000342018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67a7e0e6b543bce2021-12-21 10:24:05.190root 11241100x8000000000000000342019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.500b78ca87960ec62021-12-21 10:24:05.190root 11241100x8000000000000000342020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429bd64ea56ebc3e2021-12-21 10:24:05.190root 11241100x8000000000000000342021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa003c9c6694f452021-12-21 10:24:05.190root 11241100x8000000000000000342022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4897cfe6825eebf72021-12-21 10:24:05.191root 11241100x8000000000000000342023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164f75d55fd650ed2021-12-21 10:24:05.191root 11241100x8000000000000000342024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3e9dbd3f6821a72021-12-21 10:24:05.191root 11241100x8000000000000000342025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96a97b830cbc4fa2021-12-21 10:24:05.191root 11241100x8000000000000000342026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4747be2b9cc27f52021-12-21 10:24:05.192root 11241100x8000000000000000342027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194130fc8096878f2021-12-21 10:24:05.192root 11241100x8000000000000000342028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5eba0797a1ffce2021-12-21 10:24:05.192root 11241100x8000000000000000342029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb54287183b4d892021-12-21 10:24:05.192root 11241100x8000000000000000342030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c99b2be467885cf2021-12-21 10:24:05.192root 11241100x8000000000000000342031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d08733f6c08e402021-12-21 10:24:05.193root 11241100x8000000000000000342032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e795ce35f1857872021-12-21 10:24:05.193root 11241100x8000000000000000342033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7d6a69d3b3229b2021-12-21 10:24:05.193root 11241100x8000000000000000342034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af15fa28c6ac86722021-12-21 10:24:05.193root 11241100x8000000000000000342035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef23ce85303c41972021-12-21 10:24:05.193root 11241100x8000000000000000342036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea91d25da5b3c38c2021-12-21 10:24:05.442root 11241100x8000000000000000342037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f6910d406480be2021-12-21 10:24:05.443root 11241100x8000000000000000342038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cfe0ce1b228c0182021-12-21 10:24:05.443root 11241100x8000000000000000342039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e9e0c3a98abbcd2021-12-21 10:24:05.443root 11241100x8000000000000000342040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50b149a6fb84e032021-12-21 10:24:05.443root 11241100x8000000000000000342041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46db799e55630b032021-12-21 10:24:05.443root 11241100x8000000000000000342042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f46d8e2e98a51be2021-12-21 10:24:05.443root 11241100x8000000000000000342043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2397b22bca3a462021-12-21 10:24:05.443root 11241100x8000000000000000342044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a52252f63d66cf2021-12-21 10:24:05.444root 11241100x8000000000000000342045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6980e5b9bdf89e6a2021-12-21 10:24:05.444root 11241100x8000000000000000342046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ece0e6f2b21bde2021-12-21 10:24:05.444root 11241100x8000000000000000342047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.091a8bbcbfd069ad2021-12-21 10:24:05.444root 11241100x8000000000000000342048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99cc8ba486da1a7a2021-12-21 10:24:05.444root 11241100x8000000000000000342049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28cf43b3d3aa9e652021-12-21 10:24:05.444root 11241100x8000000000000000342050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc09ed6211b7bd52021-12-21 10:24:05.444root 11241100x8000000000000000342051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35a0e6a7a9aab2f2021-12-21 10:24:05.444root 11241100x8000000000000000342052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9680003c667a0102021-12-21 10:24:05.444root 11241100x8000000000000000342053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40238240f43ec1dd2021-12-21 10:24:05.445root 11241100x8000000000000000342054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc57b585e36e68b02021-12-21 10:24:05.445root 11241100x8000000000000000342055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de50f409e1814fa42021-12-21 10:24:05.445root 11241100x8000000000000000342056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7025435ade85b58f2021-12-21 10:24:05.445root 11241100x8000000000000000342057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1521fcd4c994e1a12021-12-21 10:24:05.445root 11241100x8000000000000000342058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b75c647012ce3f2021-12-21 10:24:05.445root 11241100x8000000000000000342059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b20274115cd0022021-12-21 10:24:05.445root 11241100x8000000000000000342060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6cade96e8e7dba02021-12-21 10:24:05.446root 11241100x8000000000000000342061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0ffa3379d98cc32021-12-21 10:24:05.446root 11241100x8000000000000000342062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9bd0ea4c4667be52021-12-21 10:24:05.446root 11241100x8000000000000000342063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5517f2d90401372021-12-21 10:24:05.446root 11241100x8000000000000000342064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205a32372aa90e3f2021-12-21 10:24:05.446root 11241100x8000000000000000342065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.392ab4cc595c90242021-12-21 10:24:05.446root 11241100x8000000000000000342066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eedb36fc28bf9e852021-12-21 10:24:05.446root 11241100x8000000000000000342067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1107aec30111f1ec2021-12-21 10:24:05.447root 11241100x8000000000000000342068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40f5889084cc0b72021-12-21 10:24:05.447root 11241100x8000000000000000342069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ff2fd41b3dcab52021-12-21 10:24:05.447root 11241100x8000000000000000342070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a647b8b3f79ef2f2021-12-21 10:24:05.447root 11241100x8000000000000000342071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e7cbdc8e7f9e122021-12-21 10:24:05.447root 11241100x8000000000000000342072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5322bf3d3f37d85b2021-12-21 10:24:05.447root 11241100x8000000000000000342073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa4e7be9b953e322021-12-21 10:24:05.447root 11241100x8000000000000000342074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba715679643ccbd2021-12-21 10:24:05.448root 11241100x8000000000000000342075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ba6ac2b507db0c2021-12-21 10:24:05.448root 11241100x8000000000000000342076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59231a9330fe99f12021-12-21 10:24:05.448root 11241100x8000000000000000342077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaedfb9390e4c2792021-12-21 10:24:05.448root 11241100x8000000000000000342078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5b7c45aa1cb5b22021-12-21 10:24:05.448root 11241100x8000000000000000342079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640090dfd5324e4c2021-12-21 10:24:05.448root 11241100x8000000000000000342080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f90b97b0433f6f72021-12-21 10:24:05.448root 11241100x8000000000000000342081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f22b706e214e03d2021-12-21 10:24:05.448root 11241100x8000000000000000342082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c40f2d9bc1d07b2021-12-21 10:24:05.448root 11241100x8000000000000000342083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8813461ea14e5362021-12-21 10:24:05.448root 11241100x8000000000000000342084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6873cfb3eaaf322021-12-21 10:24:05.448root 11241100x8000000000000000342085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a365c9a8bb2e7eee2021-12-21 10:24:05.448root 11241100x8000000000000000342086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c2fa518b0b7c532021-12-21 10:24:05.448root 11241100x8000000000000000342087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a697547a66f72b22021-12-21 10:24:05.449root 11241100x8000000000000000342088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a23f3b1d792b0c2021-12-21 10:24:05.943root 11241100x8000000000000000342089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdcb38f0bd0e581f2021-12-21 10:24:05.943root 11241100x8000000000000000342090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10206664cd2409b52021-12-21 10:24:05.943root 11241100x8000000000000000342091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0aa34301a2096a2021-12-21 10:24:05.944root 11241100x8000000000000000342092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59209c2b6d0e5ca82021-12-21 10:24:05.944root 11241100x8000000000000000342093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62aa22142064be82021-12-21 10:24:05.944root 11241100x8000000000000000342094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6340f6d93a8520ee2021-12-21 10:24:05.944root 11241100x8000000000000000342095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d82d799ba9f1d32021-12-21 10:24:05.944root 11241100x8000000000000000342096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f946a0baa2aa85e12021-12-21 10:24:05.944root 11241100x8000000000000000342097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9713d032001afc282021-12-21 10:24:05.944root 11241100x8000000000000000342098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d7acbfee58daf32021-12-21 10:24:05.945root 11241100x8000000000000000342099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0799d49e6b3f542021-12-21 10:24:05.945root 11241100x8000000000000000342100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6c27f1a909ed002021-12-21 10:24:05.945root 11241100x8000000000000000342101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f9b2ee66ab0a4b2021-12-21 10:24:05.945root 11241100x8000000000000000342102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b324ab573ff8212021-12-21 10:24:05.945root 11241100x8000000000000000342103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086b43de40cdb5d52021-12-21 10:24:05.946root 11241100x8000000000000000342104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc828b4342bbff082021-12-21 10:24:05.946root 11241100x8000000000000000342105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ea0e9cb815b16d2021-12-21 10:24:05.946root 11241100x8000000000000000342106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecafdf59e45c2e882021-12-21 10:24:05.946root 11241100x8000000000000000342107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8261aff60b308d72021-12-21 10:24:05.946root 11241100x8000000000000000342108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec058a65e984952a2021-12-21 10:24:05.947root 11241100x8000000000000000342109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ccb29c0acb66342021-12-21 10:24:05.947root 11241100x8000000000000000342110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33396450a372c2432021-12-21 10:24:05.947root 11241100x8000000000000000342111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b57942731b48da2021-12-21 10:24:05.947root 11241100x8000000000000000342112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0d4bcaadfa01fe2021-12-21 10:24:05.947root 11241100x8000000000000000342113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6b8bee4c2651322021-12-21 10:24:05.947root 11241100x8000000000000000342114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e03cf9869f0c3f62021-12-21 10:24:05.947root 11241100x8000000000000000342115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6cac6289884fec82021-12-21 10:24:05.947root 11241100x8000000000000000342116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd49193736a7dec2021-12-21 10:24:05.947root 11241100x8000000000000000342117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316c4a6a35bee18d2021-12-21 10:24:05.948root 11241100x8000000000000000342118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8fb86846ab2fcbd2021-12-21 10:24:05.948root 11241100x8000000000000000342119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5adaab2e553e3d7c2021-12-21 10:24:05.948root 11241100x8000000000000000342120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5489e941199d96752021-12-21 10:24:05.948root 11241100x8000000000000000342121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c689730c16360f2021-12-21 10:24:05.948root 11241100x8000000000000000342122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c511476f55cd392021-12-21 10:24:05.948root 11241100x8000000000000000342123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ad3808f13d35a82021-12-21 10:24:05.948root 11241100x8000000000000000342124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5023650c9eb6e68f2021-12-21 10:24:05.949root 11241100x8000000000000000342125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0cd3b1d5c6c1aa32021-12-21 10:24:05.949root 11241100x8000000000000000342126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ba5eb0b54f18c22021-12-21 10:24:05.949root 11241100x8000000000000000342127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2f38fd1c77b1ae2021-12-21 10:24:05.949root 11241100x8000000000000000342128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ed3ff809ee9ede2021-12-21 10:24:05.949root 11241100x8000000000000000342129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275c26bf29264c902021-12-21 10:24:05.949root 11241100x8000000000000000342130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8dbc6bb3ba08b02021-12-21 10:24:05.951root 11241100x8000000000000000342131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ce3552f232144b2021-12-21 10:24:05.951root 11241100x8000000000000000342132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd58a18711078c4e2021-12-21 10:24:05.951root 11241100x8000000000000000342133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08974578c3538fce2021-12-21 10:24:05.951root 11241100x8000000000000000342134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:05.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5193682862f08ea2021-12-21 10:24:05.951root 11241100x8000000000000000342135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.349{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:24:06.349root 11241100x8000000000000000342136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ac8cf00b49f7f02021-12-21 10:24:06.350root 11241100x8000000000000000342137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9a95a4844aa3352021-12-21 10:24:06.350root 11241100x8000000000000000342138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f047165e01c8a252021-12-21 10:24:06.351root 11241100x8000000000000000342139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10f231fee8176232021-12-21 10:24:06.351root 11241100x8000000000000000342140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0762af428f9f9a2021-12-21 10:24:06.351root 11241100x8000000000000000342141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010891c3da0025892021-12-21 10:24:06.351root 11241100x8000000000000000342142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41beabaf89556f162021-12-21 10:24:06.351root 11241100x8000000000000000342143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b8fbfb85c8f6432021-12-21 10:24:06.351root 11241100x8000000000000000342144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0536b65f5cb378622021-12-21 10:24:06.352root 11241100x8000000000000000342145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6113c13ccb10eb0d2021-12-21 10:24:06.352root 11241100x8000000000000000342146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f689bc3ac104e8ec2021-12-21 10:24:06.352root 11241100x8000000000000000342147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd87f00e21d1322b2021-12-21 10:24:06.352root 11241100x8000000000000000342148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53d32df91e2b8c12021-12-21 10:24:06.352root 11241100x8000000000000000342149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32de4c71472e13c52021-12-21 10:24:06.352root 11241100x8000000000000000342150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0559d20b263e3742021-12-21 10:24:06.352root 11241100x8000000000000000342151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99dcd8331b1f5bc42021-12-21 10:24:06.352root 11241100x8000000000000000342152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaaa8a728cdf1ec12021-12-21 10:24:06.353root 11241100x8000000000000000342153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e49fac620307ae2021-12-21 10:24:06.353root 11241100x8000000000000000342154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48fcc36bac644812021-12-21 10:24:06.353root 11241100x8000000000000000342155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b02f294835409022021-12-21 10:24:06.353root 11241100x8000000000000000342156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96a6b570a666def2021-12-21 10:24:06.353root 11241100x8000000000000000342157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed4da62a49f97fe2021-12-21 10:24:06.353root 11241100x8000000000000000342158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e595c93f29a4b3e72021-12-21 10:24:06.353root 11241100x8000000000000000342159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d884c593c14f78322021-12-21 10:24:06.353root 11241100x8000000000000000342160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831248399561f9922021-12-21 10:24:06.353root 11241100x8000000000000000342161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe032ccbb16646822021-12-21 10:24:06.354root 11241100x8000000000000000342162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78526a7dd311f3072021-12-21 10:24:06.354root 11241100x8000000000000000342163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147e09b10f125e332021-12-21 10:24:06.354root 11241100x8000000000000000342164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48652039eb9758582021-12-21 10:24:06.354root 11241100x8000000000000000342165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ed6690a1e8c7332021-12-21 10:24:06.354root 11241100x8000000000000000342166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1a4ccfaf9938962021-12-21 10:24:06.354root 11241100x8000000000000000342167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd64a79d25b57e92021-12-21 10:24:06.355root 11241100x8000000000000000342168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c037ec0107d1d8cb2021-12-21 10:24:06.355root 11241100x8000000000000000342169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f148904753e00792021-12-21 10:24:06.355root 11241100x8000000000000000342170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7333697b9a75620e2021-12-21 10:24:06.355root 11241100x8000000000000000342171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469f42ed52025bae2021-12-21 10:24:06.355root 11241100x8000000000000000342172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972af08550c00d852021-12-21 10:24:06.355root 11241100x8000000000000000342173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b796b8296526102021-12-21 10:24:06.356root 11241100x8000000000000000342174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47e136f8dfa5d1b2021-12-21 10:24:06.356root 11241100x8000000000000000342175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f54ad7f2710fff52021-12-21 10:24:06.356root 11241100x8000000000000000342176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220dae24b1cd02762021-12-21 10:24:06.356root 11241100x8000000000000000342177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92dc1b068dd530cd2021-12-21 10:24:06.356root 11241100x8000000000000000342178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9824cd0ef8268f382021-12-21 10:24:06.356root 11241100x8000000000000000342179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa9afabc5a548dcc2021-12-21 10:24:06.356root 11241100x8000000000000000342180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee84cf2ed355daab2021-12-21 10:24:06.357root 11241100x8000000000000000342181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1a05712e9b7a022021-12-21 10:24:06.357root 11241100x8000000000000000342182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ffbd4092cd226d72021-12-21 10:24:06.357root 11241100x8000000000000000342183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b384b0c201e38ff2021-12-21 10:24:06.357root 11241100x8000000000000000342184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050ded90b6d4d6b42021-12-21 10:24:06.357root 11241100x8000000000000000342185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f22ae9d2f70a8e2021-12-21 10:24:06.357root 11241100x8000000000000000342186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a04ffe05603c8b2021-12-21 10:24:06.357root 11241100x8000000000000000342187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.358{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed30c2aa91b161612021-12-21 10:24:06.358root 11241100x8000000000000000342188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.358{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdeef4247605ca3b2021-12-21 10:24:06.358root 11241100x8000000000000000342189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.358{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03017c67d050643f2021-12-21 10:24:06.358root 11241100x8000000000000000342190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.358{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1c0667d240b24a2021-12-21 10:24:06.358root 11241100x8000000000000000342191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4062daab18e56c2e2021-12-21 10:24:06.693root 11241100x8000000000000000342192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1d18c024fc200a2021-12-21 10:24:06.693root 11241100x8000000000000000342193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b432103f116299d92021-12-21 10:24:06.693root 11241100x8000000000000000342194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc80e0cb52ba7612021-12-21 10:24:06.693root 11241100x8000000000000000342195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd540bec058973052021-12-21 10:24:06.693root 11241100x8000000000000000342196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d19db2cbc54f0ab2021-12-21 10:24:06.693root 11241100x8000000000000000342197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b2f9d438c3cfb292021-12-21 10:24:06.693root 11241100x8000000000000000342198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f3306e150dda182021-12-21 10:24:06.694root 11241100x8000000000000000342199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd40104ffb13e702021-12-21 10:24:06.694root 11241100x8000000000000000342200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1166ce40a9608e6b2021-12-21 10:24:06.694root 11241100x8000000000000000342201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5f888f3987501e2021-12-21 10:24:06.694root 11241100x8000000000000000342202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92559f05d6fccf1d2021-12-21 10:24:06.694root 11241100x8000000000000000342203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e24543b2d002732021-12-21 10:24:06.694root 11241100x8000000000000000342204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5db1b91313e02d2021-12-21 10:24:06.694root 11241100x8000000000000000342205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2f7bdfc157f3b92021-12-21 10:24:06.694root 11241100x8000000000000000342206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5352e416e1c5fb22021-12-21 10:24:06.695root 11241100x8000000000000000342207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7aefa5d5e5a14f2021-12-21 10:24:06.695root 11241100x8000000000000000342208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f28d476665cb232021-12-21 10:24:06.695root 11241100x8000000000000000342209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abbf5f6ee129b812021-12-21 10:24:06.695root 11241100x8000000000000000342210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51bc68f3527cbe162021-12-21 10:24:06.695root 11241100x8000000000000000342211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd708e9acafe85ae2021-12-21 10:24:06.696root 11241100x8000000000000000342212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8328621628cc00d42021-12-21 10:24:06.696root 11241100x8000000000000000342213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a5746999c05ec882021-12-21 10:24:06.696root 11241100x8000000000000000342214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158dd9087cabeb4a2021-12-21 10:24:06.696root 11241100x8000000000000000342215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cf7c9a27f7a7cc2021-12-21 10:24:06.696root 11241100x8000000000000000342216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a43983ff80d0c32021-12-21 10:24:06.696root 11241100x8000000000000000342217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b325d72732e74b2021-12-21 10:24:06.696root 11241100x8000000000000000342218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa2900983547d722021-12-21 10:24:06.696root 11241100x8000000000000000342219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b34ca3852f3acfb2021-12-21 10:24:06.696root 11241100x8000000000000000342220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10872b16161940912021-12-21 10:24:06.696root 11241100x8000000000000000342221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df80391edb00dce42021-12-21 10:24:06.697root 11241100x8000000000000000342222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8844ec15f3610e2021-12-21 10:24:06.697root 11241100x8000000000000000342223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609c9a957d6410cc2021-12-21 10:24:06.697root 11241100x8000000000000000342224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7726a2576c11440e2021-12-21 10:24:06.697root 11241100x8000000000000000342225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa053fb1ba64a152021-12-21 10:24:06.697root 11241100x8000000000000000342226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6c88a036805d9e2021-12-21 10:24:06.697root 11241100x8000000000000000342227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b200f41db472762021-12-21 10:24:06.697root 11241100x8000000000000000342228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3701a59ee4d2702021-12-21 10:24:06.697root 11241100x8000000000000000342229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1dbd07d6e8064612021-12-21 10:24:06.697root 11241100x8000000000000000342230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67950e5d7d0a4342021-12-21 10:24:06.697root 11241100x8000000000000000342231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31dfdaa5764c9ceb2021-12-21 10:24:06.698root 11241100x8000000000000000342232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22efb7d3fdaffdbc2021-12-21 10:24:06.698root 11241100x8000000000000000342233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0774faa50c85d32c2021-12-21 10:24:06.698root 11241100x8000000000000000342234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a0606eeefa75c52021-12-21 10:24:06.698root 11241100x8000000000000000342235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfdabac48525de382021-12-21 10:24:06.698root 11241100x8000000000000000342236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fb3097ae2940c092021-12-21 10:24:06.698root 11241100x8000000000000000342237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6855bd61f8e1f1712021-12-21 10:24:06.699root 11241100x8000000000000000342238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad6f4feb1ab21f22021-12-21 10:24:06.699root 11241100x8000000000000000342239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b2dd50a8ac72f802021-12-21 10:24:06.699root 11241100x8000000000000000342240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3717323a4e2de9f32021-12-21 10:24:06.699root 11241100x8000000000000000342241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b91e4392fe842272021-12-21 10:24:06.700root 11241100x8000000000000000342242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9651ad48feb8d9c02021-12-21 10:24:06.700root 11241100x8000000000000000342243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd9f0c743cfe1f82021-12-21 10:24:06.700root 11241100x8000000000000000342244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834a7466a4f0b51e2021-12-21 10:24:06.700root 11241100x8000000000000000342245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfc6e15118ad8412021-12-21 10:24:06.700root 11241100x8000000000000000342246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b299619f18e35732021-12-21 10:24:06.701root 11241100x8000000000000000342247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0c4418e53409dd2021-12-21 10:24:06.701root 11241100x8000000000000000342248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:06.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5384c5d5e25872b42021-12-21 10:24:06.701root 11241100x8000000000000000342249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7569abc1749c80d62021-12-21 10:24:07.193root 11241100x8000000000000000342250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190d871aaedd11232021-12-21 10:24:07.193root 11241100x8000000000000000342251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254abea692e6e8922021-12-21 10:24:07.193root 11241100x8000000000000000342252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.738002f1209686de2021-12-21 10:24:07.194root 11241100x8000000000000000342253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7f7c3df79ec71d2021-12-21 10:24:07.194root 11241100x8000000000000000342254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0f1b4c87add47f2021-12-21 10:24:07.194root 11241100x8000000000000000342255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b13a50b15d98ff2021-12-21 10:24:07.194root 11241100x8000000000000000342256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff504ee2809a3372021-12-21 10:24:07.194root 11241100x8000000000000000342257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0e7283274af4dc2021-12-21 10:24:07.194root 11241100x8000000000000000342258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be3962ffec74ac12021-12-21 10:24:07.195root 11241100x8000000000000000342259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c043784f26a28952021-12-21 10:24:07.195root 11241100x8000000000000000342260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff5c3553121ceb32021-12-21 10:24:07.195root 11241100x8000000000000000342261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7955e8c2cf91c1f42021-12-21 10:24:07.195root 11241100x8000000000000000342262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.482af05f8ad2e8ad2021-12-21 10:24:07.195root 11241100x8000000000000000342263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a42b530ba44dc092021-12-21 10:24:07.196root 11241100x8000000000000000342264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe2adaace6505f42021-12-21 10:24:07.196root 11241100x8000000000000000342265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62c37a02bec87512021-12-21 10:24:07.196root 11241100x8000000000000000342266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce4d70166adb98522021-12-21 10:24:07.196root 11241100x8000000000000000342267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c44ae8658a734f2021-12-21 10:24:07.196root 11241100x8000000000000000342268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7f41c857019bd42021-12-21 10:24:07.196root 11241100x8000000000000000342269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a90e1f9408232e252021-12-21 10:24:07.196root 11241100x8000000000000000342270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4ec31d950f66412021-12-21 10:24:07.197root 11241100x8000000000000000342271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d8f36526a4ff7f2021-12-21 10:24:07.197root 11241100x8000000000000000342272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ffef7269d345302021-12-21 10:24:07.197root 11241100x8000000000000000342273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07adfbe4e011e7932021-12-21 10:24:07.197root 11241100x8000000000000000342274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f5b2ae1e0c06de2021-12-21 10:24:07.197root 11241100x8000000000000000342275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e09a9d5da9c3e62021-12-21 10:24:07.197root 11241100x8000000000000000342276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be061875df1859152021-12-21 10:24:07.198root 11241100x8000000000000000342277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c016f74abac0dbd22021-12-21 10:24:07.198root 11241100x8000000000000000342278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa9be29042e92c42021-12-21 10:24:07.198root 11241100x8000000000000000342279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb68feb83c749d792021-12-21 10:24:07.198root 11241100x8000000000000000342280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d698071deb1cf1c12021-12-21 10:24:07.199root 11241100x8000000000000000342281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dce84f2bce087bb2021-12-21 10:24:07.199root 11241100x8000000000000000342282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c597c2125518c8402021-12-21 10:24:07.199root 11241100x8000000000000000342283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a046506f3238aa72021-12-21 10:24:07.199root 11241100x8000000000000000342284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb30d6ed8f0b7132021-12-21 10:24:07.200root 11241100x8000000000000000342285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0089156270058a542021-12-21 10:24:07.200root 11241100x8000000000000000342286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f89731b92babb52021-12-21 10:24:07.200root 11241100x8000000000000000342287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8da6bbf03d4eb52021-12-21 10:24:07.200root 11241100x8000000000000000342288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79e3fd60f0f31fc2021-12-21 10:24:07.200root 11241100x8000000000000000342289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b082f72250bb3c2021-12-21 10:24:07.201root 11241100x8000000000000000342290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5ed9efdcb23c58b2021-12-21 10:24:07.201root 11241100x8000000000000000342291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486f7fc9d577702d2021-12-21 10:24:07.201root 11241100x8000000000000000342292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0546237d97e73112021-12-21 10:24:07.201root 11241100x8000000000000000342293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4c765184b4ed4d2021-12-21 10:24:07.201root 11241100x8000000000000000342294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b210d6dd0091bd8a2021-12-21 10:24:07.202root 11241100x8000000000000000342295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210def170b207a0c2021-12-21 10:24:07.202root 11241100x8000000000000000342296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3be928a37310682021-12-21 10:24:07.202root 11241100x8000000000000000342297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c62757c10a44c82021-12-21 10:24:07.203root 11241100x8000000000000000342298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e9a5ebca3484232021-12-21 10:24:07.203root 11241100x8000000000000000342299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b737b6c14e346e032021-12-21 10:24:07.693root 11241100x8000000000000000342300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1bbf0f58f1d4abb2021-12-21 10:24:07.693root 11241100x8000000000000000342301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5658add280c663f2021-12-21 10:24:07.693root 11241100x8000000000000000342302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41def74d3ecef542021-12-21 10:24:07.693root 11241100x8000000000000000342303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eac8ca668d25f5d2021-12-21 10:24:07.694root 11241100x8000000000000000342304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f449d90cf5431d532021-12-21 10:24:07.694root 11241100x8000000000000000342305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64da2c2d2e10bd222021-12-21 10:24:07.694root 11241100x8000000000000000342306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e9d4ea484820d82021-12-21 10:24:07.694root 11241100x8000000000000000342307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899cc26311775a722021-12-21 10:24:07.694root 11241100x8000000000000000342308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a8edf536ed6e7d2021-12-21 10:24:07.694root 11241100x8000000000000000342309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14a0ac30c3dbf062021-12-21 10:24:07.695root 11241100x8000000000000000342310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7489a9d655153ed2021-12-21 10:24:07.695root 11241100x8000000000000000342311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c204cdf6aa091f052021-12-21 10:24:07.695root 11241100x8000000000000000342312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5206d36ff1999902021-12-21 10:24:07.695root 11241100x8000000000000000342313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c713c86eb6c5e5fc2021-12-21 10:24:07.695root 11241100x8000000000000000342314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e41ab88d3384152021-12-21 10:24:07.695root 11241100x8000000000000000342315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8595c9d8083d2d152021-12-21 10:24:07.695root 11241100x8000000000000000342316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0b4b168782a30c2021-12-21 10:24:07.695root 11241100x8000000000000000342317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ad9341d03e5ea92021-12-21 10:24:07.696root 11241100x8000000000000000342318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71108dc127961ac2021-12-21 10:24:07.696root 11241100x8000000000000000342319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba92ed56d6fe2162021-12-21 10:24:07.696root 11241100x8000000000000000342320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ff13131e0d6fa02021-12-21 10:24:07.696root 11241100x8000000000000000342321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2353f133fe5bc09a2021-12-21 10:24:07.696root 11241100x8000000000000000342322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02673cde002b1252021-12-21 10:24:07.696root 11241100x8000000000000000342323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf1d85202f511f42021-12-21 10:24:07.696root 11241100x8000000000000000342324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508840b80ec460282021-12-21 10:24:07.696root 11241100x8000000000000000342325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ae1522ec2a746d2021-12-21 10:24:07.696root 11241100x8000000000000000342326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5402ed0e07c501602021-12-21 10:24:07.696root 11241100x8000000000000000342327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e415ea6551ad3742021-12-21 10:24:07.697root 11241100x8000000000000000342328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6611e0dd8aa821ff2021-12-21 10:24:07.697root 11241100x8000000000000000342329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7577ad376373a3a72021-12-21 10:24:07.697root 11241100x8000000000000000342330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874dcbb036701be02021-12-21 10:24:07.697root 11241100x8000000000000000342331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf12523ca15ae102021-12-21 10:24:07.697root 11241100x8000000000000000342332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a45758a7246e852021-12-21 10:24:07.697root 11241100x8000000000000000342333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e885ac85abbfa8c72021-12-21 10:24:07.697root 11241100x8000000000000000342334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734d3ea59edbdd752021-12-21 10:24:07.697root 11241100x8000000000000000342335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af97634122fdef82021-12-21 10:24:07.697root 11241100x8000000000000000342336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e0446a0a6cc6be2021-12-21 10:24:07.697root 11241100x8000000000000000342337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51469a5f41a66cbf2021-12-21 10:24:07.698root 11241100x8000000000000000342338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017087e1ba5f6dce2021-12-21 10:24:07.698root 11241100x8000000000000000342339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e243a35014bd172021-12-21 10:24:07.698root 11241100x8000000000000000342340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fade480985e9f4f2021-12-21 10:24:07.698root 11241100x8000000000000000342341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd5c24618c457772021-12-21 10:24:07.698root 11241100x8000000000000000342342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c8139b7884c5572021-12-21 10:24:07.698root 11241100x8000000000000000342343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fcc9fd6e923f0d92021-12-21 10:24:07.698root 11241100x8000000000000000342344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c5968830febf7f2021-12-21 10:24:07.698root 11241100x8000000000000000342345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3882d87fcc82be32021-12-21 10:24:07.698root 11241100x8000000000000000342346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6b8805678dd7c32021-12-21 10:24:07.699root 11241100x8000000000000000342347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a338fe8249339b82021-12-21 10:24:07.699root 11241100x8000000000000000342348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa60cfa8987711122021-12-21 10:24:07.699root 11241100x8000000000000000342349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a015949e85caf432021-12-21 10:24:07.699root 11241100x8000000000000000342350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb33d3b3c84baa7f2021-12-21 10:24:07.699root 11241100x8000000000000000342351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b41eb575a7a62e72021-12-21 10:24:07.699root 11241100x8000000000000000342352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab5afec695e40d12021-12-21 10:24:07.699root 11241100x8000000000000000342353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac19d2f89be1f6e12021-12-21 10:24:07.699root 11241100x8000000000000000342354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f58650478cf2fe2021-12-21 10:24:07.699root 11241100x8000000000000000342355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e90add97abb86f42021-12-21 10:24:07.699root 11241100x8000000000000000342356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d5dc6e7585a8032021-12-21 10:24:07.701root 11241100x8000000000000000342357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc2912c1695c2d42021-12-21 10:24:07.701root 11241100x8000000000000000342358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:07.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175f45244f4e78292021-12-21 10:24:07.702root 11241100x8000000000000000342359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98697aa00beb3292021-12-21 10:24:08.193root 11241100x8000000000000000342360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea4b03e761f63382021-12-21 10:24:08.194root 11241100x8000000000000000342361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0eb994e5784ee12021-12-21 10:24:08.194root 11241100x8000000000000000342362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b69fae0f6705fbf2021-12-21 10:24:08.194root 11241100x8000000000000000342363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17539776068923bb2021-12-21 10:24:08.194root 11241100x8000000000000000342364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe6d5f80904fdae2021-12-21 10:24:08.194root 11241100x8000000000000000342365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb206ca68239ef4a2021-12-21 10:24:08.194root 11241100x8000000000000000342366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b3467e909df285a2021-12-21 10:24:08.194root 11241100x8000000000000000342367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453632e6d35f056f2021-12-21 10:24:08.194root 11241100x8000000000000000342368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fa887b73e4171d2021-12-21 10:24:08.194root 11241100x8000000000000000342369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b973472aaf2559d32021-12-21 10:24:08.195root 11241100x8000000000000000342370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18656996f84c2d192021-12-21 10:24:08.195root 11241100x8000000000000000342371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffb6590e71e73b012021-12-21 10:24:08.195root 11241100x8000000000000000342372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8bc56bd936148032021-12-21 10:24:08.195root 11241100x8000000000000000342373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43122e3ddebcd962021-12-21 10:24:08.195root 11241100x8000000000000000342374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdc256f96edf7742021-12-21 10:24:08.195root 11241100x8000000000000000342375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a3aa59791694482021-12-21 10:24:08.195root 11241100x8000000000000000342376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e38510bca645c692021-12-21 10:24:08.195root 11241100x8000000000000000342377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9881609d7a1e6d952021-12-21 10:24:08.195root 11241100x8000000000000000342378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae7d35465c26f6f2021-12-21 10:24:08.195root 11241100x8000000000000000342379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aba2442dc83fe152021-12-21 10:24:08.196root 11241100x8000000000000000342380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7975660631aad2732021-12-21 10:24:08.196root 11241100x8000000000000000342381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1b190b13ede1312021-12-21 10:24:08.196root 11241100x8000000000000000342382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5371d6cd191a8332021-12-21 10:24:08.196root 11241100x8000000000000000342383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26cad15ee186bb3a2021-12-21 10:24:08.196root 11241100x8000000000000000342384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43632420c3c7142b2021-12-21 10:24:08.196root 11241100x8000000000000000342385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d34ca7647a88c92021-12-21 10:24:08.196root 11241100x8000000000000000342386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be116c85ee7c77322021-12-21 10:24:08.196root 11241100x8000000000000000342387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b63130dfc4c43e2021-12-21 10:24:08.196root 11241100x8000000000000000342388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec38330aa0d50b02021-12-21 10:24:08.196root 11241100x8000000000000000342389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f359aad5fc1863262021-12-21 10:24:08.197root 11241100x8000000000000000342390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fee8ed365c5983f2021-12-21 10:24:08.197root 11241100x8000000000000000342391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e570e5eea77df7282021-12-21 10:24:08.197root 11241100x8000000000000000342392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe26511e3bf7e5492021-12-21 10:24:08.197root 11241100x8000000000000000342393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781dfceaac2168612021-12-21 10:24:08.197root 11241100x8000000000000000342394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89fb5f3837bcb9b32021-12-21 10:24:08.197root 11241100x8000000000000000342395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d591b5b568065152021-12-21 10:24:08.197root 11241100x8000000000000000342396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1d74f6657582c82021-12-21 10:24:08.197root 11241100x8000000000000000342397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5454855e1c9aeb92021-12-21 10:24:08.197root 11241100x8000000000000000342398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60666c789a020882021-12-21 10:24:08.197root 11241100x8000000000000000342399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6d07198999f8be2021-12-21 10:24:08.198root 11241100x8000000000000000342400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2357616dbdf8b5a02021-12-21 10:24:08.198root 11241100x8000000000000000342401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6dc7e87d8d80b0d2021-12-21 10:24:08.198root 11241100x8000000000000000342402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a69ef808279b622021-12-21 10:24:08.198root 11241100x8000000000000000342403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99fccabe3ee6be62021-12-21 10:24:08.198root 11241100x8000000000000000342404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06728b442c64538b2021-12-21 10:24:08.198root 11241100x8000000000000000342405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1416cb4aea03746d2021-12-21 10:24:08.198root 11241100x8000000000000000342406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fb1cccdeac02432021-12-21 10:24:08.198root 11241100x8000000000000000342407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e675d8b9433906ca2021-12-21 10:24:08.198root 11241100x8000000000000000342408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6aad4876d8af7e2021-12-21 10:24:08.198root 11241100x8000000000000000342409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d430ef3a562dd3c2021-12-21 10:24:08.199root 11241100x8000000000000000342410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3f7cef1e23aa222021-12-21 10:24:08.199root 11241100x8000000000000000342411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566d7d5ee401039b2021-12-21 10:24:08.199root 11241100x8000000000000000342412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e67ee47479f65572021-12-21 10:24:08.199root 11241100x8000000000000000342413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57bcd54f386b5a352021-12-21 10:24:08.199root 11241100x8000000000000000342414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898b8a8b8423739e2021-12-21 10:24:08.199root 11241100x8000000000000000342415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f4bd49b3f0e7db2021-12-21 10:24:08.199root 11241100x8000000000000000342416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5583ee070e0dff2021-12-21 10:24:08.199root 11241100x8000000000000000342417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f8ba2a8b6bbd182021-12-21 10:24:08.693root 11241100x8000000000000000342418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43445b6fd1c478d92021-12-21 10:24:08.693root 11241100x8000000000000000342419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74d24d1932714172021-12-21 10:24:08.693root 11241100x8000000000000000342420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a024e224921c6382021-12-21 10:24:08.693root 11241100x8000000000000000342421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09efa0922f9ddecb2021-12-21 10:24:08.694root 11241100x8000000000000000342422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a20f2ebb978bc6e2021-12-21 10:24:08.694root 11241100x8000000000000000342423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6009b26330666b9b2021-12-21 10:24:08.694root 11241100x8000000000000000342424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a2b8b443bd5de42021-12-21 10:24:08.694root 11241100x8000000000000000342425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d2ed34a46da0222021-12-21 10:24:08.694root 11241100x8000000000000000342426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb80909bef044dd2021-12-21 10:24:08.694root 11241100x8000000000000000342427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3fad3a8e41d3c862021-12-21 10:24:08.694root 11241100x8000000000000000342428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c5d7977a20f85a2021-12-21 10:24:08.694root 11241100x8000000000000000342429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e35968da674f0c2021-12-21 10:24:08.695root 11241100x8000000000000000342430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ee4ddf554fc3bf2021-12-21 10:24:08.695root 11241100x8000000000000000342431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8057829a639ba02021-12-21 10:24:08.695root 11241100x8000000000000000342432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f97d3577af549ef2021-12-21 10:24:08.695root 11241100x8000000000000000342433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92cdd7cf012fa342021-12-21 10:24:08.695root 11241100x8000000000000000342434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397923dd4f962d652021-12-21 10:24:08.695root 11241100x8000000000000000342435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496fce394bbd3e4f2021-12-21 10:24:08.695root 11241100x8000000000000000342436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1598fbb7857627d42021-12-21 10:24:08.695root 11241100x8000000000000000342437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748461dc00e054862021-12-21 10:24:08.695root 11241100x8000000000000000342438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf58a70eb9d17fc42021-12-21 10:24:08.696root 11241100x8000000000000000342439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b720410e1f315f392021-12-21 10:24:08.696root 11241100x8000000000000000342440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c756fbeeb8876a422021-12-21 10:24:08.696root 11241100x8000000000000000342441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ca0c507097a7802021-12-21 10:24:08.696root 11241100x8000000000000000342442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb76b7ac21e322c82021-12-21 10:24:08.696root 11241100x8000000000000000342443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3413d50a5dd820562021-12-21 10:24:08.696root 11241100x8000000000000000342444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e13410a2550ad6392021-12-21 10:24:08.696root 11241100x8000000000000000342445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd04af089637d1552021-12-21 10:24:08.696root 11241100x8000000000000000342446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac24e6fdb3878552021-12-21 10:24:08.696root 11241100x8000000000000000342447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f0146f2ce71e772021-12-21 10:24:08.696root 11241100x8000000000000000342448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc6536580533f0c2021-12-21 10:24:08.696root 11241100x8000000000000000342449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5bd98d52b7ce0d2021-12-21 10:24:08.697root 11241100x8000000000000000342450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0472c05a1b8ea6842021-12-21 10:24:08.697root 11241100x8000000000000000342451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76dea3256ba0f3512021-12-21 10:24:08.697root 11241100x8000000000000000342452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d800cd43040a3382021-12-21 10:24:08.697root 11241100x8000000000000000342453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b325c72253b4322021-12-21 10:24:08.697root 11241100x8000000000000000342454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8393e2d896654f02021-12-21 10:24:08.697root 11241100x8000000000000000342455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c139ccc4f139473c2021-12-21 10:24:08.697root 11241100x8000000000000000342456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4753fe46c1a993a2021-12-21 10:24:08.697root 11241100x8000000000000000342457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e273fe48a5b4ba552021-12-21 10:24:08.697root 11241100x8000000000000000342458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adbeee51f0bebfa12021-12-21 10:24:08.697root 11241100x8000000000000000342459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8a401189c32d372021-12-21 10:24:08.697root 11241100x8000000000000000342460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501ad4bd86ebdb442021-12-21 10:24:09.193root 11241100x8000000000000000342461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e478303f7462212021-12-21 10:24:09.193root 11241100x8000000000000000342462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31b4d65814611b52021-12-21 10:24:09.193root 11241100x8000000000000000342463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35406744d2e5dba82021-12-21 10:24:09.193root 11241100x8000000000000000342464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08468322b8d2b1742021-12-21 10:24:09.193root 11241100x8000000000000000342465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4149f90600a406872021-12-21 10:24:09.193root 11241100x8000000000000000342466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f63ff3cbb77cd482021-12-21 10:24:09.193root 11241100x8000000000000000342467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9be761e8ea514d92021-12-21 10:24:09.194root 11241100x8000000000000000342468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d639fccf89259f512021-12-21 10:24:09.194root 11241100x8000000000000000342469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434efa8a610848832021-12-21 10:24:09.194root 11241100x8000000000000000342470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d486130ceddc44a22021-12-21 10:24:09.194root 11241100x8000000000000000342471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b7c3045e5dfa8f2021-12-21 10:24:09.194root 11241100x8000000000000000342472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2075d6aaa449fb2021-12-21 10:24:09.194root 11241100x8000000000000000342473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630c29db1a6b435e2021-12-21 10:24:09.194root 11241100x8000000000000000342474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5aca3f82454cc52021-12-21 10:24:09.194root 11241100x8000000000000000342475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a62565385e67f12021-12-21 10:24:09.194root 11241100x8000000000000000342476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb4d98073a59a842021-12-21 10:24:09.194root 11241100x8000000000000000342477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479fd86707cd87b22021-12-21 10:24:09.194root 11241100x8000000000000000342478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127b9c0f22eb92932021-12-21 10:24:09.194root 11241100x8000000000000000342479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954b6bc852692c8e2021-12-21 10:24:09.194root 11241100x8000000000000000342480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39a252af506a3c92021-12-21 10:24:09.195root 11241100x8000000000000000342481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d362b68c4fbc0552021-12-21 10:24:09.195root 11241100x8000000000000000342482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55603be73834e5422021-12-21 10:24:09.195root 11241100x8000000000000000342483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597d4aee25c309bd2021-12-21 10:24:09.195root 11241100x8000000000000000342484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27cf69e23cf341092021-12-21 10:24:09.195root 11241100x8000000000000000342485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06feaf98f24e9062021-12-21 10:24:09.195root 11241100x8000000000000000342486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d601df03f964e18b2021-12-21 10:24:09.195root 11241100x8000000000000000342487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bfdcbd02a8d3caf2021-12-21 10:24:09.195root 11241100x8000000000000000342488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920440ee760b04d72021-12-21 10:24:09.195root 11241100x8000000000000000342489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac64fdd3b9b53122021-12-21 10:24:09.195root 11241100x8000000000000000342490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb51bdc1bf57b802021-12-21 10:24:09.196root 11241100x8000000000000000342491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8fb70b68423b9d52021-12-21 10:24:09.196root 11241100x8000000000000000342492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f645b6b239105b72021-12-21 10:24:09.196root 11241100x8000000000000000342493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81550d8990c6d5e2021-12-21 10:24:09.196root 11241100x8000000000000000342494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c963cc1c82d432c92021-12-21 10:24:09.196root 11241100x8000000000000000342495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5778a2eda49766352021-12-21 10:24:09.196root 11241100x8000000000000000342496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.168f8e5bdd6ca9b92021-12-21 10:24:09.196root 11241100x8000000000000000342497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0beb20269d53ef072021-12-21 10:24:09.196root 11241100x8000000000000000342498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ea529307b0c9562021-12-21 10:24:09.196root 11241100x8000000000000000342499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54beb82656a920fc2021-12-21 10:24:09.196root 11241100x8000000000000000342500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b12e35026d7f1c2021-12-21 10:24:09.196root 11241100x8000000000000000342501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e1cd438fb3da962021-12-21 10:24:09.196root 11241100x8000000000000000342502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1cd877514bf50a22021-12-21 10:24:09.196root 11241100x8000000000000000342503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66bdac4aaed43232021-12-21 10:24:09.197root 11241100x8000000000000000342504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26493c1c319f20ca2021-12-21 10:24:09.197root 11241100x8000000000000000342505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58390052f5ab47fa2021-12-21 10:24:09.197root 11241100x8000000000000000342506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac3459dd28f83902021-12-21 10:24:09.197root 11241100x8000000000000000342507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13b04f18a643c852021-12-21 10:24:09.197root 11241100x8000000000000000342508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7494963632eb15712021-12-21 10:24:09.197root 11241100x8000000000000000342509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842f26c900fc58cd2021-12-21 10:24:09.197root 11241100x8000000000000000342510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f037a178bccae02021-12-21 10:24:09.197root 11241100x8000000000000000342511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e189499412ad6d782021-12-21 10:24:09.197root 11241100x8000000000000000342512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad705b05f70e8c5d2021-12-21 10:24:09.197root 11241100x8000000000000000342513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65692ca56bea413c2021-12-21 10:24:09.197root 11241100x8000000000000000342514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8612e5c018407b2021-12-21 10:24:09.197root 11241100x8000000000000000342515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95e0cc84be6c2772021-12-21 10:24:09.197root 11241100x8000000000000000342516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce1aa701a48929f2021-12-21 10:24:09.198root 11241100x8000000000000000342517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27191a135df4c3cf2021-12-21 10:24:09.198root 11241100x8000000000000000342518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6392df5e931f244c2021-12-21 10:24:09.198root 11241100x8000000000000000342519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd0e94d0bcfce7c2021-12-21 10:24:09.198root 11241100x8000000000000000342520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69764cc0385ada102021-12-21 10:24:09.198root 11241100x8000000000000000342521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adcee579ef5d9fff2021-12-21 10:24:09.198root 11241100x8000000000000000342522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.764e514011836f4c2021-12-21 10:24:09.198root 11241100x8000000000000000342523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64ac726ae20e2b42021-12-21 10:24:09.198root 11241100x8000000000000000342524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8283329758f47f912021-12-21 10:24:09.198root 11241100x8000000000000000342525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac3b1fdf2f4788a2021-12-21 10:24:09.198root 11241100x8000000000000000342526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cdf793bb503005a2021-12-21 10:24:09.198root 11241100x8000000000000000342527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1cf78f18b79b162021-12-21 10:24:09.198root 23542300x8000000000000000342528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.350{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000342529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b9e285c8a04d932021-12-21 10:24:09.693root 11241100x8000000000000000342530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305cb125b9c7f8812021-12-21 10:24:09.693root 11241100x8000000000000000342531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf6426984dd50182021-12-21 10:24:09.693root 11241100x8000000000000000342532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5752be5a9875f87b2021-12-21 10:24:09.693root 11241100x8000000000000000342533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d140bbd0bd00882021-12-21 10:24:09.694root 11241100x8000000000000000342534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1393d4a991a6f82021-12-21 10:24:09.694root 11241100x8000000000000000342535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0880d857014000532021-12-21 10:24:09.694root 11241100x8000000000000000342536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efceddd10d32701b2021-12-21 10:24:09.694root 11241100x8000000000000000342537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e22903b5b9c6792021-12-21 10:24:09.694root 11241100x8000000000000000342538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd590fcc2cdd96a2021-12-21 10:24:09.695root 11241100x8000000000000000342539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5b611ed5debe902021-12-21 10:24:09.695root 11241100x8000000000000000342540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3006af702dac9382021-12-21 10:24:09.695root 11241100x8000000000000000342541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce46fa612e343a612021-12-21 10:24:09.695root 11241100x8000000000000000342542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3cbafd9cb0c94642021-12-21 10:24:09.695root 11241100x8000000000000000342543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30eaf614cdcb95272021-12-21 10:24:09.695root 11241100x8000000000000000342544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14cab24fb71486e2021-12-21 10:24:09.695root 11241100x8000000000000000342545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469f4c10bdebdd012021-12-21 10:24:09.695root 11241100x8000000000000000342546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d2366ac9a02ac42021-12-21 10:24:09.696root 11241100x8000000000000000342547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be90be79daf86b62021-12-21 10:24:09.696root 11241100x8000000000000000342548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8857fa844643ba2021-12-21 10:24:09.696root 11241100x8000000000000000342549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837743f9b04a745d2021-12-21 10:24:09.696root 11241100x8000000000000000342550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1038e7fb20893a062021-12-21 10:24:09.696root 11241100x8000000000000000342551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1a01f395882e332021-12-21 10:24:09.696root 11241100x8000000000000000342552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df6d4cf1389b03f2021-12-21 10:24:09.696root 11241100x8000000000000000342553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98eccea11057496d2021-12-21 10:24:09.696root 11241100x8000000000000000342554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f8e896220d1bfe2021-12-21 10:24:09.696root 11241100x8000000000000000342555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1abab298163ca12021-12-21 10:24:09.697root 11241100x8000000000000000342556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28741e0eec88a1a82021-12-21 10:24:09.697root 11241100x8000000000000000342557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.630a6d61a80744012021-12-21 10:24:09.697root 11241100x8000000000000000342558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2a998f4e702ae32021-12-21 10:24:09.697root 11241100x8000000000000000342559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31379494cb9f4382021-12-21 10:24:09.697root 11241100x8000000000000000342560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b39976df43e3ce2021-12-21 10:24:09.697root 11241100x8000000000000000342561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0994a762dcd4b70b2021-12-21 10:24:09.697root 11241100x8000000000000000342562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb4c88ec3ba54eb2021-12-21 10:24:09.697root 11241100x8000000000000000342563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87afbe9c970acd32021-12-21 10:24:09.697root 11241100x8000000000000000342564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc3fd5f3f6d25772021-12-21 10:24:09.697root 11241100x8000000000000000342565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fd5e01e52279ee2021-12-21 10:24:09.697root 11241100x8000000000000000342566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0f9540f6ff367c2021-12-21 10:24:09.698root 11241100x8000000000000000342567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a426806e98ac61d2021-12-21 10:24:09.698root 11241100x8000000000000000342568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5aca7baacd3d0222021-12-21 10:24:09.698root 11241100x8000000000000000342569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfcd155f68212b1d2021-12-21 10:24:09.698root 11241100x8000000000000000342570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7d63c8aa5ea2c32021-12-21 10:24:09.698root 11241100x8000000000000000342571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5fe478d8fe880112021-12-21 10:24:09.698root 11241100x8000000000000000342572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1968d6a0685026772021-12-21 10:24:09.698root 11241100x8000000000000000342573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cac05cb162f06a62021-12-21 10:24:09.698root 11241100x8000000000000000342574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa38cbcde2ebc072021-12-21 10:24:09.698root 11241100x8000000000000000342575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60001df724db7d402021-12-21 10:24:09.698root 11241100x8000000000000000342576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5184be949cc7332021-12-21 10:24:09.698root 11241100x8000000000000000342577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be9b06142bc11762021-12-21 10:24:09.698root 11241100x8000000000000000342578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d911539eee52b5e52021-12-21 10:24:09.699root 11241100x8000000000000000342579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f220132fc09fd4512021-12-21 10:24:09.699root 11241100x8000000000000000342580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a7408c8ce77d1d2021-12-21 10:24:09.699root 11241100x8000000000000000342581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422297ed2348cd072021-12-21 10:24:09.699root 11241100x8000000000000000342582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9b3e11958d056e2021-12-21 10:24:09.699root 11241100x8000000000000000342583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c3cf5bf71581432021-12-21 10:24:09.699root 11241100x8000000000000000342584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:09.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23d7f15af5a05c32021-12-21 10:24:09.699root 11241100x8000000000000000342585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6b18ca90908ef82021-12-21 10:24:10.193root 11241100x8000000000000000342586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7652c92ca54ea72b2021-12-21 10:24:10.193root 11241100x8000000000000000342587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74884ac0e4cca3082021-12-21 10:24:10.193root 11241100x8000000000000000342588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfff2d206b2eadb2021-12-21 10:24:10.193root 11241100x8000000000000000342589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f814b110495c736a2021-12-21 10:24:10.193root 11241100x8000000000000000342590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7ab72235fa19f92021-12-21 10:24:10.193root 11241100x8000000000000000342591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2024602ddeb642992021-12-21 10:24:10.193root 11241100x8000000000000000342592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9854265b67be772021-12-21 10:24:10.193root 11241100x8000000000000000342593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fbe24be7645708a2021-12-21 10:24:10.193root 11241100x8000000000000000342594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd752246722c1f62021-12-21 10:24:10.194root 11241100x8000000000000000342595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81c92c096a41e682021-12-21 10:24:10.194root 11241100x8000000000000000342596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f50354560b0aa972021-12-21 10:24:10.194root 11241100x8000000000000000342597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b33a491cbcee222021-12-21 10:24:10.194root 11241100x8000000000000000342598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a530a5292a6fbbde2021-12-21 10:24:10.194root 11241100x8000000000000000342599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cceaf3dd3c5657b62021-12-21 10:24:10.194root 11241100x8000000000000000342600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c96beaee51736b02021-12-21 10:24:10.194root 11241100x8000000000000000342601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b30d74ad439d5672021-12-21 10:24:10.194root 11241100x8000000000000000342602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e09ff9456ae4f42021-12-21 10:24:10.194root 11241100x8000000000000000342603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3757bdfb0d7674a12021-12-21 10:24:10.194root 11241100x8000000000000000342604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441958be98a057152021-12-21 10:24:10.194root 11241100x8000000000000000342605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc990102df72551f2021-12-21 10:24:10.194root 11241100x8000000000000000342606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230573e3b9dc51752021-12-21 10:24:10.195root 11241100x8000000000000000342607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2d472e0e0e31252021-12-21 10:24:10.195root 11241100x8000000000000000342608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e49263f0a5b0e3d2021-12-21 10:24:10.195root 11241100x8000000000000000342609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889a1b1ce7cddb3e2021-12-21 10:24:10.195root 11241100x8000000000000000342610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62cd82bb71985b152021-12-21 10:24:10.195root 11241100x8000000000000000342611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92f6f6fcd36d4eb2021-12-21 10:24:10.195root 11241100x8000000000000000342612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e78689c57d5b562021-12-21 10:24:10.195root 11241100x8000000000000000342613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047bf26d18750a4a2021-12-21 10:24:10.195root 11241100x8000000000000000342614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26333ec264b523ba2021-12-21 10:24:10.195root 11241100x8000000000000000342615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0989a729d00724012021-12-21 10:24:10.195root 11241100x8000000000000000342616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cde4a3042d03b0c2021-12-21 10:24:10.196root 11241100x8000000000000000342617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4db3606d4910fa2021-12-21 10:24:10.196root 11241100x8000000000000000342618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081eb95ae8726c2b2021-12-21 10:24:10.196root 11241100x8000000000000000342619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a56c6dbbd9e7c2672021-12-21 10:24:10.196root 11241100x8000000000000000342620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f32601becce1be72021-12-21 10:24:10.196root 11241100x8000000000000000342621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b25b4118bf1deb2021-12-21 10:24:10.196root 11241100x8000000000000000342622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54bb097662325f42021-12-21 10:24:10.196root 11241100x8000000000000000342623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9df68ab912abb0d2021-12-21 10:24:10.196root 11241100x8000000000000000342624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d14ce300d0d80d2021-12-21 10:24:10.196root 11241100x8000000000000000342625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9810636ba2fb26f92021-12-21 10:24:10.196root 11241100x8000000000000000342626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78e013d356f2d392021-12-21 10:24:10.197root 11241100x8000000000000000342627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ea41155f2b26442021-12-21 10:24:10.197root 11241100x8000000000000000342628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e265d93e1731d3b52021-12-21 10:24:10.197root 11241100x8000000000000000342629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4785daf7ff2028262021-12-21 10:24:10.197root 11241100x8000000000000000342630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7278dc1a528508962021-12-21 10:24:10.197root 11241100x8000000000000000342631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2284632b1b2a0ba02021-12-21 10:24:10.197root 11241100x8000000000000000342632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf36f83b0e984c02021-12-21 10:24:10.197root 11241100x8000000000000000342633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e51c2c28b398d92021-12-21 10:24:10.197root 11241100x8000000000000000342634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad34646998f282102021-12-21 10:24:10.197root 11241100x8000000000000000342635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d612bc3c7d0390d72021-12-21 10:24:10.198root 11241100x8000000000000000342636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be706bbb4697a902021-12-21 10:24:10.198root 11241100x8000000000000000342637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fd00c64fd442482021-12-21 10:24:10.198root 11241100x8000000000000000342638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8ca354b003898b2021-12-21 10:24:10.198root 11241100x8000000000000000342639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bafbe7193356406a2021-12-21 10:24:10.198root 11241100x8000000000000000342640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33dd354c35f01bc82021-12-21 10:24:10.198root 11241100x8000000000000000342641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44a19e1ce3927162021-12-21 10:24:10.198root 11241100x8000000000000000342642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d24a2908663ac202021-12-21 10:24:10.198root 11241100x8000000000000000342643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c67bd2ace556ecf2021-12-21 10:24:10.198root 11241100x8000000000000000342644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eea0906f21cc1fc2021-12-21 10:24:10.198root 11241100x8000000000000000342645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4951c041b883c9e2021-12-21 10:24:10.198root 11241100x8000000000000000342646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0eaa8ea065c74622021-12-21 10:24:10.199root 11241100x8000000000000000342647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f935d2bbbc8fdcb52021-12-21 10:24:10.199root 11241100x8000000000000000342648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c51cea3d2a021b2021-12-21 10:24:10.199root 11241100x8000000000000000342649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc611a11bcfc96a52021-12-21 10:24:10.199root 11241100x8000000000000000342650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f384aaab707f5bbf2021-12-21 10:24:10.693root 11241100x8000000000000000342651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f7a6d9c3d5b6572021-12-21 10:24:10.693root 11241100x8000000000000000342652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ec91235a3d5e122021-12-21 10:24:10.693root 11241100x8000000000000000342653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca54b4cdc7cb12632021-12-21 10:24:10.693root 11241100x8000000000000000342654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a0757a9386b92b2021-12-21 10:24:10.694root 11241100x8000000000000000342655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1e377cb92981fa2021-12-21 10:24:10.694root 11241100x8000000000000000342656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7128fefabf71c9192021-12-21 10:24:10.694root 11241100x8000000000000000342657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.effe64245f084ba22021-12-21 10:24:10.694root 11241100x8000000000000000342658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032614b6c2c7295f2021-12-21 10:24:10.694root 11241100x8000000000000000342659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9538910dfdf4712021-12-21 10:24:10.694root 11241100x8000000000000000342660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb11c10ec6fc71232021-12-21 10:24:10.694root 11241100x8000000000000000342661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49bc4f9d3c067152021-12-21 10:24:10.694root 11241100x8000000000000000342662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c96f5336de5f5bf2021-12-21 10:24:10.694root 11241100x8000000000000000342663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c330a1f127de77b52021-12-21 10:24:10.694root 11241100x8000000000000000342664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8c554d2190b3592021-12-21 10:24:10.694root 11241100x8000000000000000342665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1292eaa5fed914242021-12-21 10:24:10.695root 11241100x8000000000000000342666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0108632d1cec9352021-12-21 10:24:10.695root 11241100x8000000000000000342667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7b2f04b55a1c5a2021-12-21 10:24:10.695root 11241100x8000000000000000342668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7bb3e4109d34882021-12-21 10:24:10.695root 11241100x8000000000000000342669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f874b2746a27f372021-12-21 10:24:10.695root 11241100x8000000000000000342670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c603b9e3c8c8a7112021-12-21 10:24:10.695root 11241100x8000000000000000342671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e3c5af869510292021-12-21 10:24:10.695root 11241100x8000000000000000342672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a38009d8b81b7e2021-12-21 10:24:10.695root 11241100x8000000000000000342673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae12da8101bd4f772021-12-21 10:24:10.695root 11241100x8000000000000000342674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab1e187c89a374e2021-12-21 10:24:10.696root 11241100x8000000000000000342675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22444054ea65e5d52021-12-21 10:24:10.696root 11241100x8000000000000000342676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623b577fb7c327f72021-12-21 10:24:10.696root 11241100x8000000000000000342677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5febf34b679c9e1d2021-12-21 10:24:10.696root 11241100x8000000000000000342678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296560e107d3bef52021-12-21 10:24:10.696root 11241100x8000000000000000342679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7472607ef0e8d3782021-12-21 10:24:10.696root 11241100x8000000000000000342680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa6fc224b77c09c2021-12-21 10:24:10.696root 11241100x8000000000000000342681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3dad550ed74f2f2021-12-21 10:24:10.696root 11241100x8000000000000000342682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6cec2c4b9423b82021-12-21 10:24:10.696root 11241100x8000000000000000342683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0024a93ac168042021-12-21 10:24:10.697root 11241100x8000000000000000342684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab21b04d9e00a29f2021-12-21 10:24:10.697root 11241100x8000000000000000342685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d98a8f2edaec9512021-12-21 10:24:10.697root 11241100x8000000000000000342686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80dc05abeb761c6a2021-12-21 10:24:10.697root 11241100x8000000000000000342687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c3a2ca07d7a8b82021-12-21 10:24:10.697root 11241100x8000000000000000342688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5047366dccb4222021-12-21 10:24:10.697root 11241100x8000000000000000342689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b65353cb7c0cd32021-12-21 10:24:10.697root 11241100x8000000000000000342690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9e704074be764d2021-12-21 10:24:10.697root 11241100x8000000000000000342691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d703ff22d6e2702021-12-21 10:24:10.697root 11241100x8000000000000000342692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805ceab7e69f5e982021-12-21 10:24:10.697root 11241100x8000000000000000342693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55f36f2c9c555fa2021-12-21 10:24:10.698root 11241100x8000000000000000342694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:10.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cdf922d5ebb58102021-12-21 10:24:10.698root 354300x8000000000000000342695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.067{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47046-false10.0.1.12-8000- 11241100x8000000000000000342696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebced0f3762b5c5c2021-12-21 10:24:11.068root 11241100x8000000000000000342697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.068{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834f8ce6ddf52fbc2021-12-21 10:24:11.068root 11241100x8000000000000000342698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7293b73902dc950b2021-12-21 10:24:11.069root 11241100x8000000000000000342699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d034a7e642cd09292021-12-21 10:24:11.069root 11241100x8000000000000000342700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f74b93db4c51dea2021-12-21 10:24:11.069root 11241100x8000000000000000342701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.069{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92dddecf113073af2021-12-21 10:24:11.069root 11241100x8000000000000000342702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.070{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec44295284304902021-12-21 10:24:11.070root 11241100x8000000000000000342703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.070{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f05449f6d76eb1f2021-12-21 10:24:11.070root 11241100x8000000000000000342704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.070{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13048de442b852d2021-12-21 10:24:11.070root 11241100x8000000000000000342705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.070{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c66cd85db90e4182021-12-21 10:24:11.070root 11241100x8000000000000000342706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.071{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da226f86a28aa492021-12-21 10:24:11.071root 11241100x8000000000000000342707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.071{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd011f7a79551a72021-12-21 10:24:11.071root 11241100x8000000000000000342708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.071{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ff6c908c2fc5b72021-12-21 10:24:11.071root 11241100x8000000000000000342709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.072{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65344e0311b844e42021-12-21 10:24:11.072root 11241100x8000000000000000342710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.072{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b951d6c6dd90a12021-12-21 10:24:11.072root 11241100x8000000000000000342711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.072{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348d3524b0b6787f2021-12-21 10:24:11.072root 11241100x8000000000000000342712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.072{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9c02a22e2abcc52021-12-21 10:24:11.072root 11241100x8000000000000000342713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.073{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e0b0b466ff16162021-12-21 10:24:11.073root 11241100x8000000000000000342714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.073{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67430b714c3fa96b2021-12-21 10:24:11.073root 11241100x8000000000000000342715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.073{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ebfc7beb3f1d91c2021-12-21 10:24:11.073root 11241100x8000000000000000342716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.073{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591269279cbe03a92021-12-21 10:24:11.073root 11241100x8000000000000000342717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.073{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a80323d37bd7e882021-12-21 10:24:11.073root 11241100x8000000000000000342718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.074{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539f762964871c162021-12-21 10:24:11.074root 11241100x8000000000000000342719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.074{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961e05220fa0c8342021-12-21 10:24:11.074root 11241100x8000000000000000342720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.074{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd602a64f546c9252021-12-21 10:24:11.074root 11241100x8000000000000000342721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.074{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e536c5ef1d344a2021-12-21 10:24:11.074root 11241100x8000000000000000342722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.075{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e56bd1262f8626072021-12-21 10:24:11.075root 11241100x8000000000000000342723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.075{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033081c6cd1ca5dd2021-12-21 10:24:11.075root 11241100x8000000000000000342724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.075{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5d4556d653db972021-12-21 10:24:11.075root 11241100x8000000000000000342725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.075{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d7ae83eaadc4ef2021-12-21 10:24:11.075root 11241100x8000000000000000342726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.075{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836c099ac9c229bb2021-12-21 10:24:11.075root 11241100x8000000000000000342727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.075{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c71f2aa068860a2021-12-21 10:24:11.075root 11241100x8000000000000000342728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.076{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a8e68dce9a088c2021-12-21 10:24:11.076root 11241100x8000000000000000342729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.076{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4716e3c11c449722021-12-21 10:24:11.076root 11241100x8000000000000000342730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.076{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84295b4b9b6771f2021-12-21 10:24:11.076root 11241100x8000000000000000342731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.076{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b533578ef49a48002021-12-21 10:24:11.076root 11241100x8000000000000000342732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.076{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a59fbee941a5ce2021-12-21 10:24:11.076root 11241100x8000000000000000342733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.076{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281af9f5430151112021-12-21 10:24:11.076root 11241100x8000000000000000342734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.077{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068a44027749266f2021-12-21 10:24:11.077root 11241100x8000000000000000342735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.077{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43c64bd9d6da78e2021-12-21 10:24:11.077root 11241100x8000000000000000342736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.077{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd7fec3d762f0982021-12-21 10:24:11.077root 11241100x8000000000000000342737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.077{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d897f163b9cf29d2021-12-21 10:24:11.077root 11241100x8000000000000000342738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.077{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ac5dd66203a3342021-12-21 10:24:11.077root 11241100x8000000000000000342739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.077{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0fbacdef0d07712021-12-21 10:24:11.077root 11241100x8000000000000000342740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.077{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e13071c4a4c4cc9b2021-12-21 10:24:11.077root 11241100x8000000000000000342741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.077{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f18a3af70fcbf32021-12-21 10:24:11.077root 11241100x8000000000000000342742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.077{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf24c0305405b982021-12-21 10:24:11.077root 11241100x8000000000000000342743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4391c8a173b66202021-12-21 10:24:11.078root 11241100x8000000000000000342744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2bfa9f584e07abd2021-12-21 10:24:11.078root 11241100x8000000000000000342745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.078{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f6b2b08ddd1a122021-12-21 10:24:11.078root 11241100x8000000000000000342746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c874875524d4e5a2021-12-21 10:24:11.443root 11241100x8000000000000000342747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53cbb6c18aaa9d382021-12-21 10:24:11.443root 11241100x8000000000000000342748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d807ce89deb978742021-12-21 10:24:11.443root 11241100x8000000000000000342749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2cfecc3896a2eb92021-12-21 10:24:11.444root 11241100x8000000000000000342750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c7e3d2e475f12d2021-12-21 10:24:11.444root 11241100x8000000000000000342751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ffd6cab182309852021-12-21 10:24:11.444root 11241100x8000000000000000342752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855d022a038288dc2021-12-21 10:24:11.444root 11241100x8000000000000000342753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72966ccc5762b4912021-12-21 10:24:11.444root 11241100x8000000000000000342754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64110de6d2880abf2021-12-21 10:24:11.444root 11241100x8000000000000000342755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fa4dcd1f2bfa7d52021-12-21 10:24:11.444root 11241100x8000000000000000342756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0729750db4a0f62021-12-21 10:24:11.444root 11241100x8000000000000000342757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9a104c7e6449a22021-12-21 10:24:11.444root 11241100x8000000000000000342758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4b26e6fd37fb012021-12-21 10:24:11.444root 11241100x8000000000000000342759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277801914d11ab872021-12-21 10:24:11.444root 11241100x8000000000000000342760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2747e124a10bf232021-12-21 10:24:11.444root 11241100x8000000000000000342761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ac36fc860c77812021-12-21 10:24:11.444root 11241100x8000000000000000342762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4824031cd581da432021-12-21 10:24:11.444root 11241100x8000000000000000342763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec8115dcd89d7492021-12-21 10:24:11.444root 11241100x8000000000000000342764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecae95808ab64ba52021-12-21 10:24:11.444root 11241100x8000000000000000342765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ee9b6d368d057b2021-12-21 10:24:11.444root 11241100x8000000000000000342766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7778ea5fbdc9c1852021-12-21 10:24:11.445root 11241100x8000000000000000342767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acfffe951d168e942021-12-21 10:24:11.445root 11241100x8000000000000000342768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa4bf08a2079d9a2021-12-21 10:24:11.445root 11241100x8000000000000000342769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5fdff3588fbaeb2021-12-21 10:24:11.445root 11241100x8000000000000000342770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50ed9ef0e2837d02021-12-21 10:24:11.445root 11241100x8000000000000000342771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c0a665bb1a36fe2021-12-21 10:24:11.445root 11241100x8000000000000000342772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a5e19a0ce5c5612021-12-21 10:24:11.445root 11241100x8000000000000000342773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866e443c011535372021-12-21 10:24:11.445root 11241100x8000000000000000342774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b41c4234ad60852021-12-21 10:24:11.445root 11241100x8000000000000000342775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56196da3c6949c002021-12-21 10:24:11.445root 11241100x8000000000000000342776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e943d1dfe8bfd8902021-12-21 10:24:11.445root 11241100x8000000000000000342777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fee9a868c7fcdb22021-12-21 10:24:11.445root 11241100x8000000000000000342778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0dcbc138c327602021-12-21 10:24:11.445root 11241100x8000000000000000342779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6718674abb25e9a2021-12-21 10:24:11.445root 11241100x8000000000000000342780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cea89c1214683b2021-12-21 10:24:11.445root 11241100x8000000000000000342781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b39643f819dc3682021-12-21 10:24:11.445root 11241100x8000000000000000342782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d83d067ffe69b50c2021-12-21 10:24:11.446root 11241100x8000000000000000342783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66333628a750a4a52021-12-21 10:24:11.446root 11241100x8000000000000000342784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e486e91e10f258a02021-12-21 10:24:11.446root 11241100x8000000000000000342785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b2e573418130872021-12-21 10:24:11.446root 11241100x8000000000000000342786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc39bd4d5c7876d62021-12-21 10:24:11.446root 11241100x8000000000000000342787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d9814f34bf48062021-12-21 10:24:11.446root 11241100x8000000000000000342788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed1bfdc8209a9182021-12-21 10:24:11.446root 11241100x8000000000000000342789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8282be9b67904bc72021-12-21 10:24:11.446root 11241100x8000000000000000342790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c3131ff8de69f72021-12-21 10:24:11.446root 11241100x8000000000000000342791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05966da3c0df13422021-12-21 10:24:11.446root 11241100x8000000000000000342792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904360b7be8937102021-12-21 10:24:11.447root 11241100x8000000000000000342793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7327f1790925cc712021-12-21 10:24:11.447root 11241100x8000000000000000342794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b945ac9caf431d2021-12-21 10:24:11.447root 11241100x8000000000000000342795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9694736f8840aba42021-12-21 10:24:11.447root 11241100x8000000000000000342796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c04c16ac0d2d03d2021-12-21 10:24:11.447root 11241100x8000000000000000342797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634548df133616a32021-12-21 10:24:11.447root 11241100x8000000000000000342798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987287e3ceefa1002021-12-21 10:24:11.447root 11241100x8000000000000000342799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604be377853c2bbb2021-12-21 10:24:11.447root 11241100x8000000000000000342800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b0e20e7746cc302021-12-21 10:24:11.448root 11241100x8000000000000000342801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9dc3344a2282ecb2021-12-21 10:24:11.448root 11241100x8000000000000000342802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21fb990ae68285f82021-12-21 10:24:11.448root 11241100x8000000000000000342803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd69c53582fa83e52021-12-21 10:24:11.448root 11241100x8000000000000000342804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd14a4b7977afeab2021-12-21 10:24:11.448root 11241100x8000000000000000342805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18853cb7eaac7c0f2021-12-21 10:24:11.448root 11241100x8000000000000000342806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf14782e8bb51982021-12-21 10:24:11.448root 11241100x8000000000000000342807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3e9db5caf9498092021-12-21 10:24:11.448root 11241100x8000000000000000342808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba723a1efdf28ae32021-12-21 10:24:11.448root 11241100x8000000000000000342809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bea187d365f7b352021-12-21 10:24:11.448root 11241100x8000000000000000342810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d13125fc05e6072021-12-21 10:24:11.448root 11241100x8000000000000000342811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab340bdf9e3f67542021-12-21 10:24:11.448root 11241100x8000000000000000342812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d775345a92c8b2c2021-12-21 10:24:11.448root 11241100x8000000000000000342813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523a79342f68bc202021-12-21 10:24:11.448root 11241100x8000000000000000342814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8d2d2549242fbd2021-12-21 10:24:11.448root 11241100x8000000000000000342815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca361e49b40eae82021-12-21 10:24:11.448root 11241100x8000000000000000342816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3c6ab21d0fabec2021-12-21 10:24:11.449root 11241100x8000000000000000342817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbe57933383467992021-12-21 10:24:11.449root 11241100x8000000000000000342818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104795a81789bca42021-12-21 10:24:11.449root 11241100x8000000000000000342819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76845da209dda8ef2021-12-21 10:24:11.449root 11241100x8000000000000000342820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c4616bb153c8942021-12-21 10:24:11.449root 11241100x8000000000000000342821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0bd7a98aae46772021-12-21 10:24:11.449root 11241100x8000000000000000342822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79ac16fc5217aee2021-12-21 10:24:11.449root 11241100x8000000000000000342823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9856bd6e59b43a32021-12-21 10:24:11.449root 11241100x8000000000000000342824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b8cf08989b0ac632021-12-21 10:24:11.449root 11241100x8000000000000000342825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bfc1714d10be1fc2021-12-21 10:24:11.449root 11241100x8000000000000000342826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de70e348b67334d82021-12-21 10:24:11.449root 11241100x8000000000000000342827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af986799bfeaf0fd2021-12-21 10:24:11.450root 11241100x8000000000000000342828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b8bdb512bd24202021-12-21 10:24:11.450root 11241100x8000000000000000342829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e4a0d0a99d91ef2021-12-21 10:24:11.450root 11241100x8000000000000000342830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483138399c4c9a412021-12-21 10:24:11.450root 11241100x8000000000000000342831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba41db92d880b8532021-12-21 10:24:11.450root 11241100x8000000000000000342832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e09f83b49532302021-12-21 10:24:11.450root 11241100x8000000000000000342833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223803f9da6b45632021-12-21 10:24:11.450root 11241100x8000000000000000342834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a66d693b0f520f2021-12-21 10:24:11.450root 11241100x8000000000000000342835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b034210f3683ca2021-12-21 10:24:11.450root 11241100x8000000000000000342836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3cf167d0b071ec2021-12-21 10:24:11.451root 11241100x8000000000000000342837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14fdaf90ff366172021-12-21 10:24:11.451root 11241100x8000000000000000342838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba07c2a7bd6b71c62021-12-21 10:24:11.451root 11241100x8000000000000000342839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bd1f1f6f89969d32021-12-21 10:24:11.451root 11241100x8000000000000000342840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30db29d4aa6422652021-12-21 10:24:11.451root 11241100x8000000000000000342841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3ccbd0f776719a2021-12-21 10:24:11.451root 11241100x8000000000000000342842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02dd9862ee640f92021-12-21 10:24:11.451root 11241100x8000000000000000342843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbecd7fc343589d82021-12-21 10:24:11.451root 11241100x8000000000000000342844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f9f26f8718959c2021-12-21 10:24:11.451root 11241100x8000000000000000342845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff844a2fa0fed5d62021-12-21 10:24:11.453root 11241100x8000000000000000342846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf7362418bc1e3b2021-12-21 10:24:11.453root 11241100x8000000000000000342847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326680c7de85ed902021-12-21 10:24:11.453root 11241100x8000000000000000342848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a5faf92e578c282021-12-21 10:24:11.453root 11241100x8000000000000000342849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97fa69a1d262c332021-12-21 10:24:11.455root 11241100x8000000000000000342850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5c965097217c952021-12-21 10:24:11.455root 11241100x8000000000000000342851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00474386e26645a62021-12-21 10:24:11.455root 11241100x8000000000000000342852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4f2e7dcfd3330e2021-12-21 10:24:11.455root 11241100x8000000000000000342853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409a28d0c3abd8902021-12-21 10:24:11.455root 11241100x8000000000000000342854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6074e362b463d3372021-12-21 10:24:11.455root 11241100x8000000000000000342855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d1cc23d21718992021-12-21 10:24:11.455root 11241100x8000000000000000342856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d0bd6cbf2a331b2021-12-21 10:24:11.455root 11241100x8000000000000000342857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f98de335330711b2021-12-21 10:24:11.455root 11241100x8000000000000000342858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f08ff9c0b7578202021-12-21 10:24:11.455root 11241100x8000000000000000342859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce69d0cda844463d2021-12-21 10:24:11.456root 11241100x8000000000000000342860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4bbdea97d970342021-12-21 10:24:11.456root 11241100x8000000000000000342861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be20a943c6689432021-12-21 10:24:11.456root 11241100x8000000000000000342862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1947b45a28661752021-12-21 10:24:11.456root 11241100x8000000000000000342863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54c50c1455195ad2021-12-21 10:24:11.457root 11241100x8000000000000000342864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49677586e3019b502021-12-21 10:24:11.457root 11241100x8000000000000000342865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d445cb19715d782021-12-21 10:24:11.457root 11241100x8000000000000000342866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e646cb087abb772021-12-21 10:24:11.457root 11241100x8000000000000000342867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75016d1e9629487d2021-12-21 10:24:11.457root 11241100x8000000000000000342868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f80e3ff999449a02021-12-21 10:24:11.457root 11241100x8000000000000000342869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378f6bba161bc9112021-12-21 10:24:11.457root 11241100x8000000000000000342870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d46963512c57342021-12-21 10:24:11.457root 11241100x8000000000000000342871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166fbf7b1aad2d5d2021-12-21 10:24:11.457root 11241100x8000000000000000342872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d2ca6decbebbff2021-12-21 10:24:11.458root 11241100x8000000000000000342873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec947240560ff26f2021-12-21 10:24:11.458root 11241100x8000000000000000342874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7f306ec43ddc1e2021-12-21 10:24:11.458root 11241100x8000000000000000342875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e850fa31520c722021-12-21 10:24:11.460root 11241100x8000000000000000342876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d678954eef68d42021-12-21 10:24:11.460root 11241100x8000000000000000342877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239d2eba5dd520b92021-12-21 10:24:11.461root 11241100x8000000000000000342878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca0fdeb307b66b42021-12-21 10:24:11.461root 11241100x8000000000000000342879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309250fb39c92ffe2021-12-21 10:24:11.461root 11241100x8000000000000000342880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850bb5c3cece78442021-12-21 10:24:11.461root 11241100x8000000000000000342881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b260d6597c94922021-12-21 10:24:11.461root 11241100x8000000000000000342882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ab43ae2b5619cd2021-12-21 10:24:11.461root 11241100x8000000000000000342883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8a54ab49b0582c2021-12-21 10:24:11.461root 11241100x8000000000000000342884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea1d38369c58b8d2021-12-21 10:24:11.462root 11241100x8000000000000000342885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56463c4c49f88f5c2021-12-21 10:24:11.462root 11241100x8000000000000000342886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43f70493fa9a7fa2021-12-21 10:24:11.462root 11241100x8000000000000000342887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a78233645265ce42021-12-21 10:24:11.462root 11241100x8000000000000000342888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688e8a3afb7da9af2021-12-21 10:24:11.462root 11241100x8000000000000000342889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbafe3a451433de2021-12-21 10:24:11.943root 11241100x8000000000000000342890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278411b682f372742021-12-21 10:24:11.943root 11241100x8000000000000000342891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4440272d2ec2865f2021-12-21 10:24:11.943root 11241100x8000000000000000342892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2443430083a474732021-12-21 10:24:11.944root 11241100x8000000000000000342893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875d384e3cb86d672021-12-21 10:24:11.944root 11241100x8000000000000000342894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f829b4567a44cc432021-12-21 10:24:11.944root 11241100x8000000000000000342895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a6b495e98b481e2021-12-21 10:24:11.945root 11241100x8000000000000000342896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3a776b3acd140b2021-12-21 10:24:11.945root 11241100x8000000000000000342897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41dd5734a6a13372021-12-21 10:24:11.945root 11241100x8000000000000000342898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef99191baf647d22021-12-21 10:24:11.945root 11241100x8000000000000000342899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cefea2a3b7b10d2d2021-12-21 10:24:11.945root 11241100x8000000000000000342900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c70c6e50c3dcfd92021-12-21 10:24:11.946root 11241100x8000000000000000342901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9188fadfded55582021-12-21 10:24:11.946root 11241100x8000000000000000342902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8da4b8b72e5e73c2021-12-21 10:24:11.946root 11241100x8000000000000000342903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3150971881a85372021-12-21 10:24:11.946root 11241100x8000000000000000342904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd19f162b72a63d22021-12-21 10:24:11.946root 11241100x8000000000000000342905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08eab6d34741a9512021-12-21 10:24:11.946root 11241100x8000000000000000342906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83df5d61c58e8f7a2021-12-21 10:24:11.946root 11241100x8000000000000000342907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d8770c9eb17dae2021-12-21 10:24:11.946root 11241100x8000000000000000342908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0b9368eb4ed69f2021-12-21 10:24:11.946root 11241100x8000000000000000342909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7bfb73085f703e32021-12-21 10:24:11.947root 11241100x8000000000000000342910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb673fb7590ddec2021-12-21 10:24:11.947root 11241100x8000000000000000342911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0abb72efb3ee5a32021-12-21 10:24:11.947root 11241100x8000000000000000342912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ecb3078e3a9d2862021-12-21 10:24:11.947root 11241100x8000000000000000342913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f39672312fe0792021-12-21 10:24:11.947root 11241100x8000000000000000342914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623258e9e49e90a72021-12-21 10:24:11.947root 11241100x8000000000000000342915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c533c2979bc32f2021-12-21 10:24:11.947root 11241100x8000000000000000342916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e4cd29267b15112021-12-21 10:24:11.947root 11241100x8000000000000000342917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed752c14aed14132021-12-21 10:24:11.947root 11241100x8000000000000000342918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2053c16de5a464e22021-12-21 10:24:11.948root 11241100x8000000000000000342919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44b6317303ac3a92021-12-21 10:24:11.948root 11241100x8000000000000000342920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a034c323fb38bb32021-12-21 10:24:11.948root 11241100x8000000000000000342921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.718b475ec3e031432021-12-21 10:24:11.948root 11241100x8000000000000000342922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309eb94c23432a102021-12-21 10:24:11.948root 11241100x8000000000000000342923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43bb707a4b16ecaf2021-12-21 10:24:11.948root 11241100x8000000000000000342924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fff74eb98524b362021-12-21 10:24:11.948root 11241100x8000000000000000342925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ea0cda05d230152021-12-21 10:24:11.948root 11241100x8000000000000000342926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f37464a6bc5b5d2021-12-21 10:24:11.948root 11241100x8000000000000000342927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a5a694691e4d3c2021-12-21 10:24:11.949root 11241100x8000000000000000342928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ea26b66201d3142021-12-21 10:24:11.949root 11241100x8000000000000000342929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae37e2744bfece322021-12-21 10:24:11.949root 11241100x8000000000000000342930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3540ab0cec49a82021-12-21 10:24:11.949root 11241100x8000000000000000342931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f283b010e708f412021-12-21 10:24:11.949root 11241100x8000000000000000342932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c76f75ae396f8a02021-12-21 10:24:11.949root 11241100x8000000000000000342933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4535544f5c0739a2021-12-21 10:24:11.949root 11241100x8000000000000000342934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a06c3016ba24172021-12-21 10:24:11.949root 11241100x8000000000000000342935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.842c3b1bd47b29222021-12-21 10:24:11.949root 11241100x8000000000000000342936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923b31032abad8872021-12-21 10:24:11.949root 11241100x8000000000000000342937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08ca7dc716763772021-12-21 10:24:11.950root 11241100x8000000000000000342938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab6911bf205a9892021-12-21 10:24:11.950root 11241100x8000000000000000342939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2593151d46ebf2b02021-12-21 10:24:11.950root 11241100x8000000000000000342940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6d82dde0f2a0952021-12-21 10:24:11.950root 11241100x8000000000000000342941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfa1ddda066b8ec2021-12-21 10:24:11.950root 11241100x8000000000000000342942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af4171c081e46ed2021-12-21 10:24:11.950root 11241100x8000000000000000342943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5f02a8050d7f4932021-12-21 10:24:11.950root 11241100x8000000000000000342944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eebbcfb778b1ae3c2021-12-21 10:24:11.950root 11241100x8000000000000000342945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c320c487a8dc4c92021-12-21 10:24:11.950root 11241100x8000000000000000342946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d7fe9c70047acf2021-12-21 10:24:11.951root 11241100x8000000000000000342947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a505cebb45a0b5632021-12-21 10:24:11.951root 11241100x8000000000000000342948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f0796257ee74612021-12-21 10:24:11.951root 11241100x8000000000000000342949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c535708b913718292021-12-21 10:24:11.951root 11241100x8000000000000000342950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875af04eb27a20682021-12-21 10:24:11.951root 11241100x8000000000000000342951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ab48ff1736ec542021-12-21 10:24:11.951root 11241100x8000000000000000342952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c05e5acce8746482021-12-21 10:24:11.951root 11241100x8000000000000000342953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba5f536377846652021-12-21 10:24:11.951root 11241100x8000000000000000342954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462da09f7096123e2021-12-21 10:24:11.951root 11241100x8000000000000000342955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79127992a3667aa62021-12-21 10:24:11.952root 11241100x8000000000000000342956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92edefe8c1ada20f2021-12-21 10:24:11.952root 11241100x8000000000000000342957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1decdb7195d248b82021-12-21 10:24:11.952root 11241100x8000000000000000342958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd769375cc9e6a052021-12-21 10:24:11.952root 11241100x8000000000000000342959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac27e08ec4c5ed72021-12-21 10:24:11.952root 11241100x8000000000000000342960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4136c44e8dfa9b0a2021-12-21 10:24:11.952root 11241100x8000000000000000342961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c754acf62c05e42021-12-21 10:24:11.952root 11241100x8000000000000000342962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21d8395eccb593c2021-12-21 10:24:11.952root 11241100x8000000000000000342963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b871f1a164f82d2b2021-12-21 10:24:11.952root 11241100x8000000000000000342964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17aaf465df8f37592021-12-21 10:24:11.953root 11241100x8000000000000000342965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7492fb1c5b52f4a2021-12-21 10:24:11.953root 11241100x8000000000000000342966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:11.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80b5c88281d85f72021-12-21 10:24:11.953root 11241100x8000000000000000342967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f53fef666b3191e2021-12-21 10:24:12.443root 11241100x8000000000000000342968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412b00270917bc2d2021-12-21 10:24:12.443root 11241100x8000000000000000342969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfcc1e2ab565ca32021-12-21 10:24:12.443root 11241100x8000000000000000342970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8488c9ea04f680c62021-12-21 10:24:12.443root 11241100x8000000000000000342971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0d6ce82599581c2021-12-21 10:24:12.444root 11241100x8000000000000000342972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312aec3a0d9204e12021-12-21 10:24:12.444root 11241100x8000000000000000342973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f86312532360a92021-12-21 10:24:12.444root 11241100x8000000000000000342974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228e6c5d3822d78e2021-12-21 10:24:12.444root 11241100x8000000000000000342975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9c70bf56da048b2021-12-21 10:24:12.444root 11241100x8000000000000000342976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82d4eb7dc1879402021-12-21 10:24:12.444root 11241100x8000000000000000342977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d312ad3454a6f3372021-12-21 10:24:12.444root 11241100x8000000000000000342978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d6ffc18b6f9b7f2021-12-21 10:24:12.444root 11241100x8000000000000000342979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8b7ff57e5da7172021-12-21 10:24:12.444root 11241100x8000000000000000342980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebf86dedb2aaabdb2021-12-21 10:24:12.444root 11241100x8000000000000000342981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a65a9a1abfc2a82021-12-21 10:24:12.444root 11241100x8000000000000000342982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef47d871a9e4c3e2021-12-21 10:24:12.445root 11241100x8000000000000000342983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474b92ce91e0a6122021-12-21 10:24:12.445root 11241100x8000000000000000342984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a2ab7d71da91572021-12-21 10:24:12.445root 11241100x8000000000000000342985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c59755d61acdd22021-12-21 10:24:12.445root 11241100x8000000000000000342986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d1c67e436b50852021-12-21 10:24:12.445root 11241100x8000000000000000342987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f337bde0215ca3d2021-12-21 10:24:12.446root 11241100x8000000000000000342988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fa3d193c662ad0d2021-12-21 10:24:12.446root 11241100x8000000000000000342989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d6477c1b0bac402021-12-21 10:24:12.446root 11241100x8000000000000000342990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1c6c2876d0bce82021-12-21 10:24:12.446root 11241100x8000000000000000342991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58d65962fa9490c2021-12-21 10:24:12.447root 11241100x8000000000000000342992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e642fa36e59306db2021-12-21 10:24:12.447root 11241100x8000000000000000342993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aae916be97eb49e2021-12-21 10:24:12.447root 11241100x8000000000000000342994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4adc8a0183daae02021-12-21 10:24:12.447root 11241100x8000000000000000342995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f4505e788d04da2021-12-21 10:24:12.447root 11241100x8000000000000000342996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a585ed66c0531c2021-12-21 10:24:12.447root 11241100x8000000000000000342997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e9c8c5cc27f8532021-12-21 10:24:12.447root 11241100x8000000000000000342998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a374ee3ff1e88a22021-12-21 10:24:12.448root 11241100x8000000000000000342999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85d78be44091a452021-12-21 10:24:12.449root 11241100x8000000000000000343000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd76c0c7c918ff12021-12-21 10:24:12.449root 11241100x8000000000000000343001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c660f0de619abe52021-12-21 10:24:12.449root 11241100x8000000000000000343002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b22fff794d289412021-12-21 10:24:12.450root 11241100x8000000000000000343003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b23d5c65e2f4ead2021-12-21 10:24:12.450root 11241100x8000000000000000343004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a571f7936f0214b42021-12-21 10:24:12.450root 11241100x8000000000000000343005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9becf900b3cb38f42021-12-21 10:24:12.450root 11241100x8000000000000000343006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c1e9e10d4f04f62021-12-21 10:24:12.450root 11241100x8000000000000000343007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf124aeb1a56f552021-12-21 10:24:12.450root 11241100x8000000000000000343008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62eec230ccbbbfa72021-12-21 10:24:12.450root 11241100x8000000000000000343009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035589330b7a7e1e2021-12-21 10:24:12.450root 11241100x8000000000000000343010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0adb9c25cf33b5572021-12-21 10:24:12.450root 11241100x8000000000000000343011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b87ab14117426db2021-12-21 10:24:12.451root 11241100x8000000000000000343012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64ceee920daec9b2021-12-21 10:24:12.451root 11241100x8000000000000000343013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22d05b0713805eb2021-12-21 10:24:12.451root 11241100x8000000000000000343014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f9060e07ebdd4d2021-12-21 10:24:12.451root 11241100x8000000000000000343015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdf7ee527ce327b2021-12-21 10:24:12.451root 11241100x8000000000000000343016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b126d1f4e2615b72021-12-21 10:24:12.451root 11241100x8000000000000000343017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.253dbd450071de872021-12-21 10:24:12.451root 11241100x8000000000000000343018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc970abbacb15b622021-12-21 10:24:12.451root 11241100x8000000000000000343019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006e46462d5474f92021-12-21 10:24:12.451root 11241100x8000000000000000343020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bca91a79cf53cf2021-12-21 10:24:12.451root 11241100x8000000000000000343021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57888ed90410ea372021-12-21 10:24:12.451root 11241100x8000000000000000343022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea5a9f4a8f0de5922021-12-21 10:24:12.452root 11241100x8000000000000000343023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9363ce24634fdf0d2021-12-21 10:24:12.452root 11241100x8000000000000000343024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb6ed2ddf6c8ad42021-12-21 10:24:12.452root 11241100x8000000000000000343025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d94918fd40ced482021-12-21 10:24:12.943root 11241100x8000000000000000343026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d19eba5f1bc346c2021-12-21 10:24:12.943root 11241100x8000000000000000343027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d3d60509a35dfe12021-12-21 10:24:12.943root 11241100x8000000000000000343028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bf5ed552d5e1792021-12-21 10:24:12.944root 11241100x8000000000000000343029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0890cf94a766c1452021-12-21 10:24:12.944root 11241100x8000000000000000343030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477a5561be9574042021-12-21 10:24:12.944root 11241100x8000000000000000343031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2f78feaafeddaf2021-12-21 10:24:12.944root 11241100x8000000000000000343032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977a0fa42b1e39f92021-12-21 10:24:12.944root 11241100x8000000000000000343033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4108c94a2cc669652021-12-21 10:24:12.945root 11241100x8000000000000000343034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f9ccbe1bd8e4402021-12-21 10:24:12.945root 11241100x8000000000000000343035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53bb32c82a5547032021-12-21 10:24:12.946root 11241100x8000000000000000343036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8baa030bfacb55e2021-12-21 10:24:12.946root 11241100x8000000000000000343037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c771e35fee7eaa02021-12-21 10:24:12.946root 11241100x8000000000000000343038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696c7d5a5d9bcb2e2021-12-21 10:24:12.947root 11241100x8000000000000000343039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6622211a56a5752021-12-21 10:24:12.947root 11241100x8000000000000000343040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d2b239d3c019272021-12-21 10:24:12.947root 11241100x8000000000000000343041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69a88fcd72190f42021-12-21 10:24:12.947root 11241100x8000000000000000343042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3d03d8afc24e402021-12-21 10:24:12.947root 11241100x8000000000000000343043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0fed74829a55262021-12-21 10:24:12.948root 11241100x8000000000000000343044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b404c93ef764392021-12-21 10:24:12.948root 11241100x8000000000000000343045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd383b892ca851e62021-12-21 10:24:12.948root 11241100x8000000000000000343046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafff3dfc555563e2021-12-21 10:24:12.948root 11241100x8000000000000000343047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b624f491182fc772021-12-21 10:24:12.948root 11241100x8000000000000000343048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554fe8e86f99d2502021-12-21 10:24:12.948root 11241100x8000000000000000343049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70fb6389fe7cea502021-12-21 10:24:12.948root 11241100x8000000000000000343050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b456f409e714c1f2021-12-21 10:24:12.948root 11241100x8000000000000000343051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e7a302421f74cc2021-12-21 10:24:12.948root 11241100x8000000000000000343052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb0d03bab8011b62021-12-21 10:24:12.948root 11241100x8000000000000000343053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9135593eb24b282021-12-21 10:24:12.949root 11241100x8000000000000000343054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fd1d6e4d895f0e2021-12-21 10:24:12.949root 11241100x8000000000000000343055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0162a95e7341b92021-12-21 10:24:12.949root 11241100x8000000000000000343056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70901587286326fc2021-12-21 10:24:12.949root 11241100x8000000000000000343057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d9fdb29483dd4b2021-12-21 10:24:12.949root 11241100x8000000000000000343058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517baaa492bb16472021-12-21 10:24:12.949root 11241100x8000000000000000343059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c7d19559ebd48e2021-12-21 10:24:12.949root 11241100x8000000000000000343060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199bd89aeff512762021-12-21 10:24:12.949root 11241100x8000000000000000343061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567db0a36c1479fa2021-12-21 10:24:12.949root 11241100x8000000000000000343062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb2fb0caf7d14f32021-12-21 10:24:12.950root 11241100x8000000000000000343063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d04e0e2ba903212021-12-21 10:24:12.950root 11241100x8000000000000000343064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c15b69083514dce2021-12-21 10:24:12.950root 11241100x8000000000000000343065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2941dd015996c8f72021-12-21 10:24:12.950root 11241100x8000000000000000343066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1601acbd79f2012021-12-21 10:24:12.950root 11241100x8000000000000000343067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15e879c231826b3b2021-12-21 10:24:12.950root 11241100x8000000000000000343068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910d1bb191ce1ba42021-12-21 10:24:12.950root 11241100x8000000000000000343069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b435271adf2c9dd52021-12-21 10:24:12.950root 11241100x8000000000000000343070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d32d6d0ee2258ad2021-12-21 10:24:12.950root 11241100x8000000000000000343071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e1627fc510e65c2021-12-21 10:24:12.950root 11241100x8000000000000000343072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4bc127d78125982021-12-21 10:24:12.951root 11241100x8000000000000000343073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d50eae9db27a39c2021-12-21 10:24:12.951root 11241100x8000000000000000343074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18018455339c81612021-12-21 10:24:12.951root 11241100x8000000000000000343075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f07907ce3add9a2021-12-21 10:24:12.951root 11241100x8000000000000000343076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcbea94cc3ed51ce2021-12-21 10:24:12.951root 11241100x8000000000000000343077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54eae768b4ab4ebc2021-12-21 10:24:12.951root 11241100x8000000000000000343078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88fdd876bc2a4e332021-12-21 10:24:12.951root 11241100x8000000000000000343079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4070b3276899a9e72021-12-21 10:24:12.951root 11241100x8000000000000000343080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3710ce6284eefc52021-12-21 10:24:12.952root 11241100x8000000000000000343081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe750daae94f91272021-12-21 10:24:12.952root 11241100x8000000000000000343082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b735390b0a3cafc72021-12-21 10:24:12.952root 11241100x8000000000000000343083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2ec7f4afcf1d932021-12-21 10:24:12.952root 11241100x8000000000000000343084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:12.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273a8d6e6c73e21c2021-12-21 10:24:12.952root 154100x8000000000000000343085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.035{ec2b6afe-ab4d-61c1-6854-b23a5e550000}5693/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x8000000000000000343086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.047{ec2b6afe-ab4d-61c1-6854-b23a5e550000}5693/bin/psroot 11241100x8000000000000000343087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9f212939d96b8f2021-12-21 10:24:13.443root 11241100x8000000000000000343088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4daff995655a132021-12-21 10:24:13.443root 11241100x8000000000000000343089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432d140575682ee82021-12-21 10:24:13.444root 11241100x8000000000000000343090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b5d98c1afeccfc2021-12-21 10:24:13.444root 11241100x8000000000000000343091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f3986f9a49038302021-12-21 10:24:13.444root 11241100x8000000000000000343092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe7a54d1b6775fc2021-12-21 10:24:13.444root 11241100x8000000000000000343093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb5bda6b9fbda642021-12-21 10:24:13.444root 11241100x8000000000000000343094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525f0c932a4650642021-12-21 10:24:13.444root 11241100x8000000000000000343095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f56e749dc50cb5b2021-12-21 10:24:13.444root 11241100x8000000000000000343096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006de3d542a681db2021-12-21 10:24:13.444root 11241100x8000000000000000343097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2d29a396a981a62021-12-21 10:24:13.444root 11241100x8000000000000000343098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247d6ece8999ae7e2021-12-21 10:24:13.444root 11241100x8000000000000000343099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969b81de2874da352021-12-21 10:24:13.445root 11241100x8000000000000000343100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4924258bd649cce72021-12-21 10:24:13.445root 11241100x8000000000000000343101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db697029a0f5b7d2021-12-21 10:24:13.445root 11241100x8000000000000000343102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.584a5cf945a6cefe2021-12-21 10:24:13.445root 11241100x8000000000000000343103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174c69fa730428182021-12-21 10:24:13.445root 11241100x8000000000000000343104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb06b7b1a9606f992021-12-21 10:24:13.445root 11241100x8000000000000000343105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e66fafdb24733612021-12-21 10:24:13.445root 11241100x8000000000000000343106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559ca97ec4f26fee2021-12-21 10:24:13.445root 11241100x8000000000000000343107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4703cf62f9f4e7f92021-12-21 10:24:13.446root 11241100x8000000000000000343108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0f97c5bfe021d42021-12-21 10:24:13.446root 11241100x8000000000000000343109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45bf1a6df0e0998d2021-12-21 10:24:13.446root 11241100x8000000000000000343110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7f1abc02eaa9e62021-12-21 10:24:13.446root 11241100x8000000000000000343111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9606fac26ec5b52021-12-21 10:24:13.446root 11241100x8000000000000000343112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebdd08936cf9c0e2021-12-21 10:24:13.446root 11241100x8000000000000000343113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f2bd0578e5c4242021-12-21 10:24:13.447root 11241100x8000000000000000343114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30788b2b0b27f842021-12-21 10:24:13.447root 11241100x8000000000000000343115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d35ecfc918417772021-12-21 10:24:13.447root 11241100x8000000000000000343116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a6b53ca046a25b2021-12-21 10:24:13.447root 11241100x8000000000000000343117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54141eee963d83f2021-12-21 10:24:13.447root 11241100x8000000000000000343118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11394688bf86ff132021-12-21 10:24:13.447root 11241100x8000000000000000343119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9426f67f50f19ff2021-12-21 10:24:13.447root 11241100x8000000000000000343120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecd97911a91809d2021-12-21 10:24:13.447root 11241100x8000000000000000343121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84279d20a7b22d132021-12-21 10:24:13.447root 11241100x8000000000000000343122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4d4923ce65ca6c2021-12-21 10:24:13.447root 11241100x8000000000000000343123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6540c69b93812ebf2021-12-21 10:24:13.447root 11241100x8000000000000000343124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6053540bb90510f2021-12-21 10:24:13.447root 11241100x8000000000000000343125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe76440ec482f642021-12-21 10:24:13.447root 11241100x8000000000000000343126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662850ea602d7e032021-12-21 10:24:13.447root 11241100x8000000000000000343127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2587ddcec02bd02021-12-21 10:24:13.447root 11241100x8000000000000000343128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b625492e366c362021-12-21 10:24:13.448root 11241100x8000000000000000343129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b0283eed207f072021-12-21 10:24:13.448root 11241100x8000000000000000343130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6683180c5bf0162021-12-21 10:24:13.448root 11241100x8000000000000000343131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2710f19b6ad2b182021-12-21 10:24:13.448root 11241100x8000000000000000343132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4882ee764ff8ec9f2021-12-21 10:24:13.448root 11241100x8000000000000000343133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f9e829ac49e4c72021-12-21 10:24:13.448root 11241100x8000000000000000343134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666f362e0d7d3a452021-12-21 10:24:13.448root 11241100x8000000000000000343135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc0778b9f3264882021-12-21 10:24:13.448root 11241100x8000000000000000343136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17664d6fa05dffa92021-12-21 10:24:13.448root 11241100x8000000000000000343137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d9581318cac5e62021-12-21 10:24:13.943root 11241100x8000000000000000343138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520c3e27aea565fb2021-12-21 10:24:13.943root 11241100x8000000000000000343139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e55aacf668cd3dc2021-12-21 10:24:13.943root 11241100x8000000000000000343140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee113159166bb782021-12-21 10:24:13.943root 11241100x8000000000000000343141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc66116e6ac36d02021-12-21 10:24:13.944root 11241100x8000000000000000343142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa2f92c02343fb42021-12-21 10:24:13.944root 11241100x8000000000000000343143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190f4db6ae89d2342021-12-21 10:24:13.944root 11241100x8000000000000000343144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2b7d0405910e622021-12-21 10:24:13.944root 11241100x8000000000000000343145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2104a9a1906609f32021-12-21 10:24:13.944root 11241100x8000000000000000343146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2e30220bba13012021-12-21 10:24:13.944root 11241100x8000000000000000343147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306c234bb758520c2021-12-21 10:24:13.944root 11241100x8000000000000000343148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad1f11f33434c322021-12-21 10:24:13.944root 11241100x8000000000000000343149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3f43ffc43daa962021-12-21 10:24:13.944root 11241100x8000000000000000343150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8610c32ec99e26732021-12-21 10:24:13.944root 11241100x8000000000000000343151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50d0f5dc7a312422021-12-21 10:24:13.944root 11241100x8000000000000000343152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090e7f06330c325c2021-12-21 10:24:13.944root 11241100x8000000000000000343153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f7c45602b5a8392021-12-21 10:24:13.945root 11241100x8000000000000000343154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2176d2a435020b72021-12-21 10:24:13.945root 11241100x8000000000000000343155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6184db5c85adc78b2021-12-21 10:24:13.945root 11241100x8000000000000000343156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cdf9df99230bfa2021-12-21 10:24:13.945root 11241100x8000000000000000343157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265af2c473c042a42021-12-21 10:24:13.945root 11241100x8000000000000000343158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d11b098bb23e2cd2021-12-21 10:24:13.945root 11241100x8000000000000000343159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a985f9b103b2aa012021-12-21 10:24:13.945root 11241100x8000000000000000343160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72acadd9b0f4800e2021-12-21 10:24:13.945root 11241100x8000000000000000343161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa9a53a71221e712021-12-21 10:24:13.945root 11241100x8000000000000000343162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c38ec00b9002252021-12-21 10:24:13.945root 11241100x8000000000000000343163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44abca4a897bc2582021-12-21 10:24:13.945root 11241100x8000000000000000343164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa07a61f83b8892d2021-12-21 10:24:13.945root 11241100x8000000000000000343165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2fb1d76d89faebd2021-12-21 10:24:13.945root 11241100x8000000000000000343166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50819935f7aa2b872021-12-21 10:24:13.945root 11241100x8000000000000000343167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52046b2488f0dde2021-12-21 10:24:13.945root 11241100x8000000000000000343168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e844689a7634ccba2021-12-21 10:24:13.945root 11241100x8000000000000000343169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff348978e59c22a2021-12-21 10:24:13.945root 11241100x8000000000000000343170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e31d2d1736ac272021-12-21 10:24:13.946root 11241100x8000000000000000343171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9267ff74867b332021-12-21 10:24:13.946root 11241100x8000000000000000343172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d12cf64eade9ef2021-12-21 10:24:13.946root 11241100x8000000000000000343173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a294e241a13c8e2021-12-21 10:24:13.946root 11241100x8000000000000000343174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b029d6abfa7b4aa2021-12-21 10:24:13.946root 11241100x8000000000000000343175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a458cdf90249e4a52021-12-21 10:24:13.946root 11241100x8000000000000000343176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300d44c94b1c07082021-12-21 10:24:13.946root 11241100x8000000000000000343177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95372c99c930f2be2021-12-21 10:24:13.946root 11241100x8000000000000000343178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ad1342255608f72021-12-21 10:24:13.946root 11241100x8000000000000000343179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86efb82a1390c592021-12-21 10:24:13.946root 11241100x8000000000000000343180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76cd23ec008f4fdd2021-12-21 10:24:13.946root 11241100x8000000000000000343181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861f9948708c58882021-12-21 10:24:13.946root 11241100x8000000000000000343182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecdbfd1fc3644d02021-12-21 10:24:13.946root 11241100x8000000000000000343183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d9245e6d5207c32021-12-21 10:24:13.946root 11241100x8000000000000000343184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816c67dd9f86cd242021-12-21 10:24:13.946root 11241100x8000000000000000343185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8cd5bdf0ac66802021-12-21 10:24:13.946root 11241100x8000000000000000343186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5e02fc46f2e7052021-12-21 10:24:13.947root 11241100x8000000000000000343187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dedadfe6fd5a2d42021-12-21 10:24:13.947root 11241100x8000000000000000343188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48039a88c5ba9f812021-12-21 10:24:13.947root 11241100x8000000000000000343189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d01067ba9277dc2021-12-21 10:24:13.947root 11241100x8000000000000000343190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90160548d0e78c02021-12-21 10:24:13.947root 11241100x8000000000000000343191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61da8e9c4e89afe72021-12-21 10:24:13.948root 11241100x8000000000000000343192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49aae53fe533c8322021-12-21 10:24:13.948root 11241100x8000000000000000343193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6051d1b97bc74b482021-12-21 10:24:13.948root 11241100x8000000000000000343194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a791a725bffba5da2021-12-21 10:24:13.948root 11241100x8000000000000000343195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49418d47a9b8f60b2021-12-21 10:24:13.948root 11241100x8000000000000000343196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df76284a637fbe02021-12-21 10:24:13.948root 11241100x8000000000000000343197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1100f5d27d3c5acb2021-12-21 10:24:13.948root 11241100x8000000000000000343198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb9d82a94883fd62021-12-21 10:24:13.948root 11241100x8000000000000000343199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355ce6325b8f3e592021-12-21 10:24:13.948root 11241100x8000000000000000343200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74781d71c54bedb2021-12-21 10:24:13.948root 11241100x8000000000000000343201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576f2d3bd0dcec1f2021-12-21 10:24:13.948root 11241100x8000000000000000343202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8465a93fa1807a2021-12-21 10:24:13.948root 11241100x8000000000000000343203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb622e08d1b018062021-12-21 10:24:13.950root 11241100x8000000000000000343204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6831352de7b853872021-12-21 10:24:13.950root 11241100x8000000000000000343205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e43c3c88e09f32b2021-12-21 10:24:13.950root 11241100x8000000000000000343206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13683011a7e8e6cb2021-12-21 10:24:13.950root 11241100x8000000000000000343207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673a8a91fbfc8cd32021-12-21 10:24:13.950root 11241100x8000000000000000343208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2458b4cd5b554fe2021-12-21 10:24:13.950root 11241100x8000000000000000343209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9bd47236f5970682021-12-21 10:24:13.950root 11241100x8000000000000000343210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f2758ea8eb81a72021-12-21 10:24:13.950root 11241100x8000000000000000343211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b387bcd03deae6e52021-12-21 10:24:13.951root 11241100x8000000000000000343212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee54e776c6f6329c2021-12-21 10:24:13.951root 11241100x8000000000000000343213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f25c4d4e823ecf2021-12-21 10:24:13.951root 11241100x8000000000000000343214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5c3314f5cb10542021-12-21 10:24:13.951root 11241100x8000000000000000343215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e147b28f8501dd2021-12-21 10:24:13.951root 11241100x8000000000000000343216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e28ab3a291181f02021-12-21 10:24:13.952root 11241100x8000000000000000343217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8dd546ba6f65e82021-12-21 10:24:13.952root 11241100x8000000000000000343218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3761ce4b224effc2021-12-21 10:24:13.952root 11241100x8000000000000000343219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2357078ddd8952442021-12-21 10:24:13.952root 11241100x8000000000000000343220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c20ad62004aa982021-12-21 10:24:13.952root 11241100x8000000000000000343221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f8bee3546a4af42021-12-21 10:24:13.952root 11241100x8000000000000000343222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33b4b181c63902b2021-12-21 10:24:13.952root 11241100x8000000000000000343223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6344f07c1626adc02021-12-21 10:24:13.952root 11241100x8000000000000000343224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374eb15c9cbec4032021-12-21 10:24:13.952root 11241100x8000000000000000343225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947d29538bd37bef2021-12-21 10:24:13.953root 11241100x8000000000000000343226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06415bec70c1c6932021-12-21 10:24:13.953root 11241100x8000000000000000343227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7fe1fedf74bedf82021-12-21 10:24:13.953root 11241100x8000000000000000343228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1f330dc1b38b862021-12-21 10:24:13.953root 11241100x8000000000000000343229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69faf87798a9506d2021-12-21 10:24:13.953root 11241100x8000000000000000343230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb665fc776fe59da2021-12-21 10:24:13.953root 11241100x8000000000000000343231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865f2e21998479d72021-12-21 10:24:13.953root 11241100x8000000000000000343232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb603a138d580b912021-12-21 10:24:13.953root 11241100x8000000000000000343233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97545c9c0f473512021-12-21 10:24:13.954root 11241100x8000000000000000343234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ef2bb7d5f699842021-12-21 10:24:13.954root 11241100x8000000000000000343235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7898579f609c882021-12-21 10:24:13.954root 11241100x8000000000000000343236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ebc286d58f70182021-12-21 10:24:13.954root 11241100x8000000000000000343237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1e3bb85b9918bd2021-12-21 10:24:13.955root 11241100x8000000000000000343238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6eba20bd7e737a82021-12-21 10:24:13.955root 11241100x8000000000000000343239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd2a79913b011f22021-12-21 10:24:13.955root 11241100x8000000000000000343240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e37903fc328b7372021-12-21 10:24:13.955root 11241100x8000000000000000343241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18bbb1cbcb77f162021-12-21 10:24:13.955root 11241100x8000000000000000343242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7cf95798628c7c2021-12-21 10:24:13.955root 11241100x8000000000000000343243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801baa1737b168c42021-12-21 10:24:13.955root 11241100x8000000000000000343244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2f5d334ae3a8582021-12-21 10:24:13.955root 11241100x8000000000000000343245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd731111a27a1ae52021-12-21 10:24:13.956root 11241100x8000000000000000343246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8938db83805536902021-12-21 10:24:13.956root 11241100x8000000000000000343247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389f824e74d16a8c2021-12-21 10:24:13.956root 11241100x8000000000000000343248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99efa2840b273d892021-12-21 10:24:13.956root 11241100x8000000000000000343249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88660f602a23b7422021-12-21 10:24:13.956root 11241100x8000000000000000343250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2058e75e5228c052021-12-21 10:24:13.956root 11241100x8000000000000000343251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ee0dd380e81e8e2021-12-21 10:24:13.957root 11241100x8000000000000000343252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6efa16a5b22e4232021-12-21 10:24:13.957root 11241100x8000000000000000343253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b431a7a561df04732021-12-21 10:24:13.957root 11241100x8000000000000000343254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4dbc9deb69e55a72021-12-21 10:24:13.957root 11241100x8000000000000000343255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a440d5cff21ec92021-12-21 10:24:13.957root 11241100x8000000000000000343256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1526354009480e12021-12-21 10:24:13.957root 11241100x8000000000000000343257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e616276874a5d002021-12-21 10:24:13.957root 11241100x8000000000000000343258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6deb905b393d3a2021-12-21 10:24:13.958root 11241100x8000000000000000343259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06fe9544324c75172021-12-21 10:24:13.958root 11241100x8000000000000000343260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb96151e70ac42d32021-12-21 10:24:13.958root 11241100x8000000000000000343261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3606b388ee3af402021-12-21 10:24:13.958root 11241100x8000000000000000343262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d832b69b265b3f2021-12-21 10:24:13.959root 11241100x8000000000000000343263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f581bdbcb3b91c22021-12-21 10:24:13.959root 11241100x8000000000000000343264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf203678dd3e5562021-12-21 10:24:13.959root 11241100x8000000000000000343265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed778a121a1861192021-12-21 10:24:13.959root 11241100x8000000000000000343266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbd155403e9be112021-12-21 10:24:13.959root 11241100x8000000000000000343267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0f36e8f27149342021-12-21 10:24:13.960root 11241100x8000000000000000343268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd7f1a11b48e58d2021-12-21 10:24:13.960root 11241100x8000000000000000343269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d826a5dafd43e7c32021-12-21 10:24:13.960root 11241100x8000000000000000343270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:13.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5c611d7ce5daca2021-12-21 10:24:13.960root 11241100x8000000000000000343271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47563cbadf991fdc2021-12-21 10:24:14.442root 11241100x8000000000000000343272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57b24b72921a8b72021-12-21 10:24:14.443root 11241100x8000000000000000343273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2939dd2c1b1b1582021-12-21 10:24:14.443root 11241100x8000000000000000343274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef21a84f4064c1442021-12-21 10:24:14.444root 11241100x8000000000000000343275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b847aa0e970e19b12021-12-21 10:24:14.444root 11241100x8000000000000000343276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670fe0a159e62a7c2021-12-21 10:24:14.444root 11241100x8000000000000000343277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3bf3469382115a12021-12-21 10:24:14.444root 11241100x8000000000000000343278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8c30fd9078f9012021-12-21 10:24:14.445root 11241100x8000000000000000343279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b20d33c95891b8b92021-12-21 10:24:14.445root 11241100x8000000000000000343280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61b516354de6bc32021-12-21 10:24:14.445root 11241100x8000000000000000343281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94001747c1198fc12021-12-21 10:24:14.445root 11241100x8000000000000000343282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7dd194d1f8c0c92021-12-21 10:24:14.446root 11241100x8000000000000000343283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecc71c71a58677e2021-12-21 10:24:14.446root 11241100x8000000000000000343284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ecfb6d0f80868192021-12-21 10:24:14.446root 11241100x8000000000000000343285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff47ed8652be7ef72021-12-21 10:24:14.447root 11241100x8000000000000000343286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0148a3a4e9418c542021-12-21 10:24:14.447root 11241100x8000000000000000343287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2802a0b6206af49a2021-12-21 10:24:14.448root 11241100x8000000000000000343288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2c1a56283e49d22021-12-21 10:24:14.448root 11241100x8000000000000000343289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b863eb68380036952021-12-21 10:24:14.448root 11241100x8000000000000000343290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfdc9a5938ea45b22021-12-21 10:24:14.448root 11241100x8000000000000000343291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c267e63649df62972021-12-21 10:24:14.448root 11241100x8000000000000000343292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6866958d0f1818332021-12-21 10:24:14.448root 11241100x8000000000000000343293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f33c15b8b20d6d632021-12-21 10:24:14.448root 11241100x8000000000000000343294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf44af9bcab82de2021-12-21 10:24:14.448root 11241100x8000000000000000343295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9bc97608cd3d372021-12-21 10:24:14.448root 11241100x8000000000000000343296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9849e9ca488c152021-12-21 10:24:14.450root 11241100x8000000000000000343297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9eeaf9c771c5052021-12-21 10:24:14.450root 11241100x8000000000000000343298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0092b6c348585c2021-12-21 10:24:14.450root 11241100x8000000000000000343299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0884d5fd763cc82021-12-21 10:24:14.450root 11241100x8000000000000000343300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c66a669f2f003202021-12-21 10:24:14.450root 11241100x8000000000000000343301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1142ef4ad2414d82021-12-21 10:24:14.450root 11241100x8000000000000000343302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b6e98db6e23d912021-12-21 10:24:14.450root 11241100x8000000000000000343303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328f706c0c79babb2021-12-21 10:24:14.451root 11241100x8000000000000000343304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f43e69c167a2a492021-12-21 10:24:14.451root 11241100x8000000000000000343305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca3a4962e0b96a5f2021-12-21 10:24:14.451root 11241100x8000000000000000343306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be67d7526ffd01e22021-12-21 10:24:14.452root 11241100x8000000000000000343307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f491f7cd6e66882021-12-21 10:24:14.452root 11241100x8000000000000000343308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a959bb290694aba42021-12-21 10:24:14.452root 11241100x8000000000000000343309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448be35b5ffe1b122021-12-21 10:24:14.452root 11241100x8000000000000000343310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778c9937b3bdb1b52021-12-21 10:24:14.452root 11241100x8000000000000000343311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2a61b6bbc68b202021-12-21 10:24:14.453root 11241100x8000000000000000343312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7f664bc70d3e5c2021-12-21 10:24:14.453root 11241100x8000000000000000343313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84a3b6ea33660e62021-12-21 10:24:14.454root 11241100x8000000000000000343314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d64144dd0c441a2021-12-21 10:24:14.454root 11241100x8000000000000000343315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2294e4481415abc52021-12-21 10:24:14.454root 11241100x8000000000000000343316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413343ad54f8983f2021-12-21 10:24:14.454root 11241100x8000000000000000343317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b054c2cfbf2d2a442021-12-21 10:24:14.454root 11241100x8000000000000000343318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0a6bb8ab1d0e6a2021-12-21 10:24:14.454root 11241100x8000000000000000343319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ae7ac2881ba9ee2021-12-21 10:24:14.455root 11241100x8000000000000000343320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dddad63b6a559692021-12-21 10:24:14.455root 11241100x8000000000000000343321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de19b05f823563f2021-12-21 10:24:14.456root 11241100x8000000000000000343322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489cad357e4240272021-12-21 10:24:14.456root 11241100x8000000000000000343323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf51be1d9d5ea9e2021-12-21 10:24:14.456root 11241100x8000000000000000343324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68fb138e1cc527572021-12-21 10:24:14.456root 11241100x8000000000000000343325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ad737b1d1885542021-12-21 10:24:14.456root 11241100x8000000000000000343326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80315c6565927032021-12-21 10:24:14.456root 11241100x8000000000000000343327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2cdde5150530872021-12-21 10:24:14.456root 11241100x8000000000000000343328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7c909ee27485fd2021-12-21 10:24:14.456root 11241100x8000000000000000343329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e4ef8042443d142021-12-21 10:24:14.943root 11241100x8000000000000000343330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93345958f178d1622021-12-21 10:24:14.943root 11241100x8000000000000000343331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9343eca763c6362021-12-21 10:24:14.943root 11241100x8000000000000000343332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e55ab59066f2ed2021-12-21 10:24:14.943root 11241100x8000000000000000343333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b548df9eeb1c878b2021-12-21 10:24:14.943root 11241100x8000000000000000343334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37cb85a7748a6ed72021-12-21 10:24:14.944root 11241100x8000000000000000343335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceeff2b43437a9862021-12-21 10:24:14.944root 11241100x8000000000000000343336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003dd9d20a9a0aec2021-12-21 10:24:14.944root 11241100x8000000000000000343337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6974f0d5355aa5712021-12-21 10:24:14.944root 11241100x8000000000000000343338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b12e27fa37cffc32021-12-21 10:24:14.944root 11241100x8000000000000000343339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9df3542482da312021-12-21 10:24:14.944root 11241100x8000000000000000343340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23ec43f36bf31072021-12-21 10:24:14.944root 11241100x8000000000000000343341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3bc37a011c6d0c2021-12-21 10:24:14.944root 11241100x8000000000000000343342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6bdad85f6881d32021-12-21 10:24:14.944root 11241100x8000000000000000343343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f7d7195d3e2e0132021-12-21 10:24:14.944root 11241100x8000000000000000343344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab6fd7bc433ae4c2021-12-21 10:24:14.944root 11241100x8000000000000000343345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58faf9e24ce9e51c2021-12-21 10:24:14.944root 11241100x8000000000000000343346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccbbe6d3679962962021-12-21 10:24:14.944root 11241100x8000000000000000343347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90122197f6e2ff92021-12-21 10:24:14.945root 11241100x8000000000000000343348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2abd831748115372021-12-21 10:24:14.945root 11241100x8000000000000000343349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff95e6170c63db932021-12-21 10:24:14.946root 11241100x8000000000000000343350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.964eb4fa52b681cf2021-12-21 10:24:14.946root 11241100x8000000000000000343351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c235ebd04b07bbee2021-12-21 10:24:14.946root 11241100x8000000000000000343352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3155507f8ec05e2021-12-21 10:24:14.946root 11241100x8000000000000000343353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99261d1894957b792021-12-21 10:24:14.946root 11241100x8000000000000000343354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a9a0628f0f9b4c2021-12-21 10:24:14.946root 11241100x8000000000000000343355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4847e4ea84c5ab8a2021-12-21 10:24:14.946root 11241100x8000000000000000343356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f1c7853a513360a2021-12-21 10:24:14.946root 11241100x8000000000000000343357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a68e26bed827e82021-12-21 10:24:14.946root 11241100x8000000000000000343358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5deb87c480c39b342021-12-21 10:24:14.947root 11241100x8000000000000000343359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e9685632aa53f32021-12-21 10:24:14.947root 11241100x8000000000000000343360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633a4a87ff0587762021-12-21 10:24:14.947root 11241100x8000000000000000343361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd89eaf40c7037652021-12-21 10:24:14.947root 11241100x8000000000000000343362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71132e88e8e205a52021-12-21 10:24:14.948root 11241100x8000000000000000343363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63106d63aec196322021-12-21 10:24:14.948root 11241100x8000000000000000343364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4950e8459905c032021-12-21 10:24:14.948root 11241100x8000000000000000343365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c075bb1c5db0eb772021-12-21 10:24:14.948root 11241100x8000000000000000343366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b777c279efb06da2021-12-21 10:24:14.948root 11241100x8000000000000000343367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58305ce44c25d2152021-12-21 10:24:14.949root 11241100x8000000000000000343368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0adc5078f1c5e4042021-12-21 10:24:14.949root 11241100x8000000000000000343369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d4550a89878b822021-12-21 10:24:14.949root 11241100x8000000000000000343370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7896b715cb570622021-12-21 10:24:14.949root 11241100x8000000000000000343371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26e753d434c632f2021-12-21 10:24:14.949root 11241100x8000000000000000343372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00cdc7c4e25651dd2021-12-21 10:24:14.949root 11241100x8000000000000000343373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2377181648ef8a862021-12-21 10:24:14.950root 11241100x8000000000000000343374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01cd3cc4d23212782021-12-21 10:24:14.950root 11241100x8000000000000000343375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4e95f78529c8522021-12-21 10:24:14.950root 11241100x8000000000000000343376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f587b08f98b31dec2021-12-21 10:24:14.950root 11241100x8000000000000000343377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba09a20359da85272021-12-21 10:24:14.950root 11241100x8000000000000000343378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0902dbef2cae23552021-12-21 10:24:14.951root 11241100x8000000000000000343379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb99e453e1990bb62021-12-21 10:24:14.951root 11241100x8000000000000000343380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6fc1685fbbb6c72021-12-21 10:24:14.951root 11241100x8000000000000000343381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b97eb299eba6962021-12-21 10:24:14.951root 11241100x8000000000000000343382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:14.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e01f287a70ed8e2021-12-21 10:24:14.952root 11241100x8000000000000000343383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11a7be0c08a67cd2021-12-21 10:24:15.443root 11241100x8000000000000000343384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79226ec95d996c742021-12-21 10:24:15.443root 11241100x8000000000000000343385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b11b664e93c5402021-12-21 10:24:15.443root 11241100x8000000000000000343386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f13351eb37452c32021-12-21 10:24:15.443root 11241100x8000000000000000343387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbc8635738363062021-12-21 10:24:15.444root 11241100x8000000000000000343388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25782c496f0777ff2021-12-21 10:24:15.444root 11241100x8000000000000000343389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b67e0d2b2e473172021-12-21 10:24:15.444root 11241100x8000000000000000343390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11a3436b4c52fa82021-12-21 10:24:15.444root 11241100x8000000000000000343391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429cdb7efe20b8d82021-12-21 10:24:15.444root 11241100x8000000000000000343392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443ef84e5828d0e72021-12-21 10:24:15.444root 11241100x8000000000000000343393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23cbb98e3c99279e2021-12-21 10:24:15.444root 11241100x8000000000000000343394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489f3667f840358e2021-12-21 10:24:15.444root 11241100x8000000000000000343395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.018aa76b641b44352021-12-21 10:24:15.444root 11241100x8000000000000000343396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82d261c1b6019872021-12-21 10:24:15.444root 11241100x8000000000000000343397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9154e56aa33dede2021-12-21 10:24:15.444root 11241100x8000000000000000343398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86de297141461432021-12-21 10:24:15.444root 11241100x8000000000000000343399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a5a0b05bab583c2021-12-21 10:24:15.444root 11241100x8000000000000000343400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41c3e795149f8152021-12-21 10:24:15.444root 11241100x8000000000000000343401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14150473c409f232021-12-21 10:24:15.444root 11241100x8000000000000000343402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe679848f8583482021-12-21 10:24:15.444root 11241100x8000000000000000343403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758d20d8fcf802772021-12-21 10:24:15.445root 11241100x8000000000000000343404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e08a15a3dc411b62021-12-21 10:24:15.445root 11241100x8000000000000000343405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f86fccc070b666a2021-12-21 10:24:15.445root 11241100x8000000000000000343406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2512692d37c4f3ce2021-12-21 10:24:15.445root 11241100x8000000000000000343407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b709ba39952bb9002021-12-21 10:24:15.445root 11241100x8000000000000000343408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9f6ae2a0a220c22021-12-21 10:24:15.445root 11241100x8000000000000000343409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ec26599832333b2021-12-21 10:24:15.445root 11241100x8000000000000000343410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace9612582f10afa2021-12-21 10:24:15.445root 11241100x8000000000000000343411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c791102078ccb02021-12-21 10:24:15.445root 11241100x8000000000000000343412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a1ab95e0edae472021-12-21 10:24:15.445root 11241100x8000000000000000343413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a86fdc26bbcdafa2021-12-21 10:24:15.445root 11241100x8000000000000000343414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350ba7d71687b2432021-12-21 10:24:15.445root 11241100x8000000000000000343415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c10ff4700bddf182021-12-21 10:24:15.445root 11241100x8000000000000000343416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db9164189681c812021-12-21 10:24:15.446root 11241100x8000000000000000343417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897a0ab82877e9152021-12-21 10:24:15.446root 11241100x8000000000000000343418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571aa76b69f088662021-12-21 10:24:15.446root 11241100x8000000000000000343419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f310ac00148a122021-12-21 10:24:15.446root 11241100x8000000000000000343420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039d44750bdb13922021-12-21 10:24:15.446root 11241100x8000000000000000343421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7e2240b6391a422021-12-21 10:24:15.447root 11241100x8000000000000000343422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c8dfc0ef3cc62a2021-12-21 10:24:15.447root 11241100x8000000000000000343423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a61ffa7056abe72021-12-21 10:24:15.447root 11241100x8000000000000000343424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1682be05d0620e8a2021-12-21 10:24:15.447root 11241100x8000000000000000343425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea06f31978c7383b2021-12-21 10:24:15.447root 11241100x8000000000000000343426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d619e79c85812ae42021-12-21 10:24:15.447root 11241100x8000000000000000343427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2398c84ef1744a2021-12-21 10:24:15.448root 11241100x8000000000000000343428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b89dc9e68441a82021-12-21 10:24:15.448root 11241100x8000000000000000343429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9e447f8617c57d2021-12-21 10:24:15.448root 11241100x8000000000000000343430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c1ec1299ff0c892021-12-21 10:24:15.448root 11241100x8000000000000000343431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139ffe0c335a70002021-12-21 10:24:15.448root 11241100x8000000000000000343432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177a4216c6047c412021-12-21 10:24:15.448root 11241100x8000000000000000343433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d6778fc4e5570d2021-12-21 10:24:15.448root 11241100x8000000000000000343434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d6406a50daab1cc2021-12-21 10:24:15.449root 11241100x8000000000000000343435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9484295efb5ab52021-12-21 10:24:15.449root 11241100x8000000000000000343436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef462e8aed72b5d92021-12-21 10:24:15.449root 11241100x8000000000000000343437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8791b08020a79482021-12-21 10:24:15.449root 11241100x8000000000000000343438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f770d5611b1a48642021-12-21 10:24:15.449root 11241100x8000000000000000343439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e8e80feccb67392021-12-21 10:24:15.449root 11241100x8000000000000000343440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f118ee58d48a47962021-12-21 10:24:15.449root 11241100x8000000000000000343441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2ecf8174e778cb2021-12-21 10:24:15.943root 11241100x8000000000000000343442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed266bcac64d8af2021-12-21 10:24:15.943root 11241100x8000000000000000343443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd839fa29a2d8f662021-12-21 10:24:15.944root 11241100x8000000000000000343444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8d1cdd3811a3ce2021-12-21 10:24:15.944root 11241100x8000000000000000343445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c73521c8cd5561f2021-12-21 10:24:15.944root 11241100x8000000000000000343446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd751b3b8554dc92021-12-21 10:24:15.944root 11241100x8000000000000000343447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9953388a9d1d142021-12-21 10:24:15.945root 11241100x8000000000000000343448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9666d58c69bc33602021-12-21 10:24:15.945root 11241100x8000000000000000343449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c7bdb611f8a7902021-12-21 10:24:15.945root 11241100x8000000000000000343450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8280da9f88af9c52021-12-21 10:24:15.945root 11241100x8000000000000000343451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08dfa955adbb92a42021-12-21 10:24:15.945root 11241100x8000000000000000343452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f18e0b3bb4401032021-12-21 10:24:15.946root 11241100x8000000000000000343453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11ede14b5d2cc5b2021-12-21 10:24:15.946root 11241100x8000000000000000343454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5dd2dbe7c8aed1f2021-12-21 10:24:15.946root 11241100x8000000000000000343455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71db3df0aca8283f2021-12-21 10:24:15.946root 11241100x8000000000000000343456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7786f6f2abd4796e2021-12-21 10:24:15.946root 11241100x8000000000000000343457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e68ec1ed5b213672021-12-21 10:24:15.946root 11241100x8000000000000000343458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23199cc606a4f432021-12-21 10:24:15.946root 11241100x8000000000000000343459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab24bf568a9a9fb2021-12-21 10:24:15.947root 11241100x8000000000000000343460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd292ff6c77b13c02021-12-21 10:24:15.947root 11241100x8000000000000000343461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bacd9070615f5492021-12-21 10:24:15.947root 11241100x8000000000000000343462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf53b11ec5fa22f02021-12-21 10:24:15.947root 11241100x8000000000000000343463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9039f7f1793d56182021-12-21 10:24:15.947root 11241100x8000000000000000343464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03504e5c3402bfe12021-12-21 10:24:15.947root 11241100x8000000000000000343465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af87f324f4344362021-12-21 10:24:15.947root 11241100x8000000000000000343466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b18d851e84b3c032021-12-21 10:24:15.947root 11241100x8000000000000000343467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae318e61b24bf2e72021-12-21 10:24:15.947root 11241100x8000000000000000343468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ab74f1f87dc4242021-12-21 10:24:15.948root 11241100x8000000000000000343469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c92175c4c68e812021-12-21 10:24:15.948root 11241100x8000000000000000343470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433642eea32f01c42021-12-21 10:24:15.948root 11241100x8000000000000000343471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf276910f998b4d2021-12-21 10:24:15.948root 11241100x8000000000000000343472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a995896fc4f19682021-12-21 10:24:15.948root 11241100x8000000000000000343473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a74f28662e474ca2021-12-21 10:24:15.948root 11241100x8000000000000000343474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab4c52bf3a92f4f2021-12-21 10:24:15.948root 11241100x8000000000000000343475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ad88eec30d83f92021-12-21 10:24:15.948root 11241100x8000000000000000343476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b6b739a809c8492021-12-21 10:24:15.948root 11241100x8000000000000000343477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd4c7d3b2ca2f9e2021-12-21 10:24:15.949root 11241100x8000000000000000343478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0fc2b48d2fa9d92021-12-21 10:24:15.949root 11241100x8000000000000000343479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe94ecf9734ddf42021-12-21 10:24:15.949root 11241100x8000000000000000343480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ddb73ebcc8834c2021-12-21 10:24:15.949root 11241100x8000000000000000343481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c18891abb1bbc82021-12-21 10:24:15.949root 11241100x8000000000000000343482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b59b404d6bde2262021-12-21 10:24:15.949root 11241100x8000000000000000343483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4b7a900693bda02021-12-21 10:24:15.949root 11241100x8000000000000000343484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fa11157c3c57f52021-12-21 10:24:15.949root 11241100x8000000000000000343485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc333a75410062cd2021-12-21 10:24:15.950root 11241100x8000000000000000343486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.316d40f06034462d2021-12-21 10:24:15.950root 11241100x8000000000000000343487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7816a510bcc350fb2021-12-21 10:24:15.950root 11241100x8000000000000000343488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7f4e1620639f8d2021-12-21 10:24:15.950root 11241100x8000000000000000343489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16432cd6dcb1767d2021-12-21 10:24:15.950root 11241100x8000000000000000343490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73a2fc27c83b48b2021-12-21 10:24:15.950root 11241100x8000000000000000343491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2de0b66026c10302021-12-21 10:24:15.950root 11241100x8000000000000000343492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e6c440d7f6fc4f2021-12-21 10:24:15.950root 11241100x8000000000000000343493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069c600be7cbc8622021-12-21 10:24:15.950root 11241100x8000000000000000343494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c798f6d1456a132021-12-21 10:24:15.951root 11241100x8000000000000000343495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca3b156e9c650e82021-12-21 10:24:15.951root 11241100x8000000000000000343496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b160f930007eb61c2021-12-21 10:24:15.951root 11241100x8000000000000000343497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8c084cc45da1c62021-12-21 10:24:15.951root 11241100x8000000000000000343498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9a474f6c2347162021-12-21 10:24:15.951root 11241100x8000000000000000343499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:15.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c0704eb3bc5fd72021-12-21 10:24:15.951root 354300x8000000000000000343500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.111{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47048-false10.0.1.12-8000- 11241100x8000000000000000343501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d596e82635c87dbb2021-12-21 10:24:16.443root 11241100x8000000000000000343502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac4b41d210f6b0a2021-12-21 10:24:16.443root 11241100x8000000000000000343503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047b632f962c49a02021-12-21 10:24:16.443root 11241100x8000000000000000343504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14fd9c7c76421ad12021-12-21 10:24:16.444root 11241100x8000000000000000343505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65c9c40cabfe93f2021-12-21 10:24:16.444root 11241100x8000000000000000343506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7640233525d77f42021-12-21 10:24:16.444root 11241100x8000000000000000343507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd27e208c6e3a9f2021-12-21 10:24:16.444root 11241100x8000000000000000343508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d210372e2bf0252021-12-21 10:24:16.444root 11241100x8000000000000000343509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2cfd7eca3dfd9072021-12-21 10:24:16.444root 11241100x8000000000000000343510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6895340cbac7352021-12-21 10:24:16.444root 11241100x8000000000000000343511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace680b7e181b1e52021-12-21 10:24:16.444root 11241100x8000000000000000343512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656b6998bac9bdae2021-12-21 10:24:16.444root 11241100x8000000000000000343513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a717b0b63512b32021-12-21 10:24:16.444root 11241100x8000000000000000343514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4a57c74063eb002021-12-21 10:24:16.444root 11241100x8000000000000000343515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3df912bfcb7bbed2021-12-21 10:24:16.445root 11241100x8000000000000000343516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2eafe57ec5422c52021-12-21 10:24:16.445root 11241100x8000000000000000343517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f472b84cc4cd1642021-12-21 10:24:16.445root 11241100x8000000000000000343518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91909e11e734cbe72021-12-21 10:24:16.445root 11241100x8000000000000000343519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f1fe99815307dd2021-12-21 10:24:16.445root 11241100x8000000000000000343520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f279b3f9776f262021-12-21 10:24:16.445root 11241100x8000000000000000343521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084675096a2170342021-12-21 10:24:16.445root 11241100x8000000000000000343522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25d4cde6c4c52492021-12-21 10:24:16.445root 11241100x8000000000000000343523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0005d2743fadb1962021-12-21 10:24:16.445root 11241100x8000000000000000343524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1f6fef14e4d5b42021-12-21 10:24:16.445root 11241100x8000000000000000343525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24804853b255f47d2021-12-21 10:24:16.445root 11241100x8000000000000000343526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f6431c3ee1c1ce2021-12-21 10:24:16.446root 11241100x8000000000000000343527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1aa073579090312021-12-21 10:24:16.446root 11241100x8000000000000000343528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a80250758a6d252021-12-21 10:24:16.446root 11241100x8000000000000000343529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c38ae6e686006c02021-12-21 10:24:16.446root 11241100x8000000000000000343530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64ff97d3be993ce2021-12-21 10:24:16.446root 11241100x8000000000000000343531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbf3073c910a8ad2021-12-21 10:24:16.446root 11241100x8000000000000000343532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b603e2f39fd1145d2021-12-21 10:24:16.446root 11241100x8000000000000000343533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f921f913f2692e162021-12-21 10:24:16.446root 11241100x8000000000000000343534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebeba6840b31e9a42021-12-21 10:24:16.446root 11241100x8000000000000000343535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7166a7d9acce4c2021-12-21 10:24:16.446root 11241100x8000000000000000343536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dfa8848a52784f02021-12-21 10:24:16.447root 11241100x8000000000000000343537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e396c7eec03baa2021-12-21 10:24:16.447root 11241100x8000000000000000343538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d76d070d288db3a2021-12-21 10:24:16.447root 11241100x8000000000000000343539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3f4fc6f24018a02021-12-21 10:24:16.447root 11241100x8000000000000000343540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a90b781d2c79b22021-12-21 10:24:16.447root 11241100x8000000000000000343541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002c18b80a9750712021-12-21 10:24:16.447root 11241100x8000000000000000343542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095ad3dc709f67692021-12-21 10:24:16.447root 11241100x8000000000000000343543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a55dc7c3c8950e2021-12-21 10:24:16.452root 11241100x8000000000000000343544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c741ca368f8e3a2021-12-21 10:24:16.452root 11241100x8000000000000000343545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1cf23417ebc9e122021-12-21 10:24:16.452root 11241100x8000000000000000343546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a647b9b091b70f12021-12-21 10:24:16.452root 11241100x8000000000000000343547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be8d8ce99ef94102021-12-21 10:24:16.452root 11241100x8000000000000000343548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772727817404f9ab2021-12-21 10:24:16.452root 11241100x8000000000000000343549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d121734648ea06c2021-12-21 10:24:16.452root 11241100x8000000000000000343550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16d710dedd6d4d02021-12-21 10:24:16.452root 11241100x8000000000000000343551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ca2faca0b731a62021-12-21 10:24:16.452root 11241100x8000000000000000343552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22914f7fa1b4b942021-12-21 10:24:16.453root 11241100x8000000000000000343553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb7484540cae27712021-12-21 10:24:16.453root 11241100x8000000000000000343554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96965bf5740003c2021-12-21 10:24:16.453root 11241100x8000000000000000343555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9b5cd0e0293e822021-12-21 10:24:16.453root 11241100x8000000000000000343556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa9f43985c550f42021-12-21 10:24:16.453root 11241100x8000000000000000343557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c414c9a02df2002021-12-21 10:24:16.453root 11241100x8000000000000000343558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b096ee5e127304ac2021-12-21 10:24:16.453root 11241100x8000000000000000343559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7398e0e897a11c2021-12-21 10:24:16.453root 11241100x8000000000000000343560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8215e509a168146d2021-12-21 10:24:16.453root 11241100x8000000000000000343561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a8bc498ce4d13f2021-12-21 10:24:16.453root 11241100x8000000000000000343562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4d2204fb6fd2f02021-12-21 10:24:16.453root 11241100x8000000000000000343563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92427181207c716a2021-12-21 10:24:16.454root 11241100x8000000000000000343564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892a76b05dd61a3b2021-12-21 10:24:16.454root 11241100x8000000000000000343565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427e608b67af9b942021-12-21 10:24:16.454root 11241100x8000000000000000343566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24bcc53f6465bf392021-12-21 10:24:16.454root 11241100x8000000000000000343567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96fe85daec7e0652021-12-21 10:24:16.454root 11241100x8000000000000000343568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f102f18ad940ad162021-12-21 10:24:16.454root 11241100x8000000000000000343569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9757ce3fc8ee6e832021-12-21 10:24:16.454root 11241100x8000000000000000343570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5720f4b788c9d86a2021-12-21 10:24:16.454root 11241100x8000000000000000343571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7aab7fdc91e7a5b2021-12-21 10:24:16.454root 11241100x8000000000000000343572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25529103c72f34362021-12-21 10:24:16.454root 11241100x8000000000000000343573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9a70572ea548a62021-12-21 10:24:16.454root 11241100x8000000000000000343574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64e3104dc7656ca2021-12-21 10:24:16.455root 11241100x8000000000000000343575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47df43bff446acb42021-12-21 10:24:16.455root 11241100x8000000000000000343576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d4a219b6285b3e2021-12-21 10:24:16.943root 11241100x8000000000000000343577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4683b3483566ef2021-12-21 10:24:16.943root 11241100x8000000000000000343578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db358c37de24cf8f2021-12-21 10:24:16.943root 11241100x8000000000000000343579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e2ad7f47a04e672021-12-21 10:24:16.943root 11241100x8000000000000000343580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77332fe6529088322021-12-21 10:24:16.943root 11241100x8000000000000000343581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2157f5b3139ef8e62021-12-21 10:24:16.944root 11241100x8000000000000000343582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49960ae97d5281272021-12-21 10:24:16.944root 11241100x8000000000000000343583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e230815057ccef382021-12-21 10:24:16.944root 11241100x8000000000000000343584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f1ae20cc53b9792021-12-21 10:24:16.944root 11241100x8000000000000000343585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb7f9059c08353a2021-12-21 10:24:16.945root 11241100x8000000000000000343586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04231511def402bd2021-12-21 10:24:16.945root 11241100x8000000000000000343587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58f6817007512512021-12-21 10:24:16.945root 11241100x8000000000000000343588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9901d01d92e486542021-12-21 10:24:16.945root 11241100x8000000000000000343589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bba7e3f5b117c202021-12-21 10:24:16.945root 11241100x8000000000000000343590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df180a9b3ff2b50d2021-12-21 10:24:16.945root 11241100x8000000000000000343591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8670504ab31b6f2021-12-21 10:24:16.945root 11241100x8000000000000000343592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27a88277d26bc472021-12-21 10:24:16.947root 11241100x8000000000000000343593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc8754ebe4d46e02021-12-21 10:24:16.947root 11241100x8000000000000000343594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d4b238c12451072021-12-21 10:24:16.947root 11241100x8000000000000000343595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73440e36c3a35ca62021-12-21 10:24:16.947root 11241100x8000000000000000343596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d022776e844e7cd22021-12-21 10:24:16.947root 11241100x8000000000000000343597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aacd40c2ff319812021-12-21 10:24:16.947root 11241100x8000000000000000343598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56521597a460a6d12021-12-21 10:24:16.947root 11241100x8000000000000000343599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677fb4ad686e792f2021-12-21 10:24:16.948root 11241100x8000000000000000343600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db6debdfad1a4182021-12-21 10:24:16.948root 11241100x8000000000000000343601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a656c5b253d4e92021-12-21 10:24:16.948root 11241100x8000000000000000343602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c44d1630ab5b492021-12-21 10:24:16.948root 11241100x8000000000000000343603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca710bf9df1a1a62021-12-21 10:24:16.948root 11241100x8000000000000000343604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce6af42dd508e9b2021-12-21 10:24:16.948root 11241100x8000000000000000343605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f102fe4be3f249132021-12-21 10:24:16.948root 11241100x8000000000000000343606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ef9d49ea5c72762021-12-21 10:24:16.949root 11241100x8000000000000000343607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cdeffe1dd7be93e2021-12-21 10:24:16.949root 11241100x8000000000000000343608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce9fc9efdfbea3d2021-12-21 10:24:16.950root 11241100x8000000000000000343609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75c635f38867e2c2021-12-21 10:24:16.950root 11241100x8000000000000000343610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292ccea31e91fbcd2021-12-21 10:24:16.950root 11241100x8000000000000000343611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1925ba2401ac3b1d2021-12-21 10:24:16.950root 11241100x8000000000000000343612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a7fa0d7470fb09c2021-12-21 10:24:16.950root 11241100x8000000000000000343613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a716699aceee85a2021-12-21 10:24:16.950root 11241100x8000000000000000343614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6089c26a7482ef2021-12-21 10:24:16.950root 11241100x8000000000000000343615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0720e14082b935692021-12-21 10:24:16.950root 11241100x8000000000000000343616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73745b601a2dfb942021-12-21 10:24:16.951root 11241100x8000000000000000343617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5275ba40804c53672021-12-21 10:24:16.951root 11241100x8000000000000000343618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762257545fafcdde2021-12-21 10:24:16.951root 11241100x8000000000000000343619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4b6f3ca6610c792021-12-21 10:24:16.951root 11241100x8000000000000000343620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4997c8392f63e62021-12-21 10:24:16.951root 11241100x8000000000000000343621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17df4d4f77ebfb52021-12-21 10:24:16.952root 11241100x8000000000000000343622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c417bbdd65a3d52021-12-21 10:24:16.952root 11241100x8000000000000000343623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.277d046f5e98baa22021-12-21 10:24:16.952root 11241100x8000000000000000343624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3311967c858982312021-12-21 10:24:16.952root 11241100x8000000000000000343625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91754d2d55e265a2021-12-21 10:24:16.952root 11241100x8000000000000000343626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3714711f2242906a2021-12-21 10:24:16.952root 11241100x8000000000000000343627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3a710ea8084fdf2021-12-21 10:24:16.953root 11241100x8000000000000000343628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf6263012921f0b2021-12-21 10:24:16.953root 11241100x8000000000000000343629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c530e96d3d42102021-12-21 10:24:16.953root 11241100x8000000000000000343630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5775d19124d0522021-12-21 10:24:16.953root 11241100x8000000000000000343631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ab26fe7772af6252021-12-21 10:24:16.953root 11241100x8000000000000000343632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0b777ec379c8c22021-12-21 10:24:16.954root 11241100x8000000000000000343633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af568e05b6bad4132021-12-21 10:24:16.954root 11241100x8000000000000000343634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0de8dd86c4dc85f2021-12-21 10:24:16.954root 11241100x8000000000000000343635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:16.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab22adef89bed0182021-12-21 10:24:16.954root 11241100x8000000000000000343636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85971df1d7c14b52021-12-21 10:24:17.443root 11241100x8000000000000000343637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9396df73fba685ca2021-12-21 10:24:17.443root 11241100x8000000000000000343638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc5035bf7f2c1b32021-12-21 10:24:17.443root 11241100x8000000000000000343639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b616894284bab832021-12-21 10:24:17.443root 11241100x8000000000000000343640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e9a91bc6cf7baf2021-12-21 10:24:17.443root 11241100x8000000000000000343641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dca51c1918306b92021-12-21 10:24:17.443root 11241100x8000000000000000343642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b374b7fa1c29e552021-12-21 10:24:17.443root 11241100x8000000000000000343643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8437510f54e070172021-12-21 10:24:17.444root 11241100x8000000000000000343644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f933779a27799b662021-12-21 10:24:17.444root 11241100x8000000000000000343645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b520895f1645ad2021-12-21 10:24:17.444root 11241100x8000000000000000343646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb593c4c1cae2f002021-12-21 10:24:17.444root 11241100x8000000000000000343647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73644f9e6657aea2021-12-21 10:24:17.444root 11241100x8000000000000000343648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c106416ec7e2592021-12-21 10:24:17.444root 11241100x8000000000000000343649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161c6569c884343d2021-12-21 10:24:17.444root 11241100x8000000000000000343650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f989da79e39214102021-12-21 10:24:17.444root 11241100x8000000000000000343651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d69a6d7c61e71ab2021-12-21 10:24:17.444root 11241100x8000000000000000343652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4cbadc6a020fcaa2021-12-21 10:24:17.444root 11241100x8000000000000000343653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24bdd3e84ebe779f2021-12-21 10:24:17.444root 11241100x8000000000000000343654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f9ecaff230a2872021-12-21 10:24:17.445root 11241100x8000000000000000343655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1992986c899fe5d02021-12-21 10:24:17.445root 11241100x8000000000000000343656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5a9f76e2fbaa992021-12-21 10:24:17.445root 11241100x8000000000000000343657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af16de2fbfb132b42021-12-21 10:24:17.445root 11241100x8000000000000000343658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21aa58d0cd1b6eff2021-12-21 10:24:17.445root 11241100x8000000000000000343659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b2dfb08f5ba8332021-12-21 10:24:17.445root 11241100x8000000000000000343660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3090c570101d404a2021-12-21 10:24:17.445root 11241100x8000000000000000343661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b2748fbf7623af2021-12-21 10:24:17.445root 11241100x8000000000000000343662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c7cd5b3a76128f2021-12-21 10:24:17.445root 11241100x8000000000000000343663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd257ad903a943f2021-12-21 10:24:17.446root 11241100x8000000000000000343664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb21cf50f88ddd92021-12-21 10:24:17.446root 11241100x8000000000000000343665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26268d5d176169a32021-12-21 10:24:17.446root 11241100x8000000000000000343666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81978d9006cb76452021-12-21 10:24:17.446root 11241100x8000000000000000343667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96059dbf16c735b52021-12-21 10:24:17.446root 11241100x8000000000000000343668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f090c02f6959fe1b2021-12-21 10:24:17.447root 11241100x8000000000000000343669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b50fba21b1d4992021-12-21 10:24:17.447root 11241100x8000000000000000343670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78739c7b4abaca452021-12-21 10:24:17.447root 11241100x8000000000000000343671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa34fc3e0444bfc2021-12-21 10:24:17.447root 11241100x8000000000000000343672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729fc0c34e3b2dcd2021-12-21 10:24:17.447root 11241100x8000000000000000343673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ede2c3266270b9052021-12-21 10:24:17.447root 11241100x8000000000000000343674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ec4495cd9fe7572021-12-21 10:24:17.448root 11241100x8000000000000000343675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1810b4afca1f07172021-12-21 10:24:17.448root 11241100x8000000000000000343676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc43867cbc8022a82021-12-21 10:24:17.448root 11241100x8000000000000000343677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54267a6443a83352021-12-21 10:24:17.448root 11241100x8000000000000000343678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba69b6c54287cd712021-12-21 10:24:17.448root 11241100x8000000000000000343679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620ed65f404b6ed12021-12-21 10:24:17.448root 11241100x8000000000000000343680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f12a8dd33ae99592021-12-21 10:24:17.448root 11241100x8000000000000000343681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ea9ea6e77c84132021-12-21 10:24:17.448root 11241100x8000000000000000343682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad8cb692cc8988e2021-12-21 10:24:17.448root 11241100x8000000000000000343683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246a3359c75b48242021-12-21 10:24:17.448root 11241100x8000000000000000343684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91232a78f2a27842021-12-21 10:24:17.448root 11241100x8000000000000000343685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4490077417e1efa2021-12-21 10:24:17.448root 11241100x8000000000000000343686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf312fd3e10f5f32021-12-21 10:24:17.449root 11241100x8000000000000000343687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1563858003aab9bf2021-12-21 10:24:17.449root 11241100x8000000000000000343688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4170c0bf81328dc2021-12-21 10:24:17.449root 11241100x8000000000000000343689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb125c8ea9c44722021-12-21 10:24:17.449root 11241100x8000000000000000343690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dcf8335ab184e072021-12-21 10:24:17.449root 11241100x8000000000000000343691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03c837ecfc248272021-12-21 10:24:17.449root 11241100x8000000000000000343692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976bac3257a9437e2021-12-21 10:24:17.449root 11241100x8000000000000000343693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d30ed39c71651992021-12-21 10:24:17.451root 11241100x8000000000000000343694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bfb181a513b9b5c2021-12-21 10:24:17.943root 11241100x8000000000000000343695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159608ec30d5c8832021-12-21 10:24:17.943root 11241100x8000000000000000343696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29cd9ba2078d6782021-12-21 10:24:17.943root 11241100x8000000000000000343697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7558b861fe10af892021-12-21 10:24:17.943root 11241100x8000000000000000343698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0c8565b87e9c3a2021-12-21 10:24:17.943root 11241100x8000000000000000343699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0663b58fa816732021-12-21 10:24:17.944root 11241100x8000000000000000343700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fec58bb8d60218f2021-12-21 10:24:17.944root 11241100x8000000000000000343701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed028e241532ba1e2021-12-21 10:24:17.944root 11241100x8000000000000000343702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951509c435f6849c2021-12-21 10:24:17.944root 11241100x8000000000000000343703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c3ba3ba11644152021-12-21 10:24:17.944root 11241100x8000000000000000343704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21358c2b37b1374f2021-12-21 10:24:17.945root 11241100x8000000000000000343705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf223ded37d958ba2021-12-21 10:24:17.945root 11241100x8000000000000000343706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51fa711ddfab34512021-12-21 10:24:17.945root 11241100x8000000000000000343707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fc17446952d4952021-12-21 10:24:17.945root 11241100x8000000000000000343708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e0f37af607639e2021-12-21 10:24:17.945root 11241100x8000000000000000343709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e73e6cc041e80d32021-12-21 10:24:17.945root 11241100x8000000000000000343710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44145f0480c10e7c2021-12-21 10:24:17.945root 11241100x8000000000000000343711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b1cdd515e4fa5e2021-12-21 10:24:17.945root 11241100x8000000000000000343712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e746b6463bfd3b712021-12-21 10:24:17.945root 11241100x8000000000000000343713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be366f39344ec542021-12-21 10:24:17.945root 11241100x8000000000000000343714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b039683571daab2021-12-21 10:24:17.946root 11241100x8000000000000000343715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d07f07160657972021-12-21 10:24:17.946root 11241100x8000000000000000343716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.848c060284a69aa42021-12-21 10:24:17.946root 11241100x8000000000000000343717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876359e094a3d4822021-12-21 10:24:17.946root 11241100x8000000000000000343718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37c3be28df4b5fe2021-12-21 10:24:17.946root 11241100x8000000000000000343719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd6b8c24264d1432021-12-21 10:24:17.946root 11241100x8000000000000000343720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3019a22b5b1147742021-12-21 10:24:17.947root 11241100x8000000000000000343721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9492f90a5b19c52021-12-21 10:24:17.947root 11241100x8000000000000000343722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0db8ce394a0b6b02021-12-21 10:24:17.947root 11241100x8000000000000000343723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab76b2e62baa3562021-12-21 10:24:17.948root 11241100x8000000000000000343724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38eebea0e97446c2021-12-21 10:24:17.949root 11241100x8000000000000000343725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b3c469c031293c2021-12-21 10:24:17.949root 11241100x8000000000000000343726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2ed33d2301641c2021-12-21 10:24:17.949root 11241100x8000000000000000343727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be63ea7b44b913872021-12-21 10:24:17.949root 11241100x8000000000000000343728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903d2bf1fb96cb0e2021-12-21 10:24:17.950root 11241100x8000000000000000343729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5da74b9bac5ac0b2021-12-21 10:24:17.950root 11241100x8000000000000000343730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6002e38cba412922021-12-21 10:24:17.950root 11241100x8000000000000000343731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027dbe5e46e132b62021-12-21 10:24:17.950root 11241100x8000000000000000343732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6969691abdf59f2021-12-21 10:24:17.951root 11241100x8000000000000000343733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b6aa44788fbf512021-12-21 10:24:17.951root 11241100x8000000000000000343734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba372330e282a9522021-12-21 10:24:17.951root 11241100x8000000000000000343735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46084be33b277b482021-12-21 10:24:17.951root 11241100x8000000000000000343736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2a62c5b4b01bcf2021-12-21 10:24:17.951root 11241100x8000000000000000343737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a10aa3bebfc1f22021-12-21 10:24:17.952root 11241100x8000000000000000343738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a8da55408df6842021-12-21 10:24:17.952root 11241100x8000000000000000343739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0171bf37a6d0cddf2021-12-21 10:24:17.952root 11241100x8000000000000000343740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c17d6def493b86c2021-12-21 10:24:17.952root 11241100x8000000000000000343741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32360c68c8bf41f2021-12-21 10:24:17.952root 11241100x8000000000000000343742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708f2b80a9ad4e3e2021-12-21 10:24:17.953root 11241100x8000000000000000343743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0d61e43d0b764d2021-12-21 10:24:17.953root 11241100x8000000000000000343744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d58d3e80b7f58c2021-12-21 10:24:17.953root 11241100x8000000000000000343745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:17.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8ff1a7e78db34e2021-12-21 10:24:17.953root 11241100x8000000000000000343746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8661a66ff6029b2021-12-21 10:24:18.443root 11241100x8000000000000000343747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f310e058d10d6c42021-12-21 10:24:18.443root 11241100x8000000000000000343748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8425a33f4ddae23e2021-12-21 10:24:18.443root 11241100x8000000000000000343749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee897dbe5a0b9112021-12-21 10:24:18.443root 11241100x8000000000000000343750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ef600381a584f02021-12-21 10:24:18.443root 11241100x8000000000000000343751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f65c198f08034072021-12-21 10:24:18.444root 11241100x8000000000000000343752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb6af68899308342021-12-21 10:24:18.444root 11241100x8000000000000000343753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d3f85c63869def2021-12-21 10:24:18.444root 11241100x8000000000000000343754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cda9067b442dcea2021-12-21 10:24:18.444root 11241100x8000000000000000343755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f42a378e2d83182021-12-21 10:24:18.444root 11241100x8000000000000000343756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5adff70341ebec2021-12-21 10:24:18.444root 11241100x8000000000000000343757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59c1e34dbeaaf6702021-12-21 10:24:18.444root 11241100x8000000000000000343758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a66842929eb61472021-12-21 10:24:18.444root 11241100x8000000000000000343759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132f71865e2c108a2021-12-21 10:24:18.445root 11241100x8000000000000000343760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959cb0a1f48ee69f2021-12-21 10:24:18.445root 11241100x8000000000000000343761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97e2debb8d3cee92021-12-21 10:24:18.445root 11241100x8000000000000000343762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb6b09ededf90ef2021-12-21 10:24:18.445root 11241100x8000000000000000343763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5da0b5cb541c3d12021-12-21 10:24:18.445root 11241100x8000000000000000343764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92118a21dd40c2fe2021-12-21 10:24:18.445root 11241100x8000000000000000343765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22532cd2f288be6c2021-12-21 10:24:18.445root 11241100x8000000000000000343766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89adf1787dc27c6b2021-12-21 10:24:18.446root 11241100x8000000000000000343767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76afc9b3d9e720fe2021-12-21 10:24:18.446root 11241100x8000000000000000343768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603f3bdd2ec980e22021-12-21 10:24:18.446root 11241100x8000000000000000343769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a42e950192e2d202021-12-21 10:24:18.446root 11241100x8000000000000000343770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b7ddb8c241c1ce2021-12-21 10:24:18.446root 11241100x8000000000000000343771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2d2ab15a0ff58c2021-12-21 10:24:18.447root 11241100x8000000000000000343772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10bdaed7135797372021-12-21 10:24:18.447root 11241100x8000000000000000343773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b61fb7e45af9032021-12-21 10:24:18.447root 11241100x8000000000000000343774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a5adb573c86bc02021-12-21 10:24:18.447root 11241100x8000000000000000343775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3536271e7dc0898e2021-12-21 10:24:18.447root 11241100x8000000000000000343776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86490991fa1abaaa2021-12-21 10:24:18.447root 11241100x8000000000000000343777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1a9b046873a80a2021-12-21 10:24:18.447root 11241100x8000000000000000343778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76181009288732362021-12-21 10:24:18.448root 11241100x8000000000000000343779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c674486b9ce5dc002021-12-21 10:24:18.448root 11241100x8000000000000000343780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d15c7910c5991112021-12-21 10:24:18.448root 11241100x8000000000000000343781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2813ad86b28d7fe2021-12-21 10:24:18.448root 11241100x8000000000000000343782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae7fa4b23cbdb472021-12-21 10:24:18.448root 11241100x8000000000000000343783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a888339eaf68172021-12-21 10:24:18.448root 11241100x8000000000000000343784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44d342f6a5bb9912021-12-21 10:24:18.448root 11241100x8000000000000000343785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73c6385c1e8d10a2021-12-21 10:24:18.448root 11241100x8000000000000000343786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632383c0fd7965e02021-12-21 10:24:18.448root 11241100x8000000000000000343787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57cf24974224250e2021-12-21 10:24:18.448root 11241100x8000000000000000343788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4936eede15cf01c2021-12-21 10:24:18.449root 11241100x8000000000000000343789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b98a4afb6232142021-12-21 10:24:18.449root 11241100x8000000000000000343790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea474387f42a7cb2021-12-21 10:24:18.449root 11241100x8000000000000000343791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4c7c07273a24f02021-12-21 10:24:18.449root 11241100x8000000000000000343792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b61a7457b7eec02021-12-21 10:24:18.449root 11241100x8000000000000000343793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ae1bfa6959970e2021-12-21 10:24:18.449root 11241100x8000000000000000343794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8f808a804cd9292021-12-21 10:24:18.449root 11241100x8000000000000000343795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db24910fab83ac102021-12-21 10:24:18.449root 11241100x8000000000000000343796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9fdb3d160d846a22021-12-21 10:24:18.449root 11241100x8000000000000000343797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd9d61dc4959b242021-12-21 10:24:18.450root 11241100x8000000000000000343798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98235c2e5644ce6d2021-12-21 10:24:18.450root 11241100x8000000000000000343799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287fae600a5dbc3f2021-12-21 10:24:18.450root 11241100x8000000000000000343800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab03696ac11f7d582021-12-21 10:24:18.450root 11241100x8000000000000000343801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e422e4c4be711ae2021-12-21 10:24:18.943root 11241100x8000000000000000343802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7010f00e2eab8af2021-12-21 10:24:18.943root 11241100x8000000000000000343803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2643d024942e3ade2021-12-21 10:24:18.943root 11241100x8000000000000000343804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ca25e59a4a49eb2021-12-21 10:24:18.943root 11241100x8000000000000000343805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14497a7f375dab3f2021-12-21 10:24:18.943root 11241100x8000000000000000343806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d31f4fb9514460c2021-12-21 10:24:18.943root 11241100x8000000000000000343807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d12edc437a367fe2021-12-21 10:24:18.943root 11241100x8000000000000000343808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b3a39943d7168a2021-12-21 10:24:18.943root 11241100x8000000000000000343809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bff779cf7f165af2021-12-21 10:24:18.943root 11241100x8000000000000000343810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00c06d07dfae21c2021-12-21 10:24:18.944root 11241100x8000000000000000343811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df24e8f8b9083a812021-12-21 10:24:18.944root 11241100x8000000000000000343812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726c5e0c7930ab3a2021-12-21 10:24:18.944root 11241100x8000000000000000343813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d15d062b38857c2021-12-21 10:24:18.944root 11241100x8000000000000000343814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac10afa243a5d042021-12-21 10:24:18.944root 11241100x8000000000000000343815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e78803e6ef17b72021-12-21 10:24:18.944root 11241100x8000000000000000343816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa94feca337fa942021-12-21 10:24:18.944root 11241100x8000000000000000343817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c049c263b6b28f922021-12-21 10:24:18.944root 11241100x8000000000000000343818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa8ba75755262172021-12-21 10:24:18.944root 11241100x8000000000000000343819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50664bf926e646132021-12-21 10:24:18.945root 11241100x8000000000000000343820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fbe3df7c13b3fa2021-12-21 10:24:18.945root 11241100x8000000000000000343821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2fff062c01e184c2021-12-21 10:24:18.945root 11241100x8000000000000000343822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b2d8b5c16f4a032021-12-21 10:24:18.945root 11241100x8000000000000000343823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375143a228f8f6b62021-12-21 10:24:18.945root 11241100x8000000000000000343824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b89582969fbb9be2021-12-21 10:24:18.945root 11241100x8000000000000000343825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6767f19b831ae12021-12-21 10:24:18.945root 11241100x8000000000000000343826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21dcce9abbddbae2021-12-21 10:24:18.945root 11241100x8000000000000000343827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60cabafa28e6ce8a2021-12-21 10:24:18.946root 11241100x8000000000000000343828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b94173216da29f2021-12-21 10:24:18.946root 11241100x8000000000000000343829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec0158ecd8ee80b2021-12-21 10:24:18.946root 11241100x8000000000000000343830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72eb4c159a4e7eae2021-12-21 10:24:18.946root 11241100x8000000000000000343831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11abe32bcedb7372021-12-21 10:24:18.946root 11241100x8000000000000000343832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dcb9377c73b2fbb2021-12-21 10:24:18.946root 11241100x8000000000000000343833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4f24e7d856d30b2021-12-21 10:24:18.946root 11241100x8000000000000000343834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62f144365f5537a2021-12-21 10:24:18.947root 11241100x8000000000000000343835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed745f131ca044b2021-12-21 10:24:18.947root 11241100x8000000000000000343836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3efd12fd8f8fa4542021-12-21 10:24:18.947root 11241100x8000000000000000343837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29eb959f50e97d792021-12-21 10:24:18.947root 11241100x8000000000000000343838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af98d64513a9fa422021-12-21 10:24:18.947root 11241100x8000000000000000343839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e669d0138fbfd32021-12-21 10:24:18.947root 11241100x8000000000000000343840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b40fb6ee2f915c2021-12-21 10:24:18.947root 11241100x8000000000000000343841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83da8c7bc267e362021-12-21 10:24:18.947root 11241100x8000000000000000343842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea8ead8cbeed9ba2021-12-21 10:24:18.947root 11241100x8000000000000000343843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a53b49ab47ce7472021-12-21 10:24:18.947root 11241100x8000000000000000343844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84649e97049aa3a02021-12-21 10:24:18.947root 11241100x8000000000000000343845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db3cf0a198d1e7b2021-12-21 10:24:18.947root 11241100x8000000000000000343846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56bfd8f93de30db82021-12-21 10:24:18.948root 11241100x8000000000000000343847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9058b27ba2c60e2021-12-21 10:24:18.948root 11241100x8000000000000000343848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457859c3526a33c72021-12-21 10:24:18.948root 11241100x8000000000000000343849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31fa94e5e26faf52021-12-21 10:24:18.948root 11241100x8000000000000000343850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e244e7c311162592021-12-21 10:24:18.948root 11241100x8000000000000000343851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb71c71aeaf69b172021-12-21 10:24:18.948root 11241100x8000000000000000343852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e7a9c30afa66ba2021-12-21 10:24:18.948root 11241100x8000000000000000343853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624b246f57918fa82021-12-21 10:24:18.948root 11241100x8000000000000000343854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57cacb38f25b6672021-12-21 10:24:18.948root 11241100x8000000000000000343855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c385db243f70c62021-12-21 10:24:18.948root 11241100x8000000000000000343856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23ae07b26db1a6592021-12-21 10:24:18.948root 11241100x8000000000000000343857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8cc25a61d5339e62021-12-21 10:24:18.948root 11241100x8000000000000000343858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bfe127ace30d24e2021-12-21 10:24:18.948root 11241100x8000000000000000343859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94c5c3582ee1c152021-12-21 10:24:18.949root 11241100x8000000000000000343860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd2c1fdae6de0052021-12-21 10:24:18.949root 11241100x8000000000000000343861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7119fd7515dcc242021-12-21 10:24:18.949root 11241100x8000000000000000343862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:18.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a1e2b7511b9268e2021-12-21 10:24:18.949root 11241100x8000000000000000343863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503f5e8cdf9d76882021-12-21 10:24:19.443root 11241100x8000000000000000343864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3e27e2a5581fb12021-12-21 10:24:19.444root 11241100x8000000000000000343865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f7d7b7ae4d19a22021-12-21 10:24:19.444root 11241100x8000000000000000343866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd694c461c7f1322021-12-21 10:24:19.444root 11241100x8000000000000000343867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5008f9e5511e664e2021-12-21 10:24:19.444root 11241100x8000000000000000343868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81936783bfc851162021-12-21 10:24:19.444root 11241100x8000000000000000343869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd1e5d03f77eb032021-12-21 10:24:19.445root 11241100x8000000000000000343870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c536fe1833be94042021-12-21 10:24:19.445root 11241100x8000000000000000343871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3668892514fb2f02021-12-21 10:24:19.445root 11241100x8000000000000000343872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec65acb7c4cbdb482021-12-21 10:24:19.445root 11241100x8000000000000000343873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ee526f5346f1f82021-12-21 10:24:19.446root 11241100x8000000000000000343874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8794ebb62e00eb2021-12-21 10:24:19.446root 11241100x8000000000000000343875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafb322ec061d41d2021-12-21 10:24:19.446root 11241100x8000000000000000343876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa4c4ee8766c46b2021-12-21 10:24:19.447root 11241100x8000000000000000343877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3464c39078ef062021-12-21 10:24:19.447root 11241100x8000000000000000343878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f72a9bb715657332021-12-21 10:24:19.447root 11241100x8000000000000000343879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47ab494b08898342021-12-21 10:24:19.447root 11241100x8000000000000000343880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886362682cebd4b42021-12-21 10:24:19.447root 11241100x8000000000000000343881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715e3f9791a9ad592021-12-21 10:24:19.448root 11241100x8000000000000000343882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df8f37dde1938662021-12-21 10:24:19.448root 11241100x8000000000000000343883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489bd6b7cdfb1aee2021-12-21 10:24:19.448root 11241100x8000000000000000343884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e2d0920fcd0f432021-12-21 10:24:19.448root 11241100x8000000000000000343885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6e5243232c44f92021-12-21 10:24:19.448root 11241100x8000000000000000343886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a03f9c0090154362021-12-21 10:24:19.449root 11241100x8000000000000000343887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62bbba08c3fd01a32021-12-21 10:24:19.449root 11241100x8000000000000000343888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c7bbb07ea7a9472021-12-21 10:24:19.449root 11241100x8000000000000000343889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5813512285d1d2e02021-12-21 10:24:19.449root 11241100x8000000000000000343890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70161631882f1ad32021-12-21 10:24:19.449root 11241100x8000000000000000343891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db17151fab242d8a2021-12-21 10:24:19.449root 11241100x8000000000000000343892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf92abced67d3272021-12-21 10:24:19.450root 11241100x8000000000000000343893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886614dc55732bf62021-12-21 10:24:19.450root 11241100x8000000000000000343894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebef9403c8f338d42021-12-21 10:24:19.450root 11241100x8000000000000000343895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a81c0a2047c9da2021-12-21 10:24:19.450root 11241100x8000000000000000343896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f909fa3e8e7fd32021-12-21 10:24:19.450root 11241100x8000000000000000343897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2ce27714644c922021-12-21 10:24:19.450root 11241100x8000000000000000343898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2e32f0ba75bd252021-12-21 10:24:19.451root 11241100x8000000000000000343899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d55cd189b537402021-12-21 10:24:19.451root 11241100x8000000000000000343900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f215f27bb5edc482021-12-21 10:24:19.451root 11241100x8000000000000000343901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0707a9c1b576e1412021-12-21 10:24:19.451root 11241100x8000000000000000343902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a4970aab3d4e272021-12-21 10:24:19.451root 11241100x8000000000000000343903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16de52eac90a61fa2021-12-21 10:24:19.451root 11241100x8000000000000000343904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d93980d5cd8cecd2021-12-21 10:24:19.451root 11241100x8000000000000000343905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4d5af55d1abd4e2021-12-21 10:24:19.451root 11241100x8000000000000000343906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b233770d8603a9b52021-12-21 10:24:19.451root 11241100x8000000000000000343907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a6bdb17cfdec3b2021-12-21 10:24:19.452root 11241100x8000000000000000343908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb701171fbf9a2752021-12-21 10:24:19.452root 11241100x8000000000000000343909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833c7ab3571db6602021-12-21 10:24:19.452root 11241100x8000000000000000343910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfc3c3aa37feb072021-12-21 10:24:19.452root 11241100x8000000000000000343911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd483e1f9622faf2021-12-21 10:24:19.452root 11241100x8000000000000000343912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27c822eebb6a8042021-12-21 10:24:19.452root 11241100x8000000000000000343913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7ba44fc1062b582021-12-21 10:24:19.452root 11241100x8000000000000000343914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2bbb6bd73470cf2021-12-21 10:24:19.453root 11241100x8000000000000000343915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547845fa14e3e7e92021-12-21 10:24:19.453root 11241100x8000000000000000343916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044b2531ed81c37a2021-12-21 10:24:19.453root 11241100x8000000000000000343917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2035ae698322c3192021-12-21 10:24:19.453root 11241100x8000000000000000343918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349cbf877225ad302021-12-21 10:24:19.454root 11241100x8000000000000000343919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d76d1da48997202021-12-21 10:24:19.454root 11241100x8000000000000000343920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb501bd001117d5c2021-12-21 10:24:19.454root 11241100x8000000000000000343921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1c3a624302027e2021-12-21 10:24:19.454root 11241100x8000000000000000343922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75769d0f56d5b7ea2021-12-21 10:24:19.454root 11241100x8000000000000000343923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43701ca79a4e9ae02021-12-21 10:24:19.454root 11241100x8000000000000000343924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ab562d745effd02021-12-21 10:24:19.455root 11241100x8000000000000000343925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b7d45d360868fc22021-12-21 10:24:19.455root 11241100x8000000000000000343926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4183e50e85e37222021-12-21 10:24:19.455root 11241100x8000000000000000343927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162844c810b124242021-12-21 10:24:19.455root 11241100x8000000000000000343928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615629c9dd0007ad2021-12-21 10:24:19.455root 11241100x8000000000000000343929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd56af8ff8a03e52021-12-21 10:24:19.455root 11241100x8000000000000000343930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792f34fe9f995cbe2021-12-21 10:24:19.456root 11241100x8000000000000000343931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f59910ae55f60f2021-12-21 10:24:19.456root 11241100x8000000000000000343932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35269fc60395137f2021-12-21 10:24:19.456root 11241100x8000000000000000343933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7756cdfa2ef90742021-12-21 10:24:19.456root 11241100x8000000000000000343934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6064666428f69432021-12-21 10:24:19.456root 11241100x8000000000000000343935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee695c1cf4b254812021-12-21 10:24:19.456root 11241100x8000000000000000343936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a748be3bfd6cdd62021-12-21 10:24:19.456root 11241100x8000000000000000343937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580cc79e970c49bb2021-12-21 10:24:19.456root 11241100x8000000000000000343938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c104e53be191011d2021-12-21 10:24:19.456root 11241100x8000000000000000343939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370b6ec62ff373192021-12-21 10:24:19.456root 11241100x8000000000000000343940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0687e9eb6bee44ff2021-12-21 10:24:19.456root 11241100x8000000000000000343941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287072ba4f2da9272021-12-21 10:24:19.457root 11241100x8000000000000000343942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670d0dfb716ce04b2021-12-21 10:24:19.457root 11241100x8000000000000000343943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a9d34962cc81fc2021-12-21 10:24:19.457root 11241100x8000000000000000343944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08f8236ac5419c332021-12-21 10:24:19.457root 11241100x8000000000000000343945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59634c94feb37e942021-12-21 10:24:19.457root 11241100x8000000000000000343946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d464af7be85ccd3c2021-12-21 10:24:19.457root 11241100x8000000000000000343947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f93b2532479bd82021-12-21 10:24:19.458root 11241100x8000000000000000343948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb37436d7772c2a2021-12-21 10:24:19.458root 11241100x8000000000000000343949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1130137c99be46e02021-12-21 10:24:19.458root 11241100x8000000000000000343950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b4356f0e7291c72021-12-21 10:24:19.458root 11241100x8000000000000000343951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873766efb0ab6c0c2021-12-21 10:24:19.459root 11241100x8000000000000000343952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5928823fd162c0482021-12-21 10:24:19.459root 11241100x8000000000000000343953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27197169ad209632021-12-21 10:24:19.459root 11241100x8000000000000000343954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2924d8c551e700d82021-12-21 10:24:19.459root 11241100x8000000000000000343955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc52a53821b61e42021-12-21 10:24:19.459root 11241100x8000000000000000343956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0068a875748e44732021-12-21 10:24:19.459root 11241100x8000000000000000343957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cfc81cfb2ad53832021-12-21 10:24:19.459root 11241100x8000000000000000343958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9c8268fc75ac482021-12-21 10:24:19.459root 11241100x8000000000000000343959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e02b123bfff5fd82021-12-21 10:24:19.459root 11241100x8000000000000000343960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1236ff9d6b63004e2021-12-21 10:24:19.459root 11241100x8000000000000000343961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8dba7ddfc70f0232021-12-21 10:24:19.460root 11241100x8000000000000000343962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c443b88ec3cc8b2021-12-21 10:24:19.460root 11241100x8000000000000000343963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f37e602459dfa12021-12-21 10:24:19.460root 11241100x8000000000000000343964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffde596234d5e2222021-12-21 10:24:19.460root 11241100x8000000000000000343965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f21f1d9693a9c582021-12-21 10:24:19.460root 11241100x8000000000000000343966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b07be7d3aced8382021-12-21 10:24:19.460root 11241100x8000000000000000343967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519db78e9ef45caa2021-12-21 10:24:19.460root 11241100x8000000000000000343968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de1424eba3378ad2021-12-21 10:24:19.461root 11241100x8000000000000000343969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59cff13ecbd59a342021-12-21 10:24:19.461root 11241100x8000000000000000343970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a125a541536087c42021-12-21 10:24:19.461root 11241100x8000000000000000343971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078bd22e37fa989b2021-12-21 10:24:19.461root 11241100x8000000000000000343972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf70cae75110b792021-12-21 10:24:19.461root 11241100x8000000000000000343973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4538fbbc2af6cff12021-12-21 10:24:19.461root 11241100x8000000000000000343974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa9ea90d8e2a0a82021-12-21 10:24:19.461root 11241100x8000000000000000343975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a941c12302b0d02021-12-21 10:24:19.461root 11241100x8000000000000000343976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c3308bb8d8f2d52021-12-21 10:24:19.462root 11241100x8000000000000000343977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46715da79c92dac22021-12-21 10:24:19.462root 11241100x8000000000000000343978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc68d9ca905ae932021-12-21 10:24:19.462root 11241100x8000000000000000343979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f340d8bdcbf189ea2021-12-21 10:24:19.462root 11241100x8000000000000000343980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b25c72c15e7b852021-12-21 10:24:19.462root 11241100x8000000000000000343981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27fa1f80fb0960232021-12-21 10:24:19.943root 11241100x8000000000000000343982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9142b5a2982f8732021-12-21 10:24:19.943root 11241100x8000000000000000343983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce7c470f7e49fc72021-12-21 10:24:19.943root 11241100x8000000000000000343984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad309a88f99ad47e2021-12-21 10:24:19.943root 11241100x8000000000000000343985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aefeda9b13dbdec72021-12-21 10:24:19.944root 11241100x8000000000000000343986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8820e84750869d52021-12-21 10:24:19.944root 11241100x8000000000000000343987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07576f83ab1200e12021-12-21 10:24:19.944root 11241100x8000000000000000343988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae821b22168f14232021-12-21 10:24:19.944root 11241100x8000000000000000343989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f61b900fd7811aa2021-12-21 10:24:19.944root 11241100x8000000000000000343990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e61a44aa6cf2012021-12-21 10:24:19.944root 11241100x8000000000000000343991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85859853b381f8fc2021-12-21 10:24:19.944root 11241100x8000000000000000343992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1283f0aa4056da2021-12-21 10:24:19.944root 11241100x8000000000000000343993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc273eb51fcc7d532021-12-21 10:24:19.944root 11241100x8000000000000000343994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21d1e100f326fb12021-12-21 10:24:19.944root 11241100x8000000000000000343995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad20209579ac17f2021-12-21 10:24:19.944root 11241100x8000000000000000343996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b83b8dcbf627812021-12-21 10:24:19.944root 11241100x8000000000000000343997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af40dc4d19a6eca2021-12-21 10:24:19.944root 11241100x8000000000000000343998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fba288cec7d13ee2021-12-21 10:24:19.944root 11241100x8000000000000000343999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.553520996fcfd1f92021-12-21 10:24:19.944root 11241100x8000000000000000344000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e8fb940aa0b2c42021-12-21 10:24:19.944root 11241100x8000000000000000344001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b983eb7ad6ac761e2021-12-21 10:24:19.945root 11241100x8000000000000000344002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6073ff738da4a42021-12-21 10:24:19.945root 11241100x8000000000000000344003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54475aa7e04b0d652021-12-21 10:24:19.945root 11241100x8000000000000000344004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa200f18deea3ece2021-12-21 10:24:19.945root 11241100x8000000000000000344005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.debe85e33029cf972021-12-21 10:24:19.945root 11241100x8000000000000000344006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c84261d4b6d1392021-12-21 10:24:19.945root 11241100x8000000000000000344007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b0198a9c8003102021-12-21 10:24:19.945root 11241100x8000000000000000344008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8573c71e6679ae02021-12-21 10:24:19.945root 11241100x8000000000000000344009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98bc350a58b145f52021-12-21 10:24:19.945root 11241100x8000000000000000344010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223b825d3e9597482021-12-21 10:24:19.945root 11241100x8000000000000000344011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa63b9125ad95db2021-12-21 10:24:19.945root 11241100x8000000000000000344012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f7b1dbfc59503c2021-12-21 10:24:19.945root 11241100x8000000000000000344013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021df151a3e7e7352021-12-21 10:24:19.945root 11241100x8000000000000000344014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6656c243c0bcb8d02021-12-21 10:24:19.945root 11241100x8000000000000000344015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.198a1ce18118aecd2021-12-21 10:24:19.946root 11241100x8000000000000000344016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6991cf3ea27769de2021-12-21 10:24:19.946root 11241100x8000000000000000344017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd30e7dba1ca296d2021-12-21 10:24:19.946root 11241100x8000000000000000344018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a48babbd2b2b7322021-12-21 10:24:19.946root 11241100x8000000000000000344019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3bfa8933167c5c2021-12-21 10:24:19.946root 11241100x8000000000000000344020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f4051fe71d510e2021-12-21 10:24:19.946root 11241100x8000000000000000344021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9bd6f5641d9c472021-12-21 10:24:19.946root 11241100x8000000000000000344022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d4318eabc7e9792021-12-21 10:24:19.946root 11241100x8000000000000000344023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3c31b952e7e1e52021-12-21 10:24:19.946root 11241100x8000000000000000344024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220792216a265d6d2021-12-21 10:24:19.946root 11241100x8000000000000000344025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb79eef75423a452021-12-21 10:24:19.946root 11241100x8000000000000000344026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078795372b2687412021-12-21 10:24:19.946root 11241100x8000000000000000344027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699fd8acd8cb1f162021-12-21 10:24:19.946root 11241100x8000000000000000344028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c5762dd890877d2021-12-21 10:24:19.946root 11241100x8000000000000000344029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdeb7a1c20cb7382021-12-21 10:24:19.946root 11241100x8000000000000000344030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6259ac84c99380c2021-12-21 10:24:19.947root 11241100x8000000000000000344031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c50ed31da7d3d422021-12-21 10:24:19.947root 11241100x8000000000000000344032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62faf64926ad63a92021-12-21 10:24:19.947root 11241100x8000000000000000344033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b4667fc1f8d3e42021-12-21 10:24:20.443root 11241100x8000000000000000344034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cdce771b6d423ba2021-12-21 10:24:20.443root 11241100x8000000000000000344035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc3b5509cabd68c2021-12-21 10:24:20.443root 11241100x8000000000000000344036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704ee17e5f79d36b2021-12-21 10:24:20.443root 11241100x8000000000000000344037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c928389e589ecbe2021-12-21 10:24:20.444root 11241100x8000000000000000344038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5200d85b3a6b87362021-12-21 10:24:20.444root 11241100x8000000000000000344039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16fa53e9afface8b2021-12-21 10:24:20.444root 11241100x8000000000000000344040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90cd9d3f928a58f22021-12-21 10:24:20.444root 11241100x8000000000000000344041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fecffbcc53688f722021-12-21 10:24:20.444root 11241100x8000000000000000344042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a690570a5a1787052021-12-21 10:24:20.444root 11241100x8000000000000000344043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ac0db2a6a81f5d2021-12-21 10:24:20.444root 11241100x8000000000000000344044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd7a07d633b482a2021-12-21 10:24:20.444root 11241100x8000000000000000344045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb191824637bbd2b2021-12-21 10:24:20.444root 11241100x8000000000000000344046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c0fbd8f819e0a22021-12-21 10:24:20.444root 11241100x8000000000000000344047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c543ad766ba537412021-12-21 10:24:20.445root 11241100x8000000000000000344048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60cc9954f93c05472021-12-21 10:24:20.445root 11241100x8000000000000000344049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308d52e1131ae94d2021-12-21 10:24:20.445root 11241100x8000000000000000344050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f119e1f407e55282021-12-21 10:24:20.445root 11241100x8000000000000000344051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2e7f3d6b4e790d2021-12-21 10:24:20.445root 11241100x8000000000000000344052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6785fe592cf96ab2021-12-21 10:24:20.445root 11241100x8000000000000000344053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c807d9531ac5062021-12-21 10:24:20.445root 11241100x8000000000000000344054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab68a8c6774a974b2021-12-21 10:24:20.445root 11241100x8000000000000000344055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096d4466c10869e12021-12-21 10:24:20.445root 11241100x8000000000000000344056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d432fb985276aa2021-12-21 10:24:20.446root 11241100x8000000000000000344057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce9c702ce9c1c7f2021-12-21 10:24:20.446root 11241100x8000000000000000344058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748e5a8b94e846c02021-12-21 10:24:20.446root 11241100x8000000000000000344059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f338f84f20dc4d2021-12-21 10:24:20.446root 11241100x8000000000000000344060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f39869c968fbc872021-12-21 10:24:20.446root 11241100x8000000000000000344061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4368fb226f71d6412021-12-21 10:24:20.446root 11241100x8000000000000000344062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72171b8de995bfa22021-12-21 10:24:20.446root 11241100x8000000000000000344063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362580fbf33dcd672021-12-21 10:24:20.446root 11241100x8000000000000000344064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9744a04abe694b012021-12-21 10:24:20.446root 11241100x8000000000000000344065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be34f7172851d5b2021-12-21 10:24:20.447root 11241100x8000000000000000344066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71bb6ba0edb52cb2021-12-21 10:24:20.447root 11241100x8000000000000000344067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624b1eb100750d302021-12-21 10:24:20.447root 11241100x8000000000000000344068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cedacc63d9e2f802021-12-21 10:24:20.447root 11241100x8000000000000000344069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254011da553a29542021-12-21 10:24:20.447root 11241100x8000000000000000344070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a31c0189c2ab462021-12-21 10:24:20.447root 11241100x8000000000000000344071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e4196c592bb8db2021-12-21 10:24:20.447root 11241100x8000000000000000344072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ac1a4b61dd020c2021-12-21 10:24:20.447root 11241100x8000000000000000344073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d2c11850aab0c22021-12-21 10:24:20.448root 11241100x8000000000000000344074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e4aa228a74001c2021-12-21 10:24:20.448root 11241100x8000000000000000344075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b19dae37ee9e7c2021-12-21 10:24:20.448root 11241100x8000000000000000344076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a47ef1f527d26b2021-12-21 10:24:20.448root 11241100x8000000000000000344077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1b266341bfe2732021-12-21 10:24:20.448root 11241100x8000000000000000344078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1024f092c11e39eb2021-12-21 10:24:20.448root 11241100x8000000000000000344079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6d7dfb711727642021-12-21 10:24:20.448root 11241100x8000000000000000344080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0899ca0c9b6d532021-12-21 10:24:20.448root 11241100x8000000000000000344081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4931d3b7878ce11c2021-12-21 10:24:20.448root 11241100x8000000000000000344082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8af66b31f4abaa12021-12-21 10:24:20.449root 11241100x8000000000000000344083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35fc9a1fc3e635c92021-12-21 10:24:20.449root 11241100x8000000000000000344084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ddce7cc5d38018d2021-12-21 10:24:20.449root 11241100x8000000000000000344085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d25b5c9ec7ef1e2021-12-21 10:24:20.449root 11241100x8000000000000000344086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5497993137f03b2021-12-21 10:24:20.449root 11241100x8000000000000000344087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da88c97c2d77d8272021-12-21 10:24:20.449root 11241100x8000000000000000344088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2454c934f6d6f812021-12-21 10:24:20.449root 11241100x8000000000000000344089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8230c14c930dcd2021-12-21 10:24:20.449root 11241100x8000000000000000344090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0aeaa42bffea29a2021-12-21 10:24:20.450root 11241100x8000000000000000344091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1c024da2a8cb6e2021-12-21 10:24:20.450root 11241100x8000000000000000344092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0fb2382a5264242021-12-21 10:24:20.450root 11241100x8000000000000000344093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2690bc81b5e69542021-12-21 10:24:20.450root 11241100x8000000000000000344094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6ef01a144fb59c2021-12-21 10:24:20.450root 11241100x8000000000000000344095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57074a795c997d42021-12-21 10:24:20.450root 11241100x8000000000000000344096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1a4911d0e102dc2021-12-21 10:24:20.450root 11241100x8000000000000000344097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0ae22d83641b9b2021-12-21 10:24:20.450root 11241100x8000000000000000344098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f1ea87a546449a2021-12-21 10:24:20.943root 11241100x8000000000000000344099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7ad840ba46479f2021-12-21 10:24:20.943root 11241100x8000000000000000344100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3b6d6e027e43a22021-12-21 10:24:20.943root 11241100x8000000000000000344101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328ddd033329a6552021-12-21 10:24:20.943root 11241100x8000000000000000344102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de00b74821564a42021-12-21 10:24:20.943root 11241100x8000000000000000344103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b767903e6082d92021-12-21 10:24:20.943root 11241100x8000000000000000344104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05cf3382244c1b52021-12-21 10:24:20.943root 11241100x8000000000000000344105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7583a07b76e973dd2021-12-21 10:24:20.943root 11241100x8000000000000000344106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31ecd2335d3cb582021-12-21 10:24:20.944root 11241100x8000000000000000344107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3c1f4881a3887a2021-12-21 10:24:20.944root 11241100x8000000000000000344108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3a72d5f875086cf2021-12-21 10:24:20.944root 11241100x8000000000000000344109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a0447445bb37872021-12-21 10:24:20.944root 11241100x8000000000000000344110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192df96c25599c972021-12-21 10:24:20.944root 11241100x8000000000000000344111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574b03001095d8142021-12-21 10:24:20.944root 11241100x8000000000000000344112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7306a7032b4461e2021-12-21 10:24:20.944root 11241100x8000000000000000344113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5009eea429be98872021-12-21 10:24:20.944root 11241100x8000000000000000344114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2045d14269d323f92021-12-21 10:24:20.944root 11241100x8000000000000000344115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2914296b4a3f6bd2021-12-21 10:24:20.945root 11241100x8000000000000000344116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fd3aa6c0c3f10402021-12-21 10:24:20.945root 11241100x8000000000000000344117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa9998e37bedeb32021-12-21 10:24:20.945root 11241100x8000000000000000344118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff88bc42c4e4beeb2021-12-21 10:24:20.945root 11241100x8000000000000000344119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941f90784cd110a42021-12-21 10:24:20.945root 11241100x8000000000000000344120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9135ff0e3346648d2021-12-21 10:24:20.945root 11241100x8000000000000000344121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874867d14c0a9f2e2021-12-21 10:24:20.945root 11241100x8000000000000000344122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88542db537a8f3c2021-12-21 10:24:20.945root 11241100x8000000000000000344123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d34500ad1aa2692021-12-21 10:24:20.945root 11241100x8000000000000000344124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24fad3b9adfa16012021-12-21 10:24:20.945root 11241100x8000000000000000344125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a433233be6517ba2021-12-21 10:24:20.945root 11241100x8000000000000000344126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ca541f63dddda22021-12-21 10:24:20.946root 11241100x8000000000000000344127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d2e58aa1476c632021-12-21 10:24:20.946root 11241100x8000000000000000344128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876ef2d354e6b46c2021-12-21 10:24:20.946root 11241100x8000000000000000344129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a11548a593f24dd2021-12-21 10:24:20.946root 11241100x8000000000000000344130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9342c0f31c0e4a4c2021-12-21 10:24:20.946root 11241100x8000000000000000344131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbd16f8d37f84682021-12-21 10:24:20.946root 11241100x8000000000000000344132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df5e12ec56242f92021-12-21 10:24:20.949root 11241100x8000000000000000344133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82141f8eefc904a2021-12-21 10:24:20.949root 11241100x8000000000000000344134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd741049b52690aa2021-12-21 10:24:20.949root 11241100x8000000000000000344135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d61d3f9a4043852021-12-21 10:24:20.949root 11241100x8000000000000000344136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974876b4f5c28a272021-12-21 10:24:20.949root 11241100x8000000000000000344137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06daf88e626313772021-12-21 10:24:20.949root 11241100x8000000000000000344138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a24dac338572d42021-12-21 10:24:20.949root 11241100x8000000000000000344139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecaadf5a5b9f2f152021-12-21 10:24:20.949root 11241100x8000000000000000344140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb41185444f698402021-12-21 10:24:20.949root 11241100x8000000000000000344141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8590faf0880d8fac2021-12-21 10:24:20.949root 11241100x8000000000000000344142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b36c3d22001322e2021-12-21 10:24:20.950root 11241100x8000000000000000344143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d8b8d4890702952021-12-21 10:24:20.950root 11241100x8000000000000000344144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d147d6ee0c1f8a2021-12-21 10:24:20.950root 11241100x8000000000000000344145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1053e7c72cdcb42021-12-21 10:24:20.950root 11241100x8000000000000000344146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba18ad0bf5f5c42c2021-12-21 10:24:20.950root 11241100x8000000000000000344147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.587f2bc3efae91432021-12-21 10:24:20.950root 11241100x8000000000000000344148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb180230278d80d2021-12-21 10:24:20.950root 11241100x8000000000000000344149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24004ecaf560bd702021-12-21 10:24:20.950root 11241100x8000000000000000344150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b89fdb2e3d6fe912021-12-21 10:24:20.950root 11241100x8000000000000000344151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa745561775f4f72021-12-21 10:24:20.951root 11241100x8000000000000000344152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7646bd6df446492021-12-21 10:24:20.951root 11241100x8000000000000000344153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0a7006c26cb2502021-12-21 10:24:20.951root 11241100x8000000000000000344154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df916a3d58d69f12021-12-21 10:24:20.951root 11241100x8000000000000000344155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8cb7a25ed3c7ee2021-12-21 10:24:20.951root 11241100x8000000000000000344156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d00fb899524c68142021-12-21 10:24:20.951root 11241100x8000000000000000344157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b42b1f6462552ab2021-12-21 10:24:20.951root 11241100x8000000000000000344158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dabb9b8c3738bfa2021-12-21 10:24:20.951root 11241100x8000000000000000344159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ae9039ceec95c02021-12-21 10:24:20.951root 11241100x8000000000000000344160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98012e10704be30e2021-12-21 10:24:20.951root 11241100x8000000000000000344161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02206bbbe3e54e6d2021-12-21 10:24:20.952root 11241100x8000000000000000344162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3c73c0dff3810b2021-12-21 10:24:20.952root 11241100x8000000000000000344163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd5de4c4b1344e32021-12-21 10:24:20.952root 11241100x8000000000000000344164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71d9bc59d92d0c72021-12-21 10:24:20.952root 11241100x8000000000000000344165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d8265d7f389aff2021-12-21 10:24:20.952root 11241100x8000000000000000344166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc594799bc988d82021-12-21 10:24:20.952root 11241100x8000000000000000344167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4efd4a3ca99eaa2021-12-21 10:24:20.952root 11241100x8000000000000000344168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc39627be039cca2021-12-21 10:24:20.952root 11241100x8000000000000000344169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7351f7777cb38bd2021-12-21 10:24:20.955root 11241100x8000000000000000344170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62062d4466099bad2021-12-21 10:24:20.955root 11241100x8000000000000000344171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1041652bb497e7c2021-12-21 10:24:20.955root 11241100x8000000000000000344172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d366e5ab033bcf0e2021-12-21 10:24:20.956root 11241100x8000000000000000344173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141d9a9208d20c052021-12-21 10:24:20.956root 11241100x8000000000000000344174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f253c8ea2a8f01842021-12-21 10:24:20.956root 11241100x8000000000000000344175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:20.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a62b41198a8f102021-12-21 10:24:20.956root 354300x8000000000000000344176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.186{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47050-false10.0.1.12-8000- 11241100x8000000000000000344177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e32d46ccab2ac12021-12-21 10:24:21.443root 11241100x8000000000000000344178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadf065f3e0769722021-12-21 10:24:21.443root 11241100x8000000000000000344179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf8cf0bd359ce6e2021-12-21 10:24:21.443root 11241100x8000000000000000344180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70be4d491dee46ee2021-12-21 10:24:21.443root 11241100x8000000000000000344181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21d6535870a914e42021-12-21 10:24:21.443root 11241100x8000000000000000344182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d44d4b794298c12021-12-21 10:24:21.444root 11241100x8000000000000000344183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6ac95f07f5d7a02021-12-21 10:24:21.444root 11241100x8000000000000000344184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31caf43e770f17732021-12-21 10:24:21.444root 11241100x8000000000000000344185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e478d422f18a2be2021-12-21 10:24:21.444root 11241100x8000000000000000344186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af182ea9a051a6412021-12-21 10:24:21.444root 11241100x8000000000000000344187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a6e3c8eca79c732021-12-21 10:24:21.444root 11241100x8000000000000000344188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24fb033aaa2dba812021-12-21 10:24:21.444root 11241100x8000000000000000344189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74bf73d2d7b262682021-12-21 10:24:21.444root 11241100x8000000000000000344190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc448e54679571fc2021-12-21 10:24:21.444root 11241100x8000000000000000344191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc0a34091f32e612021-12-21 10:24:21.444root 11241100x8000000000000000344192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9438d7e1ff934d182021-12-21 10:24:21.445root 11241100x8000000000000000344193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81cf3a7335d77e752021-12-21 10:24:21.445root 11241100x8000000000000000344194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f84d608b6f722772021-12-21 10:24:21.445root 11241100x8000000000000000344195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba22a2a71f16fbd22021-12-21 10:24:21.445root 11241100x8000000000000000344196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc180a3cfceca8f32021-12-21 10:24:21.445root 11241100x8000000000000000344197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf19dfca04836af92021-12-21 10:24:21.445root 11241100x8000000000000000344198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7920a91cc3f481902021-12-21 10:24:21.445root 11241100x8000000000000000344199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8651e2dd42139eb2021-12-21 10:24:21.445root 11241100x8000000000000000344200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f12cb33da5cace2021-12-21 10:24:21.445root 11241100x8000000000000000344201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0e76d93dfe94ae2021-12-21 10:24:21.445root 11241100x8000000000000000344202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ca7f342696b8da2021-12-21 10:24:21.446root 11241100x8000000000000000344203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f369ced39b5c56f2021-12-21 10:24:21.446root 11241100x8000000000000000344204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd562e9a569d76d02021-12-21 10:24:21.446root 11241100x8000000000000000344205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4d59062decad422021-12-21 10:24:21.446root 11241100x8000000000000000344206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa8e9849ac06b9d2021-12-21 10:24:21.446root 11241100x8000000000000000344207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4be16e50ef52ac2021-12-21 10:24:21.446root 11241100x8000000000000000344208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e20170a42bcfc02021-12-21 10:24:21.446root 11241100x8000000000000000344209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec150b8cd348a2a32021-12-21 10:24:21.446root 11241100x8000000000000000344210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af36d21ce84cace2021-12-21 10:24:21.446root 11241100x8000000000000000344211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cab80ac6495033d2021-12-21 10:24:21.446root 11241100x8000000000000000344212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b924775492032a2021-12-21 10:24:21.446root 11241100x8000000000000000344213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3923d6ecc37a932021-12-21 10:24:21.447root 11241100x8000000000000000344214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9633c5c57ce99af12021-12-21 10:24:21.447root 11241100x8000000000000000344215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb5b31142ed319b2021-12-21 10:24:21.447root 11241100x8000000000000000344216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b969cae1ed80316c2021-12-21 10:24:21.447root 11241100x8000000000000000344217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abffd297465dae9d2021-12-21 10:24:21.447root 11241100x8000000000000000344218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7882c104045fbdb52021-12-21 10:24:21.447root 11241100x8000000000000000344219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8ce72a43f2b1ad2021-12-21 10:24:21.447root 11241100x8000000000000000344220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4ad7632588f44c2021-12-21 10:24:21.447root 11241100x8000000000000000344221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9019e6f68c19bedc2021-12-21 10:24:21.447root 11241100x8000000000000000344222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35de83199465f7b32021-12-21 10:24:21.448root 11241100x8000000000000000344223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6026aa5409af9a0a2021-12-21 10:24:21.448root 11241100x8000000000000000344224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646d9bdc5e0eb2552021-12-21 10:24:21.448root 11241100x8000000000000000344225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5705b2c4e3838412021-12-21 10:24:21.448root 11241100x8000000000000000344226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5231b8534383e52021-12-21 10:24:21.448root 11241100x8000000000000000344227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ecb520ef3a685a2021-12-21 10:24:21.448root 11241100x8000000000000000344228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01958d711c607902021-12-21 10:24:21.448root 11241100x8000000000000000344229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe82e32d618eec062021-12-21 10:24:21.448root 11241100x8000000000000000344230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c53b60ff5815df2021-12-21 10:24:21.448root 11241100x8000000000000000344231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4ffd9183ffef8d2021-12-21 10:24:21.448root 11241100x8000000000000000344232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6906dd747521c53e2021-12-21 10:24:21.448root 11241100x8000000000000000344233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a0c64b555c8a782021-12-21 10:24:21.943root 11241100x8000000000000000344234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63fe987768a517382021-12-21 10:24:21.944root 11241100x8000000000000000344235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7964cc48a51b5a112021-12-21 10:24:21.944root 11241100x8000000000000000344236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4636013861a29d2021-12-21 10:24:21.944root 11241100x8000000000000000344237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7db0fab77908b52021-12-21 10:24:21.944root 11241100x8000000000000000344238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5089674fa2fbcfc32021-12-21 10:24:21.944root 11241100x8000000000000000344239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42fdd30a91b39e302021-12-21 10:24:21.944root 11241100x8000000000000000344240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16cf4a4b9ca72bd12021-12-21 10:24:21.944root 11241100x8000000000000000344241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677f5f42e269eb232021-12-21 10:24:21.944root 11241100x8000000000000000344242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfee16c90aa7ea1f2021-12-21 10:24:21.944root 11241100x8000000000000000344243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed51cf5ea4d907c2021-12-21 10:24:21.944root 11241100x8000000000000000344244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2701b6f01bf0538c2021-12-21 10:24:21.945root 11241100x8000000000000000344245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72da31ba4ca112022021-12-21 10:24:21.945root 11241100x8000000000000000344246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e91f443233ec042021-12-21 10:24:21.945root 11241100x8000000000000000344247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ddc81ad881d8292021-12-21 10:24:21.945root 11241100x8000000000000000344248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac900e21e07570782021-12-21 10:24:21.945root 11241100x8000000000000000344249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e952e570952c38f22021-12-21 10:24:21.945root 11241100x8000000000000000344250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a7e6cc996c1d0e2021-12-21 10:24:21.945root 11241100x8000000000000000344251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48300140bbb5962a2021-12-21 10:24:21.945root 11241100x8000000000000000344252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278c7d6b8373bc182021-12-21 10:24:21.945root 11241100x8000000000000000344253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43821b6dd7108ca52021-12-21 10:24:21.945root 11241100x8000000000000000344254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58695bfe9d41a2d22021-12-21 10:24:21.945root 11241100x8000000000000000344255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee9871ffc7767042021-12-21 10:24:21.946root 11241100x8000000000000000344256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8eecdd239d9b572021-12-21 10:24:21.946root 11241100x8000000000000000344257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be25c19979348b4e2021-12-21 10:24:21.946root 11241100x8000000000000000344258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7f41b0d8412b652021-12-21 10:24:21.946root 11241100x8000000000000000344259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b44e005cc182d5d2021-12-21 10:24:21.946root 11241100x8000000000000000344260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91745a80c7a5f9712021-12-21 10:24:21.946root 11241100x8000000000000000344261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3eb45e3a6d7c742021-12-21 10:24:21.946root 11241100x8000000000000000344262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9841c52c32f23e572021-12-21 10:24:21.946root 11241100x8000000000000000344263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a701607689c22f2d2021-12-21 10:24:21.946root 11241100x8000000000000000344264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f70638a3b88a9e2021-12-21 10:24:21.946root 11241100x8000000000000000344265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd604cc730fad4322021-12-21 10:24:21.947root 11241100x8000000000000000344266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8192c4e9583bab192021-12-21 10:24:21.947root 11241100x8000000000000000344267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2f26e3baf9f7082021-12-21 10:24:21.947root 11241100x8000000000000000344268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911878792c3b97832021-12-21 10:24:21.947root 11241100x8000000000000000344269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7842ecd5e29a5042021-12-21 10:24:21.947root 11241100x8000000000000000344270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e12cade8235e9e2021-12-21 10:24:21.947root 11241100x8000000000000000344271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20524985298485742021-12-21 10:24:21.947root 11241100x8000000000000000344272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c455c93548d367c2021-12-21 10:24:21.947root 11241100x8000000000000000344273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f37691b63cbf2692021-12-21 10:24:21.947root 11241100x8000000000000000344274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a83bb2358db4082021-12-21 10:24:21.947root 11241100x8000000000000000344275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c96d17d72a372412021-12-21 10:24:21.948root 11241100x8000000000000000344276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8efedc45fdd5c82021-12-21 10:24:21.948root 11241100x8000000000000000344277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f7890cde1b03c42021-12-21 10:24:21.948root 11241100x8000000000000000344278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc1749cf4fdebc92021-12-21 10:24:21.948root 11241100x8000000000000000344279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ebf41e34913e332021-12-21 10:24:21.948root 11241100x8000000000000000344280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d1202a6efb05502021-12-21 10:24:21.948root 11241100x8000000000000000344281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d64094622fdcc7132021-12-21 10:24:21.948root 11241100x8000000000000000344282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05514c98805cc112021-12-21 10:24:21.948root 11241100x8000000000000000344283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d956464c506171f92021-12-21 10:24:22.443root 11241100x8000000000000000344284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252fac00d63fad2c2021-12-21 10:24:22.443root 11241100x8000000000000000344285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edaebc08b5f67c942021-12-21 10:24:22.443root 11241100x8000000000000000344286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8863ced93b84c22021-12-21 10:24:22.443root 11241100x8000000000000000344287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1eb19629d02d2f32021-12-21 10:24:22.444root 11241100x8000000000000000344288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48b607799e81df12021-12-21 10:24:22.444root 11241100x8000000000000000344289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df65f92e8fe32dba2021-12-21 10:24:22.444root 11241100x8000000000000000344290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10575ff1986360ee2021-12-21 10:24:22.444root 11241100x8000000000000000344291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c9976da5f7ae6a2021-12-21 10:24:22.445root 11241100x8000000000000000344292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb3fe5bba4ac2612021-12-21 10:24:22.445root 11241100x8000000000000000344293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4abe34fc1143df2021-12-21 10:24:22.445root 11241100x8000000000000000344294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3878f19a121e3c72021-12-21 10:24:22.445root 11241100x8000000000000000344295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9dc7033a131e932021-12-21 10:24:22.445root 11241100x8000000000000000344296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f072119ff6846d852021-12-21 10:24:22.445root 11241100x8000000000000000344297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307e6079d4700a2e2021-12-21 10:24:22.445root 11241100x8000000000000000344298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a9a0c23b1d20412021-12-21 10:24:22.445root 11241100x8000000000000000344299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a0a031360e3e602021-12-21 10:24:22.445root 11241100x8000000000000000344300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac9d95bcdee194d2021-12-21 10:24:22.445root 11241100x8000000000000000344301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114c2c6c0c1b5f272021-12-21 10:24:22.445root 11241100x8000000000000000344302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0ac4f5d88e28ba2021-12-21 10:24:22.446root 11241100x8000000000000000344303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad7a26748a4e1f32021-12-21 10:24:22.446root 11241100x8000000000000000344304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5398fb522d086a42021-12-21 10:24:22.446root 11241100x8000000000000000344305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21dae0e48ed303e02021-12-21 10:24:22.446root 11241100x8000000000000000344306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453c5ef1dec35c232021-12-21 10:24:22.446root 11241100x8000000000000000344307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaebb6370d2ce10c2021-12-21 10:24:22.446root 11241100x8000000000000000344308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa04637825ac16b2021-12-21 10:24:22.446root 11241100x8000000000000000344309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a6be9d22c1765d2021-12-21 10:24:22.446root 11241100x8000000000000000344310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36818f54550f6b742021-12-21 10:24:22.446root 11241100x8000000000000000344311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306e42e50bdc1a782021-12-21 10:24:22.446root 11241100x8000000000000000344312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158b4277b73bb1782021-12-21 10:24:22.446root 11241100x8000000000000000344313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2662ad6e28ce47722021-12-21 10:24:22.446root 11241100x8000000000000000344314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e748cacf7710642021-12-21 10:24:22.447root 11241100x8000000000000000344315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314114443e665ca22021-12-21 10:24:22.447root 11241100x8000000000000000344316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2fe029226e56a02021-12-21 10:24:22.447root 11241100x8000000000000000344317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91cc1afde19a82d2021-12-21 10:24:22.447root 11241100x8000000000000000344318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6cf9777f8eff322021-12-21 10:24:22.447root 11241100x8000000000000000344319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe8e182666d472a2021-12-21 10:24:22.447root 11241100x8000000000000000344320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e8b7c3ece1316f2021-12-21 10:24:22.447root 11241100x8000000000000000344321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809619a40d2354012021-12-21 10:24:22.447root 11241100x8000000000000000344322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68c8e9c8d5967af2021-12-21 10:24:22.447root 11241100x8000000000000000344323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef730816b6268f12021-12-21 10:24:22.447root 11241100x8000000000000000344324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1698e51a55f3412021-12-21 10:24:22.447root 11241100x8000000000000000344325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0d195b7d8c73302021-12-21 10:24:22.447root 11241100x8000000000000000344326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfaeb71f2b45206d2021-12-21 10:24:22.448root 11241100x8000000000000000344327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc09f0b265b3b1922021-12-21 10:24:22.448root 11241100x8000000000000000344328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2cc5b73a2d32082021-12-21 10:24:22.448root 11241100x8000000000000000344329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62fab88873295592021-12-21 10:24:22.448root 11241100x8000000000000000344330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77a4ddf03c48e852021-12-21 10:24:22.448root 11241100x8000000000000000344331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6385c573e06df0e2021-12-21 10:24:22.448root 11241100x8000000000000000344332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9c1744033e565d2021-12-21 10:24:22.448root 11241100x8000000000000000344333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbb33f92f7d0cf62021-12-21 10:24:22.449root 11241100x8000000000000000344334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a587069712a4a7d2021-12-21 10:24:22.449root 11241100x8000000000000000344335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3369676da24fdef2021-12-21 10:24:22.449root 11241100x8000000000000000344336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e97f1ffa55812b2021-12-21 10:24:22.449root 11241100x8000000000000000344337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ce33aa409968912021-12-21 10:24:22.449root 11241100x8000000000000000344338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b34a058a78d32d62021-12-21 10:24:22.449root 11241100x8000000000000000344339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b2e71c5470d66d2021-12-21 10:24:22.942root 11241100x8000000000000000344340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b535ddaa8ebab3ba2021-12-21 10:24:22.943root 11241100x8000000000000000344341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde2f0cd4313b67e2021-12-21 10:24:22.943root 11241100x8000000000000000344342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1624724b0135c9e82021-12-21 10:24:22.943root 11241100x8000000000000000344343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1314336ddad38b2021-12-21 10:24:22.943root 11241100x8000000000000000344344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5864b4bcfeb914202021-12-21 10:24:22.943root 11241100x8000000000000000344345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b228a09b46d56a2021-12-21 10:24:22.944root 11241100x8000000000000000344346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d711e97597fe542021-12-21 10:24:22.944root 11241100x8000000000000000344347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521e335226479c2b2021-12-21 10:24:22.944root 11241100x8000000000000000344348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b879c8cae544f892021-12-21 10:24:22.944root 11241100x8000000000000000344349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7c9094c3205a682021-12-21 10:24:22.944root 11241100x8000000000000000344350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755f6f22dfe1ebcf2021-12-21 10:24:22.944root 11241100x8000000000000000344351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d87fde3502358d42021-12-21 10:24:22.944root 11241100x8000000000000000344352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743abd97f16c80d32021-12-21 10:24:22.944root 11241100x8000000000000000344353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1837b1b7bc959a2021-12-21 10:24:22.944root 11241100x8000000000000000344354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde753ab3758828b2021-12-21 10:24:22.945root 11241100x8000000000000000344355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c150638e729b182021-12-21 10:24:22.945root 11241100x8000000000000000344356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2241ba5da007add42021-12-21 10:24:22.945root 11241100x8000000000000000344357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c4e2aeb048d0682021-12-21 10:24:22.945root 11241100x8000000000000000344358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231615070d319fc92021-12-21 10:24:22.945root 11241100x8000000000000000344359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ccbefc32c02c722021-12-21 10:24:22.945root 11241100x8000000000000000344360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278fc2963167991e2021-12-21 10:24:22.945root 11241100x8000000000000000344361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ec1ce7450dbfa32021-12-21 10:24:22.945root 11241100x8000000000000000344362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507427c27fc05b992021-12-21 10:24:22.945root 11241100x8000000000000000344363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ee66591620432e2021-12-21 10:24:22.946root 11241100x8000000000000000344364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522e01496c24412c2021-12-21 10:24:22.946root 11241100x8000000000000000344365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df3a956aa4a40072021-12-21 10:24:22.946root 11241100x8000000000000000344366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879da57fd285070d2021-12-21 10:24:22.946root 11241100x8000000000000000344367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1997792bf2541f312021-12-21 10:24:22.946root 11241100x8000000000000000344368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78b5bd438cce7be2021-12-21 10:24:22.946root 11241100x8000000000000000344369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a98a09de1d9e472021-12-21 10:24:22.946root 11241100x8000000000000000344370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1e2269285473a22021-12-21 10:24:22.946root 11241100x8000000000000000344371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52063d7e33f63c302021-12-21 10:24:22.946root 11241100x8000000000000000344372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6a4eb1ce09df932021-12-21 10:24:22.946root 11241100x8000000000000000344373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947ff08ead9b31262021-12-21 10:24:22.947root 11241100x8000000000000000344374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b9e57b89187e372021-12-21 10:24:22.947root 11241100x8000000000000000344375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8218d43fa03c29d2021-12-21 10:24:22.947root 11241100x8000000000000000344376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8c642475cea38d2021-12-21 10:24:22.947root 11241100x8000000000000000344377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6900f83b36b66aa2021-12-21 10:24:22.947root 11241100x8000000000000000344378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d32e167d55b88242021-12-21 10:24:22.947root 11241100x8000000000000000344379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee36615d63819cf2021-12-21 10:24:22.947root 11241100x8000000000000000344380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73f68313db1a7552021-12-21 10:24:22.947root 11241100x8000000000000000344381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7297a3a4e2f558162021-12-21 10:24:22.947root 11241100x8000000000000000344382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b7d5a33e1257172021-12-21 10:24:22.947root 11241100x8000000000000000344383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91aa7ee9cb0fc91a2021-12-21 10:24:22.948root 11241100x8000000000000000344384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b744d5cce73ffde92021-12-21 10:24:22.948root 11241100x8000000000000000344385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee0d28124a134462021-12-21 10:24:22.948root 11241100x8000000000000000344386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f94b3df8ee772e52021-12-21 10:24:22.948root 11241100x8000000000000000344387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df7287fd39f04c62021-12-21 10:24:22.948root 11241100x8000000000000000344388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d2fe5d4601f0d512021-12-21 10:24:22.948root 11241100x8000000000000000344389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0000b764b8e645742021-12-21 10:24:22.948root 11241100x8000000000000000344390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a295e23144d2932021-12-21 10:24:22.948root 11241100x8000000000000000344391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d101db48f49e02aa2021-12-21 10:24:22.948root 11241100x8000000000000000344392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92624c72c3d10caa2021-12-21 10:24:22.949root 11241100x8000000000000000344393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f84cd524403a3d72021-12-21 10:24:22.949root 11241100x8000000000000000344394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6ea300e34461032021-12-21 10:24:22.949root 11241100x8000000000000000344395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec335a0cc3be19ab2021-12-21 10:24:22.949root 11241100x8000000000000000344396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:22.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354f61de3ac7ae252021-12-21 10:24:22.949root 11241100x8000000000000000344397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67da1629c1bb3c242021-12-21 10:24:23.443root 11241100x8000000000000000344398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e3d92e9b5217f22021-12-21 10:24:23.443root 11241100x8000000000000000344399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f866e0cd2fea18912021-12-21 10:24:23.443root 11241100x8000000000000000344400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5945ba1b843a0fa52021-12-21 10:24:23.443root 11241100x8000000000000000344401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4109e544f41ece2021-12-21 10:24:23.443root 11241100x8000000000000000344402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380406241627534a2021-12-21 10:24:23.443root 11241100x8000000000000000344403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe090a710209f69b2021-12-21 10:24:23.443root 11241100x8000000000000000344404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc97e3ea430c004b2021-12-21 10:24:23.443root 11241100x8000000000000000344405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a78290479830dd62021-12-21 10:24:23.443root 11241100x8000000000000000344406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a64761a3e18b0da2021-12-21 10:24:23.444root 11241100x8000000000000000344407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6df85cd72733d832021-12-21 10:24:23.444root 11241100x8000000000000000344408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8cb0bce8b39c6d2021-12-21 10:24:23.444root 11241100x8000000000000000344409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff80372b0047fabb2021-12-21 10:24:23.444root 11241100x8000000000000000344410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c2cffa70ec937d2021-12-21 10:24:23.444root 11241100x8000000000000000344411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115dd338f8e33c1c2021-12-21 10:24:23.444root 11241100x8000000000000000344412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3a071f23cb92cc2021-12-21 10:24:23.444root 11241100x8000000000000000344413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de185fea1977ac152021-12-21 10:24:23.444root 11241100x8000000000000000344414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439bd1a2b9f9642c2021-12-21 10:24:23.444root 11241100x8000000000000000344415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006c3f7634dcfd5d2021-12-21 10:24:23.444root 11241100x8000000000000000344416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb2b530e1be4cf32021-12-21 10:24:23.444root 11241100x8000000000000000344417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a083ab8afd658d2d2021-12-21 10:24:23.445root 11241100x8000000000000000344418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19324557ed7088fc2021-12-21 10:24:23.445root 11241100x8000000000000000344419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67dda0d3a8665df72021-12-21 10:24:23.445root 11241100x8000000000000000344420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576bd2e8f30476cd2021-12-21 10:24:23.445root 11241100x8000000000000000344421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1beac9de94c1bf572021-12-21 10:24:23.445root 11241100x8000000000000000344422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362582fdf2c0453a2021-12-21 10:24:23.445root 11241100x8000000000000000344423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e857a27df67ea6b2021-12-21 10:24:23.445root 11241100x8000000000000000344424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52bb96d40d5c86f92021-12-21 10:24:23.445root 11241100x8000000000000000344425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7185e627147dc3ef2021-12-21 10:24:23.445root 11241100x8000000000000000344426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87acf0479df814c32021-12-21 10:24:23.445root 11241100x8000000000000000344427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8ea3654641adc52021-12-21 10:24:23.446root 11241100x8000000000000000344428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02bad486c52bed322021-12-21 10:24:23.446root 11241100x8000000000000000344429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41913d5fa4bd48402021-12-21 10:24:23.446root 11241100x8000000000000000344430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2bd1611b02ab1eb2021-12-21 10:24:23.446root 11241100x8000000000000000344431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98b67691e2d689f2021-12-21 10:24:23.446root 11241100x8000000000000000344432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d657add53a16982021-12-21 10:24:23.446root 11241100x8000000000000000344433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda2aff9a7b853fa2021-12-21 10:24:23.446root 11241100x8000000000000000344434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125484a3061a56602021-12-21 10:24:23.446root 11241100x8000000000000000344435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a8023d4792bbd12021-12-21 10:24:23.446root 11241100x8000000000000000344436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb94c3cfb9104d752021-12-21 10:24:23.446root 11241100x8000000000000000344437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3a487780cd764e2021-12-21 10:24:23.447root 11241100x8000000000000000344438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f995a32d89d898f62021-12-21 10:24:23.447root 11241100x8000000000000000344439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf0c7a1c502ef5c2021-12-21 10:24:23.447root 11241100x8000000000000000344440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e333ad4a5267ced2021-12-21 10:24:23.447root 11241100x8000000000000000344441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db17af329ee8c87e2021-12-21 10:24:23.447root 11241100x8000000000000000344442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c90e4264e4bf112021-12-21 10:24:23.447root 11241100x8000000000000000344443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a3dc3c3ae9b93d2021-12-21 10:24:23.447root 11241100x8000000000000000344444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b967f718ebd9b09b2021-12-21 10:24:23.447root 11241100x8000000000000000344445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9530b6304606c1382021-12-21 10:24:23.448root 11241100x8000000000000000344446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7541b28bedd563e32021-12-21 10:24:23.448root 11241100x8000000000000000344447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9927179981d566392021-12-21 10:24:23.448root 11241100x8000000000000000344448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22b7dd84739114bd2021-12-21 10:24:23.448root 11241100x8000000000000000344449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0c3b1edd04e1af2021-12-21 10:24:23.448root 11241100x8000000000000000344450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b897ea6e8961782f2021-12-21 10:24:23.448root 11241100x8000000000000000344451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab1deaf6985334f2021-12-21 10:24:23.448root 11241100x8000000000000000344452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82378447d7b7e3f02021-12-21 10:24:23.448root 11241100x8000000000000000344453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e182b4ac72d378712021-12-21 10:24:23.448root 11241100x8000000000000000344454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb07ed072c8fe2a2021-12-21 10:24:23.449root 11241100x8000000000000000344455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6eec0a35772dfb92021-12-21 10:24:23.449root 11241100x8000000000000000344456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e870124c7b26b002021-12-21 10:24:23.449root 11241100x8000000000000000344457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc480b5d807d8be2021-12-21 10:24:23.449root 11241100x8000000000000000344458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ac73b706f191762021-12-21 10:24:23.449root 11241100x8000000000000000344459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8933a3c504d986cd2021-12-21 10:24:23.449root 11241100x8000000000000000344460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f298ae69a1ff48c2021-12-21 10:24:23.449root 11241100x8000000000000000344461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0f46948be8cd752021-12-21 10:24:23.449root 11241100x8000000000000000344462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d4478af777c4772021-12-21 10:24:23.449root 11241100x8000000000000000344463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98bc82b1f3419332021-12-21 10:24:23.449root 11241100x8000000000000000344464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ccebe22815c6ff82021-12-21 10:24:23.450root 11241100x8000000000000000344465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46adfc3e4eccb90d2021-12-21 10:24:23.450root 11241100x8000000000000000344466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f62a704d8b0ef392021-12-21 10:24:23.450root 11241100x8000000000000000344467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af76e46a0c6e7c4a2021-12-21 10:24:23.450root 11241100x8000000000000000344468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1573838543b19f42021-12-21 10:24:23.450root 11241100x8000000000000000344469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa6262347f604b92021-12-21 10:24:23.450root 11241100x8000000000000000344470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8700109090c3de2021-12-21 10:24:23.450root 11241100x8000000000000000344471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188b1b4815ba7c7c2021-12-21 10:24:23.450root 11241100x8000000000000000344472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d240882cee314f62021-12-21 10:24:23.450root 11241100x8000000000000000344473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cae52e4181e9de2021-12-21 10:24:23.943root 11241100x8000000000000000344474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3538afb374e3a4f82021-12-21 10:24:23.943root 11241100x8000000000000000344475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66eca56d171c81e12021-12-21 10:24:23.943root 11241100x8000000000000000344476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de79dbdd309936c22021-12-21 10:24:23.943root 11241100x8000000000000000344477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aac095470ae14f72021-12-21 10:24:23.944root 11241100x8000000000000000344478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79c3d38da46d0552021-12-21 10:24:23.944root 11241100x8000000000000000344479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eadc2257cbe8590a2021-12-21 10:24:23.944root 11241100x8000000000000000344480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493ea7da46d738322021-12-21 10:24:23.944root 11241100x8000000000000000344481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27f5f9007bb2e4c2021-12-21 10:24:23.944root 11241100x8000000000000000344482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2cfd98ef8c66592021-12-21 10:24:23.944root 11241100x8000000000000000344483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a571e5b3ac99672021-12-21 10:24:23.944root 11241100x8000000000000000344484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732ab4ce1dc3f4872021-12-21 10:24:23.944root 11241100x8000000000000000344485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4317fff69a6436812021-12-21 10:24:23.944root 11241100x8000000000000000344486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf2150770a51dc92021-12-21 10:24:23.945root 11241100x8000000000000000344487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf40c118c0fce6062021-12-21 10:24:23.945root 11241100x8000000000000000344488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c206e5f9f7116af2021-12-21 10:24:23.945root 11241100x8000000000000000344489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ae743ee6e329f02021-12-21 10:24:23.945root 11241100x8000000000000000344490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7391f24a32dde4122021-12-21 10:24:23.945root 11241100x8000000000000000344491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bbf6023b27140b62021-12-21 10:24:23.945root 11241100x8000000000000000344492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7a2646e28039dd2021-12-21 10:24:23.945root 11241100x8000000000000000344493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035ad3d9092c50272021-12-21 10:24:23.945root 11241100x8000000000000000344494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84eb2cf45c592c9f2021-12-21 10:24:23.945root 11241100x8000000000000000344495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75808567e0553f4a2021-12-21 10:24:23.945root 11241100x8000000000000000344496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f101def61ac552772021-12-21 10:24:23.945root 11241100x8000000000000000344497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ef2eaaf51361a22021-12-21 10:24:23.946root 11241100x8000000000000000344498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56936c0d556fff762021-12-21 10:24:23.946root 11241100x8000000000000000344499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d45ed3caf5e90362021-12-21 10:24:23.946root 11241100x8000000000000000344500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bfe22d3f8c24a82021-12-21 10:24:23.946root 11241100x8000000000000000344501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e94be82619845752021-12-21 10:24:23.946root 11241100x8000000000000000344502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8199039807c0312f2021-12-21 10:24:23.946root 11241100x8000000000000000344503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b18a73ffa4f54b2021-12-21 10:24:23.946root 11241100x8000000000000000344504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b32715634c186e2021-12-21 10:24:23.946root 11241100x8000000000000000344505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f336eb93d8cdac362021-12-21 10:24:23.946root 11241100x8000000000000000344506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f11cb5a83fae16402021-12-21 10:24:23.946root 11241100x8000000000000000344507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46dcca0d8461d5b72021-12-21 10:24:23.947root 11241100x8000000000000000344508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8809445884b80e42021-12-21 10:24:23.947root 11241100x8000000000000000344509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80be6a217010f3702021-12-21 10:24:23.947root 11241100x8000000000000000344510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0392c1de93252d482021-12-21 10:24:23.947root 11241100x8000000000000000344511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0583e27e2ca8292021-12-21 10:24:23.947root 11241100x8000000000000000344512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22d98ac725ac2f242021-12-21 10:24:23.947root 11241100x8000000000000000344513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a13dfc9524e32832021-12-21 10:24:23.947root 11241100x8000000000000000344514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d939394d66f3302021-12-21 10:24:23.948root 11241100x8000000000000000344515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d22e0d7899f18a2021-12-21 10:24:23.948root 11241100x8000000000000000344516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7608ba35ff87f0c52021-12-21 10:24:23.948root 11241100x8000000000000000344517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5879bfc56c80f20f2021-12-21 10:24:23.948root 11241100x8000000000000000344518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb9cf3e2d9db0682021-12-21 10:24:23.949root 11241100x8000000000000000344519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78db5e3dca36e0e2021-12-21 10:24:23.949root 11241100x8000000000000000344520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ac32df3ffc9d8a2021-12-21 10:24:23.949root 11241100x8000000000000000344521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f32714b87f8423d2021-12-21 10:24:23.949root 11241100x8000000000000000344522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf14b95c738306c2021-12-21 10:24:23.949root 11241100x8000000000000000344523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe5a6540c67961d2021-12-21 10:24:23.949root 11241100x8000000000000000344524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63dcc845dff37e72021-12-21 10:24:23.949root 11241100x8000000000000000344525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9a198c51debc472021-12-21 10:24:23.949root 11241100x8000000000000000344526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c5aee1edddff3c2021-12-21 10:24:23.950root 11241100x8000000000000000344527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3f40d89749c2dd2021-12-21 10:24:23.950root 11241100x8000000000000000344528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd67a6c4ef558342021-12-21 10:24:23.950root 11241100x8000000000000000344529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfdcf04ef728ea62021-12-21 10:24:23.950root 11241100x8000000000000000344530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b5b6700e4830692021-12-21 10:24:23.950root 11241100x8000000000000000344531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77813da940451452021-12-21 10:24:23.950root 11241100x8000000000000000344532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfac5d28dd9582b92021-12-21 10:24:23.950root 11241100x8000000000000000344533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88f76985a8cc68a2021-12-21 10:24:23.950root 11241100x8000000000000000344534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e045a8c3342b2432021-12-21 10:24:23.950root 11241100x8000000000000000344535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3fd7f2934de3b202021-12-21 10:24:23.950root 11241100x8000000000000000344536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2479b8fd3e18bc8b2021-12-21 10:24:23.951root 11241100x8000000000000000344537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b222e4cacb35df82021-12-21 10:24:23.951root 11241100x8000000000000000344538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8747747f34758b2021-12-21 10:24:23.951root 11241100x8000000000000000344539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b37d7aab8cece52021-12-21 10:24:23.951root 11241100x8000000000000000344540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42defd1d612d27ef2021-12-21 10:24:23.951root 11241100x8000000000000000344541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a115a58e6fd5c92021-12-21 10:24:23.951root 11241100x8000000000000000344542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d68e93a133fa662021-12-21 10:24:23.951root 11241100x8000000000000000344543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd98b7895c32efdc2021-12-21 10:24:23.951root 11241100x8000000000000000344544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94652497c01efb322021-12-21 10:24:23.952root 11241100x8000000000000000344545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff5aa9e103274832021-12-21 10:24:23.952root 11241100x8000000000000000344546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed7861aca1de7c92021-12-21 10:24:23.952root 11241100x8000000000000000344547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f61f02a920338a2021-12-21 10:24:23.952root 11241100x8000000000000000344548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6eaaf204b086b7f2021-12-21 10:24:23.952root 11241100x8000000000000000344549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a162fd595d1ae2102021-12-21 10:24:23.952root 11241100x8000000000000000344550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0dc52014a10bbf02021-12-21 10:24:23.953root 11241100x8000000000000000344551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4849fd6d23f5b1152021-12-21 10:24:23.953root 11241100x8000000000000000344552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b7f3bdd1b9b0832021-12-21 10:24:23.953root 11241100x8000000000000000344553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d679a7d1680bff2021-12-21 10:24:23.953root 11241100x8000000000000000344554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08e9eac71f823572021-12-21 10:24:23.953root 11241100x8000000000000000344555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa1b5be2df4fdac2021-12-21 10:24:23.953root 11241100x8000000000000000344556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16994c8d4de6dc402021-12-21 10:24:23.953root 11241100x8000000000000000344557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2381d0ad534cb12021-12-21 10:24:23.953root 11241100x8000000000000000344558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b4eaf50e3c78212021-12-21 10:24:23.953root 11241100x8000000000000000344559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9efa1a8202f1d0712021-12-21 10:24:23.953root 11241100x8000000000000000344560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232501d2f0e808692021-12-21 10:24:23.954root 11241100x8000000000000000344561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fbe87a3844973ed2021-12-21 10:24:23.954root 11241100x8000000000000000344562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e74d58d075981512021-12-21 10:24:23.954root 11241100x8000000000000000344563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:23.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fa760feca1212c2021-12-21 10:24:23.954root 11241100x8000000000000000344564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12c3ffbd5f9d03352021-12-21 10:24:24.442root 11241100x8000000000000000344565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4bc261e61c40262021-12-21 10:24:24.443root 11241100x8000000000000000344566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7b01f0ed3f8b6e2021-12-21 10:24:24.443root 11241100x8000000000000000344567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d952c00bf57ac22021-12-21 10:24:24.444root 11241100x8000000000000000344568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fdb22f0d52baeff2021-12-21 10:24:24.444root 11241100x8000000000000000344569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2833ba23485a34322021-12-21 10:24:24.444root 11241100x8000000000000000344570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd7f860f766c3da2021-12-21 10:24:24.445root 11241100x8000000000000000344571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f6157934a355ff2021-12-21 10:24:24.446root 11241100x8000000000000000344572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12cce4ad1d7c9cc92021-12-21 10:24:24.446root 11241100x8000000000000000344573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fa9424f56630af2021-12-21 10:24:24.447root 11241100x8000000000000000344574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5205636153bdd1f2021-12-21 10:24:24.447root 11241100x8000000000000000344575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b388881c12a31b0a2021-12-21 10:24:24.447root 11241100x8000000000000000344576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f62f776048574552021-12-21 10:24:24.447root 11241100x8000000000000000344577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f6167492bc92bd2021-12-21 10:24:24.447root 11241100x8000000000000000344578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d668a8f0a766e5db2021-12-21 10:24:24.448root 11241100x8000000000000000344579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c1b5da01f638b72021-12-21 10:24:24.448root 11241100x8000000000000000344580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3be75f3e4168da62021-12-21 10:24:24.448root 11241100x8000000000000000344581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff05e2d689252572021-12-21 10:24:24.448root 11241100x8000000000000000344582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c195fc72ad515e2021-12-21 10:24:24.448root 11241100x8000000000000000344583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df89aec8c7012d7a2021-12-21 10:24:24.448root 11241100x8000000000000000344584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9da2f75abf2d592021-12-21 10:24:24.448root 11241100x8000000000000000344585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80cbd5c723c62c572021-12-21 10:24:24.448root 11241100x8000000000000000344586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fda48f9763929c52021-12-21 10:24:24.448root 11241100x8000000000000000344587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11778b9ff14256c82021-12-21 10:24:24.449root 11241100x8000000000000000344588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123f0e1855554eb12021-12-21 10:24:24.449root 11241100x8000000000000000344589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ae5471bd2e05042021-12-21 10:24:24.449root 11241100x8000000000000000344590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1886a303661062402021-12-21 10:24:24.449root 11241100x8000000000000000344591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e7a0ff153f54492021-12-21 10:24:24.449root 11241100x8000000000000000344592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1596633846ce07262021-12-21 10:24:24.449root 11241100x8000000000000000344593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a0c444890ab4fe2021-12-21 10:24:24.449root 11241100x8000000000000000344594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4059c2af6cf72f2021-12-21 10:24:24.449root 11241100x8000000000000000344595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f8ed5cc18f24522021-12-21 10:24:24.449root 11241100x8000000000000000344596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d610bd3566548c2021-12-21 10:24:24.449root 11241100x8000000000000000344597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218b845221af72912021-12-21 10:24:24.449root 11241100x8000000000000000344598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c3c7b9353b2b672021-12-21 10:24:24.450root 11241100x8000000000000000344599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7dde7b1d49f41b82021-12-21 10:24:24.450root 11241100x8000000000000000344600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83358e33550fb42c2021-12-21 10:24:24.450root 11241100x8000000000000000344601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e85a6e32af173c32021-12-21 10:24:24.450root 11241100x8000000000000000344602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03f015b3342457b2021-12-21 10:24:24.450root 11241100x8000000000000000344603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9eff2b6614750842021-12-21 10:24:24.450root 11241100x8000000000000000344604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6eb91640fe4bfba2021-12-21 10:24:24.450root 11241100x8000000000000000344605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88878446a404dd32021-12-21 10:24:24.450root 11241100x8000000000000000344606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7778012c215b41262021-12-21 10:24:24.450root 11241100x8000000000000000344607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4726ac30eaa113292021-12-21 10:24:24.450root 11241100x8000000000000000344608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c834de842331082021-12-21 10:24:24.451root 11241100x8000000000000000344609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e5c92d29a3780f2021-12-21 10:24:24.451root 11241100x8000000000000000344610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f55038b8d31a73d2021-12-21 10:24:24.451root 11241100x8000000000000000344611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c585e4bc174ead2021-12-21 10:24:24.451root 11241100x8000000000000000344612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7955fd15ad29d34c2021-12-21 10:24:24.451root 11241100x8000000000000000344613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d9b00ce61787e0f2021-12-21 10:24:24.451root 11241100x8000000000000000344614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93dcb687dfa867982021-12-21 10:24:24.451root 11241100x8000000000000000344615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daeda630c885d8612021-12-21 10:24:24.451root 11241100x8000000000000000344616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8055f45ec96ddb2021-12-21 10:24:24.451root 11241100x8000000000000000344617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa098ba63f33dfc2021-12-21 10:24:24.451root 11241100x8000000000000000344618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aecdf9e405da42f2021-12-21 10:24:24.452root 11241100x8000000000000000344619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3196ec86427627f42021-12-21 10:24:24.452root 11241100x8000000000000000344620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d13021f8a05f182021-12-21 10:24:24.452root 11241100x8000000000000000344621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22a10e4ef9b53332021-12-21 10:24:24.452root 11241100x8000000000000000344622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16aa2f8e51b115c82021-12-21 10:24:24.452root 11241100x8000000000000000344623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4242d2c4dda9ca512021-12-21 10:24:24.943root 11241100x8000000000000000344624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e60c1a631787df2021-12-21 10:24:24.943root 11241100x8000000000000000344625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d8afff4988201d12021-12-21 10:24:24.943root 11241100x8000000000000000344626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17439bb3c84e8cc52021-12-21 10:24:24.943root 11241100x8000000000000000344627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66cb3b10740e91cc2021-12-21 10:24:24.944root 11241100x8000000000000000344628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8df74cd9f609a082021-12-21 10:24:24.944root 11241100x8000000000000000344629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f997c7030515d32021-12-21 10:24:24.944root 11241100x8000000000000000344630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450881f25c1b7a2a2021-12-21 10:24:24.944root 11241100x8000000000000000344631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a881dd53e97156262021-12-21 10:24:24.944root 11241100x8000000000000000344632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74bce4e13b21c24b2021-12-21 10:24:24.944root 11241100x8000000000000000344633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234e4a9e07e012ad2021-12-21 10:24:24.944root 11241100x8000000000000000344634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc720d2c25f41f62021-12-21 10:24:24.944root 11241100x8000000000000000344635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cacedae9efdfd7442021-12-21 10:24:24.944root 11241100x8000000000000000344636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68bd84a29697ec52021-12-21 10:24:24.945root 11241100x8000000000000000344637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b2d1a4ea8d7d952021-12-21 10:24:24.945root 11241100x8000000000000000344638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95f838aa06a26182021-12-21 10:24:24.945root 11241100x8000000000000000344639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c5d1b04e618db02021-12-21 10:24:24.945root 11241100x8000000000000000344640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79722913fd914f1c2021-12-21 10:24:24.945root 11241100x8000000000000000344641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e3c791d92453672021-12-21 10:24:24.945root 11241100x8000000000000000344642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd843405c49ae6f2021-12-21 10:24:24.946root 11241100x8000000000000000344643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1183f8da5e9cccb2021-12-21 10:24:24.946root 11241100x8000000000000000344644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceabf7277550ba4c2021-12-21 10:24:24.946root 11241100x8000000000000000344645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01939c8e33c3d2ac2021-12-21 10:24:24.946root 11241100x8000000000000000344646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b21e03a209a8b762021-12-21 10:24:24.946root 11241100x8000000000000000344647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2513423dfc32a4c12021-12-21 10:24:24.947root 11241100x8000000000000000344648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a3c157d2a984ffe2021-12-21 10:24:24.947root 11241100x8000000000000000344649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22cd3f969b5d19672021-12-21 10:24:24.947root 11241100x8000000000000000344650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d438c7b194796dea2021-12-21 10:24:24.947root 11241100x8000000000000000344651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4dbdda44d55f9282021-12-21 10:24:24.947root 11241100x8000000000000000344652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.745eb701e74d0f322021-12-21 10:24:24.947root 11241100x8000000000000000344653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf5c587b1d29d882021-12-21 10:24:24.948root 11241100x8000000000000000344654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f92eb58bbdd8d4e2021-12-21 10:24:24.948root 11241100x8000000000000000344655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1faa1941f962332021-12-21 10:24:24.948root 11241100x8000000000000000344656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bf613c08e9c9242021-12-21 10:24:24.948root 11241100x8000000000000000344657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea56b967cddc590d2021-12-21 10:24:24.948root 11241100x8000000000000000344658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a87a8e2f5e09d022021-12-21 10:24:24.948root 11241100x8000000000000000344659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f175848aaa9568ba2021-12-21 10:24:24.948root 11241100x8000000000000000344660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d42d4f4cfe946cf2021-12-21 10:24:24.949root 11241100x8000000000000000344661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94b4b9662cde5052021-12-21 10:24:24.949root 11241100x8000000000000000344662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8e5e0b3359d6352021-12-21 10:24:24.949root 11241100x8000000000000000344663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c644ad364ed03262021-12-21 10:24:24.949root 11241100x8000000000000000344664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d954e2fa9680aeba2021-12-21 10:24:24.949root 11241100x8000000000000000344665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4cf2fa693112fd2021-12-21 10:24:24.949root 11241100x8000000000000000344666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762b07cd1ee4a7922021-12-21 10:24:24.949root 11241100x8000000000000000344667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9380844517b8ef9b2021-12-21 10:24:24.949root 11241100x8000000000000000344668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e209731ee7dbb62021-12-21 10:24:24.949root 11241100x8000000000000000344669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ddd7e3f41c18ba2021-12-21 10:24:24.950root 11241100x8000000000000000344670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.844569b2a6dd45402021-12-21 10:24:24.950root 11241100x8000000000000000344671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78cca6f76ba20b572021-12-21 10:24:24.950root 11241100x8000000000000000344672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4386aa1fc1a4c96d2021-12-21 10:24:24.950root 11241100x8000000000000000344673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dff647ae2f3e9222021-12-21 10:24:24.950root 11241100x8000000000000000344674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09f1cf189afc8f62021-12-21 10:24:24.950root 11241100x8000000000000000344675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a9aa2af590fd372021-12-21 10:24:24.950root 11241100x8000000000000000344676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c12e9630fcc2ae32021-12-21 10:24:24.950root 11241100x8000000000000000344677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa826b0175854af2021-12-21 10:24:24.951root 11241100x8000000000000000344678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98a08e956a8c2372021-12-21 10:24:24.951root 11241100x8000000000000000344679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744091a24d1edd7a2021-12-21 10:24:24.951root 11241100x8000000000000000344680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb37adf72591ea472021-12-21 10:24:24.951root 11241100x8000000000000000344681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada622b81dfb14282021-12-21 10:24:24.951root 11241100x8000000000000000344682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d701abfbebcd672021-12-21 10:24:24.951root 11241100x8000000000000000344683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0fdd557976d29072021-12-21 10:24:24.951root 11241100x8000000000000000344684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9ac5a0eba26d442021-12-21 10:24:24.952root 11241100x8000000000000000344685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03499ef1d81410862021-12-21 10:24:24.952root 11241100x8000000000000000344686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435d0d7e6e55071e2021-12-21 10:24:24.953root 11241100x8000000000000000344687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebaa08e19a1299cf2021-12-21 10:24:24.953root 11241100x8000000000000000344688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbbc32d76f07af5d2021-12-21 10:24:24.953root 11241100x8000000000000000344689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd6980cd089fe592021-12-21 10:24:24.953root 11241100x8000000000000000344690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28cd3dd31075b85f2021-12-21 10:24:24.953root 11241100x8000000000000000344691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63eaf99d45bdb3b82021-12-21 10:24:24.953root 11241100x8000000000000000344692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba5f708c304a9d92021-12-21 10:24:24.953root 11241100x8000000000000000344693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b80effc3a50185672021-12-21 10:24:24.953root 11241100x8000000000000000344694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652f8d80a36e34532021-12-21 10:24:24.954root 11241100x8000000000000000344695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81f9239bb9c4c5c22021-12-21 10:24:24.954root 11241100x8000000000000000344696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45147a7f8df80262021-12-21 10:24:24.954root 11241100x8000000000000000344697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b69b6c3d0ddd482021-12-21 10:24:24.954root 11241100x8000000000000000344698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4761e4e8112b00ef2021-12-21 10:24:24.954root 11241100x8000000000000000344699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4bb400ff5c73212021-12-21 10:24:24.954root 11241100x8000000000000000344700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423f52a6c7b2f67a2021-12-21 10:24:24.954root 11241100x8000000000000000344701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5aee2944a82ab62021-12-21 10:24:24.954root 11241100x8000000000000000344702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27db630f2b2880c82021-12-21 10:24:24.955root 11241100x8000000000000000344703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0239d53b3e04eebf2021-12-21 10:24:24.955root 11241100x8000000000000000344704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ffbd96eedaf8652021-12-21 10:24:24.955root 11241100x8000000000000000344705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed19bc874566d212021-12-21 10:24:24.955root 11241100x8000000000000000344706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb5807be2e666da2021-12-21 10:24:24.955root 11241100x8000000000000000344707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:24.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a481e5ca2d51e42021-12-21 10:24:24.955root 354300x8000000000000000344708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.087{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-34116-false10.0.1.12-8089- 11241100x8000000000000000344709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d139193a322738872021-12-21 10:24:25.443root 11241100x8000000000000000344710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff02cd0aae4455742021-12-21 10:24:25.443root 11241100x8000000000000000344711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57bb46b29ef061e12021-12-21 10:24:25.444root 11241100x8000000000000000344712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f08408d179d4d02021-12-21 10:24:25.444root 11241100x8000000000000000344713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b28cd28c7d4fa92021-12-21 10:24:25.444root 11241100x8000000000000000344714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d5c3fce175cda12021-12-21 10:24:25.444root 11241100x8000000000000000344715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f612a8b15ce9a6582021-12-21 10:24:25.444root 11241100x8000000000000000344716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0e29fefa91c87d2021-12-21 10:24:25.444root 11241100x8000000000000000344717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5adcc2a0bfd122fb2021-12-21 10:24:25.444root 11241100x8000000000000000344718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5a23fabc9907d52021-12-21 10:24:25.444root 11241100x8000000000000000344719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4519370cec51e3b12021-12-21 10:24:25.444root 11241100x8000000000000000344720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17cd7aa6ad7b322a2021-12-21 10:24:25.444root 11241100x8000000000000000344721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fdc34220b829792021-12-21 10:24:25.444root 11241100x8000000000000000344722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae8141e0f07e0de2021-12-21 10:24:25.445root 11241100x8000000000000000344723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b888d40f31fbbcd62021-12-21 10:24:25.445root 11241100x8000000000000000344724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b189bcde423e51b2021-12-21 10:24:25.445root 11241100x8000000000000000344725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1708aa574014c8ce2021-12-21 10:24:25.445root 11241100x8000000000000000344726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e7bf2362b7e8152021-12-21 10:24:25.445root 11241100x8000000000000000344727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8526f0e42b978322021-12-21 10:24:25.445root 11241100x8000000000000000344728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47c80ca8c89536d2021-12-21 10:24:25.445root 11241100x8000000000000000344729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ad3cc36d1b3e742021-12-21 10:24:25.445root 11241100x8000000000000000344730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163b30fe9dcbc4ed2021-12-21 10:24:25.445root 11241100x8000000000000000344731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e33ee51a2907c8b2021-12-21 10:24:25.445root 11241100x8000000000000000344732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49b94316032097e2021-12-21 10:24:25.446root 11241100x8000000000000000344733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00be29eba5f0ca532021-12-21 10:24:25.446root 11241100x8000000000000000344734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.521fc68db0fbb3ee2021-12-21 10:24:25.446root 11241100x8000000000000000344735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739c882cba0c9e212021-12-21 10:24:25.446root 11241100x8000000000000000344736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07534b553a6cff4b2021-12-21 10:24:25.446root 11241100x8000000000000000344737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e849734c44143c62021-12-21 10:24:25.446root 11241100x8000000000000000344738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115907248a3a6c242021-12-21 10:24:25.446root 11241100x8000000000000000344739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08163d29f70c50ab2021-12-21 10:24:25.446root 11241100x8000000000000000344740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac73e956354d495c2021-12-21 10:24:25.446root 11241100x8000000000000000344741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d6c0bdc2c6c3c22021-12-21 10:24:25.446root 11241100x8000000000000000344742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6143690c096004232021-12-21 10:24:25.446root 11241100x8000000000000000344743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bac7d5a17306ebb2021-12-21 10:24:25.447root 11241100x8000000000000000344744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db658b0aff8795e2021-12-21 10:24:25.447root 11241100x8000000000000000344745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61357765e0387be32021-12-21 10:24:25.447root 11241100x8000000000000000344746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5fe34e93ed5e8a52021-12-21 10:24:25.447root 11241100x8000000000000000344747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01ffd0099fd3d6e2021-12-21 10:24:25.447root 11241100x8000000000000000344748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cea118c4d7b39e82021-12-21 10:24:25.447root 11241100x8000000000000000344749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725c7ed394b0a8ad2021-12-21 10:24:25.448root 11241100x8000000000000000344750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5393bc0d3ebff7d72021-12-21 10:24:25.448root 11241100x8000000000000000344751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b336839576a287a2021-12-21 10:24:25.448root 11241100x8000000000000000344752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15165dbfdc1c468f2021-12-21 10:24:25.448root 11241100x8000000000000000344753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7392e2a5fed8e79d2021-12-21 10:24:25.448root 11241100x8000000000000000344754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6a7db39dfa72132021-12-21 10:24:25.448root 11241100x8000000000000000344755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1c264c4ae686102021-12-21 10:24:25.448root 11241100x8000000000000000344756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0892bc53753a47102021-12-21 10:24:25.448root 11241100x8000000000000000344757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7c87266af758632021-12-21 10:24:25.448root 11241100x8000000000000000344758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70510c805b81ade92021-12-21 10:24:25.448root 11241100x8000000000000000344759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e661c815d7b27f82021-12-21 10:24:25.448root 11241100x8000000000000000344760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed939b46ecd640e2021-12-21 10:24:25.449root 11241100x8000000000000000344761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d837e2744779324a2021-12-21 10:24:25.449root 11241100x8000000000000000344762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ec424b3738ff342021-12-21 10:24:25.449root 11241100x8000000000000000344763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3bace4102a529a82021-12-21 10:24:25.449root 11241100x8000000000000000344764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f6319e9c19707c2021-12-21 10:24:25.449root 11241100x8000000000000000344765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799c6fcf2496497d2021-12-21 10:24:25.449root 11241100x8000000000000000344766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98028d61e7cfa5152021-12-21 10:24:25.449root 11241100x8000000000000000344767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b3d261d6bf44a72021-12-21 10:24:25.942root 11241100x8000000000000000344768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a99b4d1784a09d2021-12-21 10:24:25.943root 11241100x8000000000000000344769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0c01dd1b44d5a72021-12-21 10:24:25.943root 11241100x8000000000000000344770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc548332ff6fcbc12021-12-21 10:24:25.943root 11241100x8000000000000000344771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0086bef92406775a2021-12-21 10:24:25.943root 11241100x8000000000000000344772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3c58c7aed34b6a2021-12-21 10:24:25.943root 11241100x8000000000000000344773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e0da25174fa96ee2021-12-21 10:24:25.943root 11241100x8000000000000000344774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5bc53181ce789c2021-12-21 10:24:25.943root 11241100x8000000000000000344775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad6d11437a800402021-12-21 10:24:25.943root 11241100x8000000000000000344776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb6e61543836f992021-12-21 10:24:25.944root 11241100x8000000000000000344777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28c9223e0faf7f32021-12-21 10:24:25.944root 11241100x8000000000000000344778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f9ea741f844eaf32021-12-21 10:24:25.944root 11241100x8000000000000000344779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d7008e5cc1fe0042021-12-21 10:24:25.944root 11241100x8000000000000000344780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712bbf6c6deaeacf2021-12-21 10:24:25.944root 11241100x8000000000000000344781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c79a76a8864747e2021-12-21 10:24:25.944root 11241100x8000000000000000344782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4989ecb7052543b2021-12-21 10:24:25.945root 11241100x8000000000000000344783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44192d734d3bbdc2021-12-21 10:24:25.945root 11241100x8000000000000000344784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275bb186f61fa1a62021-12-21 10:24:25.945root 11241100x8000000000000000344785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040100eed4b0d3c92021-12-21 10:24:25.945root 11241100x8000000000000000344786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7adaefc3e892d15b2021-12-21 10:24:25.946root 11241100x8000000000000000344787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa726c092a2131b2021-12-21 10:24:25.946root 11241100x8000000000000000344788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386835271fabe8a32021-12-21 10:24:25.946root 11241100x8000000000000000344789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4536e4c2606aa82021-12-21 10:24:25.947root 11241100x8000000000000000344790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1f369fc95204a52021-12-21 10:24:25.947root 11241100x8000000000000000344791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a83bec23d9bb342021-12-21 10:24:25.947root 11241100x8000000000000000344792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51a7632507159952021-12-21 10:24:25.947root 11241100x8000000000000000344793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54cadab12c2266322021-12-21 10:24:25.948root 11241100x8000000000000000344794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e48b019ff431e02021-12-21 10:24:25.948root 11241100x8000000000000000344795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad75c1f38bb516a82021-12-21 10:24:25.948root 11241100x8000000000000000344796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c434701724b4a6a2021-12-21 10:24:25.948root 11241100x8000000000000000344797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a7a8067680a1c52021-12-21 10:24:25.948root 11241100x8000000000000000344798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c5204d66eb74282021-12-21 10:24:25.950root 11241100x8000000000000000344799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91438e330b7a53bb2021-12-21 10:24:25.950root 11241100x8000000000000000344800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e8531b6ef6634c2021-12-21 10:24:25.950root 11241100x8000000000000000344801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3b2b291f9f42732021-12-21 10:24:25.950root 11241100x8000000000000000344802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d9a54f4bc6b6172021-12-21 10:24:25.950root 11241100x8000000000000000344803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb217da3aba4c102021-12-21 10:24:25.950root 11241100x8000000000000000344804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1b2095fa581e572021-12-21 10:24:25.950root 11241100x8000000000000000344805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda32a3b6bc844412021-12-21 10:24:25.950root 11241100x8000000000000000344806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41b7ec6848390072021-12-21 10:24:25.951root 11241100x8000000000000000344807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb7f7abb64e4fd02021-12-21 10:24:25.951root 11241100x8000000000000000344808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d39c02f467dbda32021-12-21 10:24:25.951root 11241100x8000000000000000344809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c7b1dd0f84f6c02021-12-21 10:24:25.951root 11241100x8000000000000000344810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18008e52f113f50a2021-12-21 10:24:25.951root 11241100x8000000000000000344811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82606d517fc164a22021-12-21 10:24:25.951root 11241100x8000000000000000344812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d496e4ab6a7d0622021-12-21 10:24:25.951root 11241100x8000000000000000344813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6799a3c2ae0444162021-12-21 10:24:25.952root 11241100x8000000000000000344814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3586f7dc4ae767f92021-12-21 10:24:25.952root 11241100x8000000000000000344815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292b1c912ece49292021-12-21 10:24:25.952root 11241100x8000000000000000344816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d4d43ff3e567d32021-12-21 10:24:25.952root 11241100x8000000000000000344817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7690d48654698ae42021-12-21 10:24:25.952root 11241100x8000000000000000344818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b732eb0c27efed2021-12-21 10:24:25.952root 11241100x8000000000000000344819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3121d0bc0979fdb2021-12-21 10:24:25.952root 11241100x8000000000000000344820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a055c71f6ce50b82021-12-21 10:24:25.952root 11241100x8000000000000000344821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22054b193f0125cf2021-12-21 10:24:25.953root 11241100x8000000000000000344822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5292f1313723bb982021-12-21 10:24:25.954root 11241100x8000000000000000344823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4daf65d38947b0d2021-12-21 10:24:25.954root 11241100x8000000000000000344824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd86eef2685bb3362021-12-21 10:24:25.955root 11241100x8000000000000000344825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e06423d0bc88f92021-12-21 10:24:25.955root 11241100x8000000000000000344826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734f47f4054b3bde2021-12-21 10:24:25.955root 11241100x8000000000000000344827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a815ef695da2df2021-12-21 10:24:25.955root 11241100x8000000000000000344828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91cc80c20d7bcee12021-12-21 10:24:25.956root 11241100x8000000000000000344829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b19374964c889d2021-12-21 10:24:25.956root 11241100x8000000000000000344830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6e9751908de6e62021-12-21 10:24:25.956root 11241100x8000000000000000344831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445d6b38564263c02021-12-21 10:24:25.956root 11241100x8000000000000000344832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8d51fa4a4ab2132021-12-21 10:24:25.956root 11241100x8000000000000000344833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32dbe61b33bc40d82021-12-21 10:24:25.956root 11241100x8000000000000000344834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6aac53a6c3ff2e2021-12-21 10:24:25.956root 11241100x8000000000000000344835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7641c06cbb65a0862021-12-21 10:24:25.956root 11241100x8000000000000000344836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ffdc804e0b8a8f2021-12-21 10:24:25.957root 11241100x8000000000000000344837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3ce9277763743d2021-12-21 10:24:25.957root 11241100x8000000000000000344838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ea0c1a204ccb7e2021-12-21 10:24:25.957root 11241100x8000000000000000344839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487595970c42df482021-12-21 10:24:25.957root 11241100x8000000000000000344840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678f1eaee7edb5292021-12-21 10:24:25.957root 11241100x8000000000000000344841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ef61a63c53fc472021-12-21 10:24:25.957root 11241100x8000000000000000344842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1b8d2acdb199c82021-12-21 10:24:25.957root 11241100x8000000000000000344843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360adebc127fc16c2021-12-21 10:24:25.957root 11241100x8000000000000000344844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128ddb8c9c56039b2021-12-21 10:24:25.958root 11241100x8000000000000000344845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db089fce470be812021-12-21 10:24:25.958root 11241100x8000000000000000344846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5c0a788b104d732021-12-21 10:24:25.958root 11241100x8000000000000000344847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e07ea5c90213f72021-12-21 10:24:25.958root 11241100x8000000000000000344848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e5fb9a81eff9e02021-12-21 10:24:25.958root 11241100x8000000000000000344849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae8537865a92ef72021-12-21 10:24:25.958root 11241100x8000000000000000344850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b523e8dd19ff52ca2021-12-21 10:24:25.958root 11241100x8000000000000000344851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ef95d9e4865a932021-12-21 10:24:25.958root 11241100x8000000000000000344852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081d97a64a5aec6b2021-12-21 10:24:25.959root 11241100x8000000000000000344853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51b54f9429a9fff2021-12-21 10:24:25.959root 11241100x8000000000000000344854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21dd2d7817bd15e2021-12-21 10:24:25.959root 11241100x8000000000000000344855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12919ccea16d9ad2021-12-21 10:24:25.959root 11241100x8000000000000000344856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89393ba98b5a1ad92021-12-21 10:24:25.959root 11241100x8000000000000000344857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0cecfb7d9e17c72021-12-21 10:24:25.959root 11241100x8000000000000000344858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0ab4ae14dcfd0a2021-12-21 10:24:25.959root 11241100x8000000000000000344859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98488ce5e55c67262021-12-21 10:24:25.959root 11241100x8000000000000000344860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293a0347fbd0edda2021-12-21 10:24:25.960root 11241100x8000000000000000344861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f803e53e6fff82422021-12-21 10:24:25.960root 11241100x8000000000000000344862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbdcfcc202acbac22021-12-21 10:24:25.960root 11241100x8000000000000000344863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee6088a3775e2552021-12-21 10:24:25.960root 11241100x8000000000000000344864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01483f24c622d0d22021-12-21 10:24:25.960root 11241100x8000000000000000344865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f532b75c47b9e662021-12-21 10:24:25.960root 11241100x8000000000000000344866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12def6444b47f46b2021-12-21 10:24:25.960root 11241100x8000000000000000344867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8b7630cfa6d84f2021-12-21 10:24:25.960root 11241100x8000000000000000344868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:25.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e470deb26dadb69a2021-12-21 10:24:25.960root 11241100x8000000000000000344869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855c6a39642b1f872021-12-21 10:24:26.443root 11241100x8000000000000000344870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79530f6deb00ff882021-12-21 10:24:26.444root 11241100x8000000000000000344871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446bb0e5330c00b92021-12-21 10:24:26.444root 11241100x8000000000000000344872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d017c44c8ee5eac2021-12-21 10:24:26.444root 11241100x8000000000000000344873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b3d14a75f14ed12021-12-21 10:24:26.444root 11241100x8000000000000000344874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f963ad1a36aea3282021-12-21 10:24:26.444root 11241100x8000000000000000344875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff0050ca4b0169f2021-12-21 10:24:26.445root 11241100x8000000000000000344876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76dd75ddabf984e62021-12-21 10:24:26.445root 11241100x8000000000000000344877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567b8ed91001d50d2021-12-21 10:24:26.445root 11241100x8000000000000000344878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b171880068df45cb2021-12-21 10:24:26.445root 11241100x8000000000000000344879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53821a1fa5ff8f1a2021-12-21 10:24:26.446root 11241100x8000000000000000344880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bffa0669a3458902021-12-21 10:24:26.446root 11241100x8000000000000000344881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ed39ba5b9054eb2021-12-21 10:24:26.446root 11241100x8000000000000000344882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dfae4c6896656d52021-12-21 10:24:26.446root 11241100x8000000000000000344883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee5f378c7f18ef12021-12-21 10:24:26.446root 11241100x8000000000000000344884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a64d4f9f2b1deb42021-12-21 10:24:26.447root 11241100x8000000000000000344885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6335c8ea29defc32021-12-21 10:24:26.447root 11241100x8000000000000000344886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e794f932fef85242021-12-21 10:24:26.447root 11241100x8000000000000000344887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd84affd345074f62021-12-21 10:24:26.447root 11241100x8000000000000000344888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899c0cb6b22730f12021-12-21 10:24:26.447root 11241100x8000000000000000344889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44477821b429da3f2021-12-21 10:24:26.448root 11241100x8000000000000000344890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3c27cf091940332021-12-21 10:24:26.448root 11241100x8000000000000000344891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad5a5b2382856642021-12-21 10:24:26.448root 11241100x8000000000000000344892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d2c342501d13322021-12-21 10:24:26.448root 11241100x8000000000000000344893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2034fec66474f1fa2021-12-21 10:24:26.449root 11241100x8000000000000000344894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa2505e2a71f1c92021-12-21 10:24:26.449root 11241100x8000000000000000344895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c836643fae3b113c2021-12-21 10:24:26.449root 11241100x8000000000000000344896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcdbea627e8c87922021-12-21 10:24:26.449root 11241100x8000000000000000344897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac41b970c9f80d432021-12-21 10:24:26.449root 11241100x8000000000000000344898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec34aa8684a31d482021-12-21 10:24:26.449root 11241100x8000000000000000344899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c51ccd8bbad6298b2021-12-21 10:24:26.450root 11241100x8000000000000000344900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225d50818115ad2f2021-12-21 10:24:26.450root 11241100x8000000000000000344901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9491eeea925f06c82021-12-21 10:24:26.450root 11241100x8000000000000000344902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde39a8496a20bea2021-12-21 10:24:26.450root 11241100x8000000000000000344903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4eecaaf9bb6e2ac2021-12-21 10:24:26.450root 11241100x8000000000000000344904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d7587e4403b5132021-12-21 10:24:26.450root 11241100x8000000000000000344905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a40cfee77c38df22021-12-21 10:24:26.450root 11241100x8000000000000000344906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8fede7b44e2abd2021-12-21 10:24:26.450root 11241100x8000000000000000344907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33db2fce7619eec2021-12-21 10:24:26.450root 11241100x8000000000000000344908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be26e5fc955a1402021-12-21 10:24:26.451root 11241100x8000000000000000344909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba61e6635764f6d2021-12-21 10:24:26.451root 11241100x8000000000000000344910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38dec1c5a844a32b2021-12-21 10:24:26.451root 11241100x8000000000000000344911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4fddbdc992452312021-12-21 10:24:26.451root 11241100x8000000000000000344912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bafaa90bf8989d82021-12-21 10:24:26.451root 11241100x8000000000000000344913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036976b43b2ca6e72021-12-21 10:24:26.451root 11241100x8000000000000000344914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ce786e9b0a96ab2021-12-21 10:24:26.452root 11241100x8000000000000000344915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc42f979c0e1d5622021-12-21 10:24:26.452root 11241100x8000000000000000344916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e7a05d3e52e3be2021-12-21 10:24:26.452root 11241100x8000000000000000344917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46da2bcadce70bf2021-12-21 10:24:26.452root 11241100x8000000000000000344918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f308228611004e7b2021-12-21 10:24:26.452root 11241100x8000000000000000344919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853d645ef281582c2021-12-21 10:24:26.452root 11241100x8000000000000000344920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc28b789d26c4e302021-12-21 10:24:26.452root 11241100x8000000000000000344921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b8780912a752b22021-12-21 10:24:26.452root 11241100x8000000000000000344922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96a9f6fe154b8652021-12-21 10:24:26.452root 11241100x8000000000000000344923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488890ba878cc4b82021-12-21 10:24:26.452root 11241100x8000000000000000344924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fec5bd63dafa212021-12-21 10:24:26.453root 11241100x8000000000000000344925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3ff7ea0da4c1dd2021-12-21 10:24:26.453root 11241100x8000000000000000344926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a90e2d6241080e2021-12-21 10:24:26.453root 11241100x8000000000000000344927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290b4b0637dac5a72021-12-21 10:24:26.453root 11241100x8000000000000000344928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a2b374f7c3b0212021-12-21 10:24:26.453root 11241100x8000000000000000344929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08593bedf138ecb02021-12-21 10:24:26.453root 11241100x8000000000000000344930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57728951245ef6872021-12-21 10:24:26.453root 11241100x8000000000000000344931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1196f0b2e546732021-12-21 10:24:26.453root 11241100x8000000000000000344932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4bb0d28453fda9f2021-12-21 10:24:26.453root 11241100x8000000000000000344933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b30159f45892b4f2021-12-21 10:24:26.453root 11241100x8000000000000000344934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c48117ce8431732021-12-21 10:24:26.453root 11241100x8000000000000000344935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78286d27afdc53f22021-12-21 10:24:26.453root 11241100x8000000000000000344936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467488aceb38ae902021-12-21 10:24:26.454root 11241100x8000000000000000344937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbeb459102c4657d2021-12-21 10:24:26.454root 11241100x8000000000000000344938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0866af271a73acd12021-12-21 10:24:26.454root 11241100x8000000000000000344939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78474c27b3a9d2d2021-12-21 10:24:26.454root 11241100x8000000000000000344940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91eb25cea1915132021-12-21 10:24:26.454root 11241100x8000000000000000344941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96fe62204d059472021-12-21 10:24:26.454root 11241100x8000000000000000344942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34bc9c74a1f96582021-12-21 10:24:26.455root 11241100x8000000000000000344943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f7bdd6b96942832021-12-21 10:24:26.455root 11241100x8000000000000000344944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d561e7cc63f46e012021-12-21 10:24:26.455root 11241100x8000000000000000344945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0008e403d1bc4bb42021-12-21 10:24:26.455root 11241100x8000000000000000344946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c8cd630dfb4e912021-12-21 10:24:26.455root 11241100x8000000000000000344947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7fe1c7a45e312b2021-12-21 10:24:26.455root 11241100x8000000000000000344948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed40a3f7db396b9c2021-12-21 10:24:26.455root 11241100x8000000000000000344949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc952a790f27ad92021-12-21 10:24:26.455root 11241100x8000000000000000344950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e1c77e7259ac4c82021-12-21 10:24:26.455root 11241100x8000000000000000344951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6046f7ea452dbc6a2021-12-21 10:24:26.456root 11241100x8000000000000000344952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc98d8f9ea9a95022021-12-21 10:24:26.456root 11241100x8000000000000000344953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0d0d9f49d2319f2021-12-21 10:24:26.456root 11241100x8000000000000000344954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ee969014995d192021-12-21 10:24:26.456root 11241100x8000000000000000344955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de4d7f604dcd6692021-12-21 10:24:26.456root 11241100x8000000000000000344956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d697abcabb6ee0b2021-12-21 10:24:26.456root 11241100x8000000000000000344957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.effe9092ff60a9a82021-12-21 10:24:26.456root 11241100x8000000000000000344958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d19a0d6c7864822021-12-21 10:24:26.456root 11241100x8000000000000000344959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b080942d156db42021-12-21 10:24:26.456root 11241100x8000000000000000344960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30072a20ab62b6da2021-12-21 10:24:26.456root 11241100x8000000000000000344961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916c81d1ccd9e3152021-12-21 10:24:26.456root 11241100x8000000000000000344962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490137c7c176418c2021-12-21 10:24:26.456root 11241100x8000000000000000344963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7a5de8547122492021-12-21 10:24:26.456root 11241100x8000000000000000344964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6cf96783e0a16222021-12-21 10:24:26.456root 11241100x8000000000000000344965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557b904c724e1c2b2021-12-21 10:24:26.457root 11241100x8000000000000000344966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99dcd152e1b462b2021-12-21 10:24:26.457root 11241100x8000000000000000344967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7aa983fe6408922021-12-21 10:24:26.457root 11241100x8000000000000000344968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3819e842341dbae72021-12-21 10:24:26.457root 11241100x8000000000000000344969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6e3b6f0e9b82552021-12-21 10:24:26.457root 11241100x8000000000000000344970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317ea9d2a43e2d602021-12-21 10:24:26.457root 11241100x8000000000000000344971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e216ebaaf51c95fa2021-12-21 10:24:26.457root 11241100x8000000000000000344972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f1acd8c91e55b22021-12-21 10:24:26.457root 11241100x8000000000000000344973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0cec0d14950d06f2021-12-21 10:24:26.457root 11241100x8000000000000000344974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43c14996f66c74b2021-12-21 10:24:26.457root 11241100x8000000000000000344975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5b5d0985e0876c2021-12-21 10:24:26.458root 11241100x8000000000000000344976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3624ad8888dd4b072021-12-21 10:24:26.458root 11241100x8000000000000000344977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193e32d265b6f4c62021-12-21 10:24:26.458root 11241100x8000000000000000344978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ed777d211d75542021-12-21 10:24:26.458root 11241100x8000000000000000344979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf9622e41a837002021-12-21 10:24:26.458root 11241100x8000000000000000344980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ffffbee074fab02021-12-21 10:24:26.458root 11241100x8000000000000000344981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a5ebee6520abd8a2021-12-21 10:24:26.458root 11241100x8000000000000000344982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad2ce9a6f6c005c2021-12-21 10:24:26.458root 11241100x8000000000000000344983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2cb653d4fa1e9142021-12-21 10:24:26.458root 11241100x8000000000000000344984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991d6f2b688d5a8c2021-12-21 10:24:26.458root 11241100x8000000000000000344985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4033030c612d71362021-12-21 10:24:26.459root 11241100x8000000000000000344986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2092b701d84233c62021-12-21 10:24:26.459root 11241100x8000000000000000344987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dbf7c17c9614a742021-12-21 10:24:26.459root 11241100x8000000000000000344988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d8cac263531bc22021-12-21 10:24:26.459root 11241100x8000000000000000344989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f4f749217f85df2021-12-21 10:24:26.459root 11241100x8000000000000000344990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4226afd865ca90d42021-12-21 10:24:26.459root 11241100x8000000000000000344991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7866e50731fdc3742021-12-21 10:24:26.459root 11241100x8000000000000000344992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725209efc844c8272021-12-21 10:24:26.459root 11241100x8000000000000000344993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e273bf6aece22cdb2021-12-21 10:24:26.460root 11241100x8000000000000000344994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a44b42e6fb7b3362021-12-21 10:24:26.460root 11241100x8000000000000000344995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752edf92cb517d352021-12-21 10:24:26.461root 11241100x8000000000000000344996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6497ec005972992021-12-21 10:24:26.461root 11241100x8000000000000000344997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ffc1cdb3f883d12021-12-21 10:24:26.461root 11241100x8000000000000000344998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c84263b15810a92021-12-21 10:24:26.461root 11241100x8000000000000000344999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb795162250837012021-12-21 10:24:26.462root 11241100x8000000000000000345000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97127646321930c22021-12-21 10:24:26.462root 11241100x8000000000000000345001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d197f2a35871622021-12-21 10:24:26.462root 11241100x8000000000000000345002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25fa033c67c5d8122021-12-21 10:24:26.463root 11241100x8000000000000000345003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4cc6eb9cfb253e52021-12-21 10:24:26.463root 11241100x8000000000000000345004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d124dd9a791d792021-12-21 10:24:26.463root 11241100x8000000000000000345005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db5f37152f11f5a2021-12-21 10:24:26.464root 11241100x8000000000000000345006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b064941e1afe1a252021-12-21 10:24:26.464root 11241100x8000000000000000345007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519cebb0518e20492021-12-21 10:24:26.464root 11241100x8000000000000000345008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbdc2878387225d2021-12-21 10:24:26.465root 11241100x8000000000000000345009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a8ef01b79559e32021-12-21 10:24:26.465root 11241100x8000000000000000345010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a589638dd36bb0472021-12-21 10:24:26.465root 11241100x8000000000000000345011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4793badfa92e4ee2021-12-21 10:24:26.466root 11241100x8000000000000000345012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3850ba57e5871a082021-12-21 10:24:26.466root 11241100x8000000000000000345013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343179877b90185a2021-12-21 10:24:26.466root 11241100x8000000000000000345014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404515cebdd25b162021-12-21 10:24:26.466root 11241100x8000000000000000345015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d55215757223722021-12-21 10:24:26.466root 11241100x8000000000000000345016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df01e87e7fa08182021-12-21 10:24:26.467root 11241100x8000000000000000345017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de4232266bebe5a2021-12-21 10:24:26.467root 11241100x8000000000000000345018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d18600c0ec3ed02021-12-21 10:24:26.467root 11241100x8000000000000000345019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31beb109b67c98f2021-12-21 10:24:26.467root 11241100x8000000000000000345020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd891711707ecadd2021-12-21 10:24:26.468root 11241100x8000000000000000345021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20812d44c1a7ac0e2021-12-21 10:24:26.468root 11241100x8000000000000000345022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610f16a285f696be2021-12-21 10:24:26.468root 11241100x8000000000000000345023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74335a796bb97e8d2021-12-21 10:24:26.468root 11241100x8000000000000000345024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca9d0e6cdd828302021-12-21 10:24:26.468root 11241100x8000000000000000345025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fb2cb4790ae24c2021-12-21 10:24:26.468root 11241100x8000000000000000345026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.468{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4644981bca9ff0e62021-12-21 10:24:26.468root 11241100x8000000000000000345027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.021b369342bc3a032021-12-21 10:24:26.469root 11241100x8000000000000000345028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b706f9b2e06db43b2021-12-21 10:24:26.469root 11241100x8000000000000000345029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa59b9ceca9bdd962021-12-21 10:24:26.469root 11241100x8000000000000000345030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa58e87d4c593f752021-12-21 10:24:26.469root 11241100x8000000000000000345031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67991acf1b3476b22021-12-21 10:24:26.469root 11241100x8000000000000000345032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3277b4a6b9f9962021-12-21 10:24:26.469root 11241100x8000000000000000345033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b83a8db7b6cf4bc2021-12-21 10:24:26.469root 11241100x8000000000000000345034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441fa801d9c0bd322021-12-21 10:24:26.470root 11241100x8000000000000000345035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d085eebf42d4ceb2021-12-21 10:24:26.470root 11241100x8000000000000000345036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f1e17722bfdb2aa2021-12-21 10:24:26.470root 11241100x8000000000000000345037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ba5ceb0ecc8d472021-12-21 10:24:26.470root 11241100x8000000000000000345038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7e77e8a76267902021-12-21 10:24:26.470root 11241100x8000000000000000345039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e8e815402027abe2021-12-21 10:24:26.470root 11241100x8000000000000000345040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a51d0f44c77a9d62021-12-21 10:24:26.470root 11241100x8000000000000000345041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66319167d91aa4922021-12-21 10:24:26.470root 11241100x8000000000000000345042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83dce82956ce416e2021-12-21 10:24:26.471root 11241100x8000000000000000345043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd05319a00b0f9522021-12-21 10:24:26.471root 11241100x8000000000000000345044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:26.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87dee4e5c77183bb2021-12-21 10:24:26.471root 11241100x8000000000000000345097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:36.349{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:24:36.349root 11241100x8000000000000000345098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:36.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1e9a0a0f17ac6e2021-12-21 10:24:36.692root 11241100x8000000000000000345099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:37.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f92134be67d7372021-12-21 10:24:37.192root 11241100x8000000000000000345100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:37.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f70c043cbd4e0a92021-12-21 10:24:37.692root 354300x8000000000000000345101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:38.100{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47058-false10.0.1.12-8000- 11241100x8000000000000000345102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:38.101{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f223237993a2bc3d2021-12-21 10:24:38.101root 11241100x8000000000000000345103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:38.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bbbc0477e2174e42021-12-21 10:24:38.442root 11241100x8000000000000000345104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.083be3267baa20fd2021-12-21 10:24:38.443root 11241100x8000000000000000345105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:38.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c1ab1d83eeabde82021-12-21 10:24:38.942root 11241100x8000000000000000345106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a01f98f3374ea312021-12-21 10:24:38.943root 23542300x8000000000000000345107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:39.349{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000345108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:39.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb350c29be46973e2021-12-21 10:24:39.350root 11241100x8000000000000000345109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:39.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87df9de49b943efd2021-12-21 10:24:39.350root 11241100x8000000000000000345110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eebc9d1b468656182021-12-21 10:24:39.693root 11241100x8000000000000000345111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832123c3a30595692021-12-21 10:24:39.694root 11241100x8000000000000000345112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32a67803111d9fc2021-12-21 10:24:39.694root 11241100x8000000000000000345113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:40.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673e958b070f94042021-12-21 10:24:40.192root 11241100x8000000000000000345114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f9339f60193e452021-12-21 10:24:40.193root 11241100x8000000000000000345115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3902bf1c48bfba802021-12-21 10:24:40.193root 11241100x8000000000000000345116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:40.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e21fbabae77ddf2021-12-21 10:24:40.692root 11241100x8000000000000000345117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b3b1e253296e512021-12-21 10:24:40.693root 11241100x8000000000000000345118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31bf01c0635513412021-12-21 10:24:40.693root 11241100x8000000000000000345119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:41.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2d7ce0489a4b5f2021-12-21 10:24:41.192root 11241100x8000000000000000345120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dddc95bd4128983c2021-12-21 10:24:41.193root 11241100x8000000000000000345121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2f843f8c3c59742021-12-21 10:24:41.193root 11241100x8000000000000000345122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:41.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40faee1cbd80d0372021-12-21 10:24:41.692root 11241100x8000000000000000345123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f10f3d592524332021-12-21 10:24:41.693root 11241100x8000000000000000345124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699ae299642f73732021-12-21 10:24:41.693root 11241100x8000000000000000345125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:42.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df2735b5e9930d12021-12-21 10:24:42.192root 11241100x8000000000000000345126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2f23c70e0c355e2021-12-21 10:24:42.193root 11241100x8000000000000000345127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41366bb42beee0732021-12-21 10:24:42.193root 11241100x8000000000000000345128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:42.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ed95a8f6941722d2021-12-21 10:24:42.692root 11241100x8000000000000000345129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9ecfd9f397d0cf2021-12-21 10:24:42.693root 11241100x8000000000000000345130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ec3b2caade5b4d2021-12-21 10:24:42.693root 11241100x8000000000000000345131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:43.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2882373ef8670f2021-12-21 10:24:43.192root 11241100x8000000000000000345132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39fb5568d2d40fc22021-12-21 10:24:43.193root 11241100x8000000000000000345133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0a13c60d2bc0082021-12-21 10:24:43.193root 354300x8000000000000000345134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:43.194{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47060-false10.0.1.12-8000- 11241100x8000000000000000345135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:43.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2efbc1edca815b2021-12-21 10:24:43.692root 11241100x8000000000000000345136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42d69ce97a83c9f2021-12-21 10:24:43.693root 11241100x8000000000000000345137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da555309c9dbd242021-12-21 10:24:43.693root 11241100x8000000000000000345138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37689063b6a3f98a2021-12-21 10:24:43.693root 11241100x8000000000000000345139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:44.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e078eaa962420542021-12-21 10:24:44.192root 11241100x8000000000000000345140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4d83bc39745d282021-12-21 10:24:44.193root 11241100x8000000000000000345141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fbfb5766f42e552021-12-21 10:24:44.193root 11241100x8000000000000000345142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52510b023839960b2021-12-21 10:24:44.193root 11241100x8000000000000000345143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:44.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ff8d60229dd6eb2021-12-21 10:24:44.692root 11241100x8000000000000000345144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7613c55412ad392021-12-21 10:24:44.693root 11241100x8000000000000000345145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee207f58654d4e3f2021-12-21 10:24:44.693root 11241100x8000000000000000345146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166f10f2558a035c2021-12-21 10:24:44.693root 11241100x8000000000000000345147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:45.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287fde89afbe95572021-12-21 10:24:45.192root 11241100x8000000000000000345148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59056b8a82ffeec52021-12-21 10:24:45.193root 11241100x8000000000000000345149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c68f4081c86af42021-12-21 10:24:45.193root 11241100x8000000000000000345150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f4af8ee4f1d1862021-12-21 10:24:45.193root 11241100x8000000000000000345151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.359bbfa5a2e1cb002021-12-21 10:24:45.693root 11241100x8000000000000000345152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48efef2221bd263b2021-12-21 10:24:45.693root 11241100x8000000000000000345153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0f9bc5cdddbc4f2021-12-21 10:24:45.693root 11241100x8000000000000000345154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7e116f81463ea52021-12-21 10:24:45.693root 11241100x8000000000000000345155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723cfbac2394a9762021-12-21 10:24:46.193root 11241100x8000000000000000345156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f35f1d30a90d4a42021-12-21 10:24:46.193root 11241100x8000000000000000345157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d99bd57edcef5f2021-12-21 10:24:46.193root 11241100x8000000000000000345158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd591bf28ef6b4da2021-12-21 10:24:46.193root 11241100x8000000000000000345159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:46.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2b51198347c1c52021-12-21 10:24:46.692root 11241100x8000000000000000345160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.123de14e73a2b7b12021-12-21 10:24:46.693root 11241100x8000000000000000345161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c98e6e2667549b62021-12-21 10:24:46.693root 11241100x8000000000000000345162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1894d217a16fee832021-12-21 10:24:46.693root 11241100x8000000000000000345163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:47.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5661998fd42ca1ff2021-12-21 10:24:47.192root 11241100x8000000000000000345164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d98554192c729ec2021-12-21 10:24:47.193root 11241100x8000000000000000345165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef958b50acb33232021-12-21 10:24:47.193root 11241100x8000000000000000345166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.387d42ac2a7864df2021-12-21 10:24:47.193root 11241100x8000000000000000345167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:47.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a01735422407d32021-12-21 10:24:47.692root 11241100x8000000000000000345168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc551b181b30bcad2021-12-21 10:24:47.693root 11241100x8000000000000000345169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058537c5431fc7fd2021-12-21 10:24:47.693root 11241100x8000000000000000345170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88aa9b7aad8652462021-12-21 10:24:47.693root 11241100x8000000000000000345171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:48.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47972bd7689390c52021-12-21 10:24:48.192root 11241100x8000000000000000345172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d9b2e2406a46982021-12-21 10:24:48.193root 11241100x8000000000000000345173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b78b03449b05872021-12-21 10:24:48.193root 11241100x8000000000000000345174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67581cda0c96c5b2021-12-21 10:24:48.193root 354300x8000000000000000345175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:48.252{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47062-false10.0.1.12-8000- 11241100x8000000000000000345176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d3ea9821e3235a2021-12-21 10:24:48.693root 11241100x8000000000000000345177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c47119c41d50582021-12-21 10:24:48.693root 11241100x8000000000000000345178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6fdb72aaddcb6662021-12-21 10:24:48.693root 11241100x8000000000000000345179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c844c4ed1601eb2021-12-21 10:24:48.693root 11241100x8000000000000000345180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132ad5e88128ca0d2021-12-21 10:24:48.694root 11241100x8000000000000000345181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6595cb3ad7004a82021-12-21 10:24:49.193root 11241100x8000000000000000345182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47d8c7ce5db619e2021-12-21 10:24:49.193root 11241100x8000000000000000345183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9240f92a78ec6d812021-12-21 10:24:49.193root 11241100x8000000000000000345184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49cf8b91e341cb252021-12-21 10:24:49.193root 11241100x8000000000000000345185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b7a914244f91b32021-12-21 10:24:49.193root 11241100x8000000000000000345186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef10d95cdc1f9952021-12-21 10:24:49.693root 11241100x8000000000000000345187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242bd80fbbccdb102021-12-21 10:24:49.693root 11241100x8000000000000000345188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6a90f23d88efbe2021-12-21 10:24:49.693root 11241100x8000000000000000345189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39c84ee1b959c912021-12-21 10:24:49.693root 11241100x8000000000000000345190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c0bd37e27543c42021-12-21 10:24:49.694root 11241100x8000000000000000345191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f014356966e7472021-12-21 10:24:50.193root 11241100x8000000000000000345192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2722f45d5bfe3a382021-12-21 10:24:50.193root 11241100x8000000000000000345193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f51665c2bd1d1502021-12-21 10:24:50.193root 11241100x8000000000000000345194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ad0746aaa20b572021-12-21 10:24:50.194root 11241100x8000000000000000345195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812665acf92383712021-12-21 10:24:50.194root 11241100x8000000000000000345196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:50.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30762d4d71ed19a32021-12-21 10:24:50.692root 11241100x8000000000000000345197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eea4957bfcfc0c62021-12-21 10:24:50.693root 11241100x8000000000000000345198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.815c249208fdaa8d2021-12-21 10:24:50.693root 11241100x8000000000000000345199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d407369459d9f28c2021-12-21 10:24:50.694root 11241100x8000000000000000345200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f89b21ca36b3071d2021-12-21 10:24:50.694root 11241100x8000000000000000345201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:51.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21e95b2611aa8f62021-12-21 10:24:51.192root 11241100x8000000000000000345202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc7c0456003cfcb82021-12-21 10:24:51.193root 11241100x8000000000000000345203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00cd736be422c6622021-12-21 10:24:51.193root 11241100x8000000000000000345204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590e934dcc3bc9542021-12-21 10:24:51.193root 11241100x8000000000000000345205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d055ee3aa1077b82021-12-21 10:24:51.194root 11241100x8000000000000000345206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0a613739aa1ea22021-12-21 10:24:51.693root 11241100x8000000000000000345207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d685565db0d02e2021-12-21 10:24:51.693root 11241100x8000000000000000345208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c92d3e55b7aab62021-12-21 10:24:51.693root 11241100x8000000000000000345209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c326032fdc2f129e2021-12-21 10:24:51.693root 11241100x8000000000000000345210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5394f475b1cf9f7f2021-12-21 10:24:51.693root 11241100x8000000000000000345211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:52.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e82348953c0d4312021-12-21 10:24:52.192root 11241100x8000000000000000345212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e97753f287ddbff2021-12-21 10:24:52.193root 11241100x8000000000000000345213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81dac4869bb76ea92021-12-21 10:24:52.193root 11241100x8000000000000000345214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab68629eb7448712021-12-21 10:24:52.193root 11241100x8000000000000000345215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508e13bb4585d1b12021-12-21 10:24:52.194root 11241100x8000000000000000345216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:52.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc425fe9b2a55ca52021-12-21 10:24:52.692root 11241100x8000000000000000345217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d842a32728e0e0002021-12-21 10:24:52.693root 11241100x8000000000000000345218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30237b37e888ebbf2021-12-21 10:24:52.693root 11241100x8000000000000000345219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1052fa3d4b684552021-12-21 10:24:52.693root 11241100x8000000000000000345220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107202efdb3670692021-12-21 10:24:52.694root 11241100x8000000000000000345221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.affc5d73fed506712021-12-21 10:24:53.193root 11241100x8000000000000000345222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16bbf8407dd181ca2021-12-21 10:24:53.193root 11241100x8000000000000000345223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb13dbc5eca42fd2021-12-21 10:24:53.193root 11241100x8000000000000000345224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8505a8dea77631892021-12-21 10:24:53.193root 11241100x8000000000000000345225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:53.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7613c495cb3ece2021-12-21 10:24:53.193root 11241100x8000000000000000345226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d9aecc7ae5b3bd2021-12-21 10:24:53.693root 11241100x8000000000000000345227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d3139ff29259132021-12-21 10:24:53.693root 11241100x8000000000000000345228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575c0680db83437c2021-12-21 10:24:53.693root 11241100x8000000000000000345229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c102aa297dc034f22021-12-21 10:24:53.693root 11241100x8000000000000000345230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:53.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d806bc89e1dd0f2021-12-21 10:24:53.693root 354300x8000000000000000345231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:54.188{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47064-false10.0.1.12-8000- 11241100x8000000000000000345232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:54.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761bbec32770ff6a2021-12-21 10:24:54.188root 11241100x8000000000000000345233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:54.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d319f820da7ae12021-12-21 10:24:54.189root 11241100x8000000000000000345234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:54.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d73c2053e357cd2021-12-21 10:24:54.189root 11241100x8000000000000000345235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:54.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c5f5d8bf2357272021-12-21 10:24:54.189root 11241100x8000000000000000345236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:54.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c70c3fd6950b8b82021-12-21 10:24:54.189root 11241100x8000000000000000345237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3b0e5c03ebabd52021-12-21 10:24:54.443root 11241100x8000000000000000345238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4346336b9694666d2021-12-21 10:24:54.443root 11241100x8000000000000000345239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8986c0d40ea84a0c2021-12-21 10:24:54.443root 11241100x8000000000000000345240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68fa84c2c14013292021-12-21 10:24:54.443root 11241100x8000000000000000345241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440faa4c19ae84552021-12-21 10:24:54.443root 11241100x8000000000000000345242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251a356953f7b8fc2021-12-21 10:24:54.443root 11241100x8000000000000000345243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f60b9b4939a7c5a2021-12-21 10:24:54.943root 11241100x8000000000000000345244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d594edd3e7dd6e822021-12-21 10:24:54.943root 11241100x8000000000000000345245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afcf66731f139b6e2021-12-21 10:24:54.943root 11241100x8000000000000000345246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50ba848445368852021-12-21 10:24:54.943root 11241100x8000000000000000345247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666e0c52cd0014612021-12-21 10:24:54.943root 11241100x8000000000000000345248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2e069bcef55bc42021-12-21 10:24:54.943root 11241100x8000000000000000345249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e590515f218bcf642021-12-21 10:24:55.443root 11241100x8000000000000000345250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a0ed026469eb662021-12-21 10:24:55.443root 11241100x8000000000000000345251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f286b2565cef23202021-12-21 10:24:55.443root 11241100x8000000000000000345252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c02de14f63d5542021-12-21 10:24:55.443root 11241100x8000000000000000345253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d03e7ab2dc85cc82021-12-21 10:24:55.443root 11241100x8000000000000000345254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be800190e6d7fc2a2021-12-21 10:24:55.443root 11241100x8000000000000000345255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9023cc3b83b035602021-12-21 10:24:55.943root 11241100x8000000000000000345256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67019c4158dcd052021-12-21 10:24:55.943root 11241100x8000000000000000345257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e305dbe1ac6ed7e32021-12-21 10:24:55.943root 11241100x8000000000000000345258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b41c570f5d71b202021-12-21 10:24:55.943root 11241100x8000000000000000345259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9e545e7cbab20d2021-12-21 10:24:55.943root 11241100x8000000000000000345260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79a9c7f4e7e30d22021-12-21 10:24:55.943root 11241100x8000000000000000345261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4a344877ca75422021-12-21 10:24:56.443root 11241100x8000000000000000345262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06cb31f406d9b2582021-12-21 10:24:56.443root 11241100x8000000000000000345263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d14d344eafe8d72021-12-21 10:24:56.443root 11241100x8000000000000000345264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5fa9c47ad7d8d02021-12-21 10:24:56.443root 11241100x8000000000000000345265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a15e87d01e7caf32021-12-21 10:24:56.443root 11241100x8000000000000000345266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b8238dc65554842021-12-21 10:24:56.443root 11241100x8000000000000000345267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f548becc8a1d0012021-12-21 10:24:56.943root 11241100x8000000000000000345268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64dc53cb8b35d422021-12-21 10:24:56.943root 11241100x8000000000000000345269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc37b9d6f5e797f2021-12-21 10:24:56.943root 11241100x8000000000000000345270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2fd4d3cbc77bde2021-12-21 10:24:56.943root 11241100x8000000000000000345271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb71f57e36ba59f2021-12-21 10:24:56.943root 11241100x8000000000000000345272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddb0f323bc13e4d2021-12-21 10:24:56.943root 11241100x8000000000000000345273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ea8d0d84898bd02021-12-21 10:24:57.443root 11241100x8000000000000000345274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f936489ff0f535002021-12-21 10:24:57.443root 11241100x8000000000000000345275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b22f8a786a81662021-12-21 10:24:57.443root 11241100x8000000000000000345276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2bc81a0573e0c52021-12-21 10:24:57.443root 11241100x8000000000000000345277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a4fa579cfd226412021-12-21 10:24:57.443root 11241100x8000000000000000345278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5ec186d95d491c2021-12-21 10:24:57.443root 11241100x8000000000000000345279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4993952303c9ab42021-12-21 10:24:57.943root 11241100x8000000000000000345280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0cad62048f9ea1c2021-12-21 10:24:57.943root 11241100x8000000000000000345281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6c8167526c615e2021-12-21 10:24:57.943root 11241100x8000000000000000345282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46467158d8b77cf82021-12-21 10:24:57.943root 11241100x8000000000000000345283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3509cdc8441e558c2021-12-21 10:24:57.943root 11241100x8000000000000000345284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b027f0aca913f7042021-12-21 10:24:57.943root 11241100x8000000000000000345285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ddb1cc7c3070c172021-12-21 10:24:58.443root 11241100x8000000000000000345286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51703ebe20f5c4172021-12-21 10:24:58.443root 11241100x8000000000000000345287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1031c70287f80c052021-12-21 10:24:58.443root 11241100x8000000000000000345288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f07f2a1e7014e8a2021-12-21 10:24:58.443root 11241100x8000000000000000345289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec6b532eca59e5c2021-12-21 10:24:58.443root 11241100x8000000000000000345290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782974829399ed4b2021-12-21 10:24:58.443root 11241100x8000000000000000345291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212296f39ee8407d2021-12-21 10:24:58.943root 11241100x8000000000000000345292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1ab94aa743fba02021-12-21 10:24:58.943root 11241100x8000000000000000345293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d54abb997669de82021-12-21 10:24:58.943root 11241100x8000000000000000345294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67c7a3021c611c52021-12-21 10:24:58.943root 11241100x8000000000000000345295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6991e404b1d13ce82021-12-21 10:24:58.943root 11241100x8000000000000000345296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad24f277f6df5012021-12-21 10:24:58.943root 11241100x8000000000000000345297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ab36e5cde5133f2021-12-21 10:24:59.443root 11241100x8000000000000000345298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83b325cf4271b3a2021-12-21 10:24:59.443root 11241100x8000000000000000345299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8180e177050f4f5c2021-12-21 10:24:59.443root 11241100x8000000000000000345300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275d13faf7a1f04c2021-12-21 10:24:59.443root 11241100x8000000000000000345301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f908002de33b74ae2021-12-21 10:24:59.443root 11241100x8000000000000000345302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b8112822e4e41172021-12-21 10:24:59.443root 11241100x8000000000000000345303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6b32a6da3518372021-12-21 10:24:59.943root 11241100x8000000000000000345304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6da8a316d756dae2021-12-21 10:24:59.943root 11241100x8000000000000000345305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3449bce25d6eb812021-12-21 10:24:59.943root 11241100x8000000000000000345306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c562f2fa3c8a40f12021-12-21 10:24:59.943root 11241100x8000000000000000345307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda691279fdad8742021-12-21 10:24:59.943root 11241100x8000000000000000345308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:24:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd698a71faed2ae2021-12-21 10:24:59.943root 354300x8000000000000000345309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:00.157{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47066-false10.0.1.12-8000- 11241100x8000000000000000345310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16c1f3960b59dae2021-12-21 10:25:00.443root 11241100x8000000000000000345311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2de877cfe354f02021-12-21 10:25:00.443root 11241100x8000000000000000345312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658759825bac05902021-12-21 10:25:00.443root 11241100x8000000000000000345313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a241fc3abc9ff1e62021-12-21 10:25:00.443root 11241100x8000000000000000345314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0522068379212e2021-12-21 10:25:00.443root 11241100x8000000000000000345315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89caba4c11de637f2021-12-21 10:25:00.443root 11241100x8000000000000000345316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bc7b9f69032e8f42021-12-21 10:25:00.443root 11241100x8000000000000000345317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab0bb93952c79892021-12-21 10:25:00.943root 11241100x8000000000000000345318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18dc517d5455d372021-12-21 10:25:00.943root 11241100x8000000000000000345319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bbbed4c2a9fc5e32021-12-21 10:25:00.943root 11241100x8000000000000000345320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4710de6203724012021-12-21 10:25:00.943root 11241100x8000000000000000345321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2298cc082b6c2d482021-12-21 10:25:00.943root 11241100x8000000000000000345322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c875b656370f9b352021-12-21 10:25:00.943root 11241100x8000000000000000345323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7fdb73c15e724a2021-12-21 10:25:00.943root 11241100x8000000000000000345324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890d205031e72f972021-12-21 10:25:01.443root 11241100x8000000000000000345325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecfbb92495a766a2021-12-21 10:25:01.443root 11241100x8000000000000000345326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f8b38f5539eb7f2021-12-21 10:25:01.443root 11241100x8000000000000000345327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd7e48ce97faf332021-12-21 10:25:01.443root 11241100x8000000000000000345328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8670c769cad07e42021-12-21 10:25:01.443root 11241100x8000000000000000345329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6831494be0c027d2021-12-21 10:25:01.443root 11241100x8000000000000000345330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7fe3a48a6693b5b2021-12-21 10:25:01.443root 11241100x8000000000000000345331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64673f3c07f331162021-12-21 10:25:01.943root 11241100x8000000000000000345332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab6b6daf1c6d1ae2021-12-21 10:25:01.943root 11241100x8000000000000000345333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33091afb131640df2021-12-21 10:25:01.943root 11241100x8000000000000000345334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d43419e4d7cad62021-12-21 10:25:01.943root 11241100x8000000000000000345335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510f0df71ba17b0f2021-12-21 10:25:01.943root 11241100x8000000000000000345336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8826fd16583efd22021-12-21 10:25:01.943root 11241100x8000000000000000345337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4dbe6e081eae8d42021-12-21 10:25:01.943root 11241100x8000000000000000345338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e7aae9a8bf8ca22021-12-21 10:25:02.443root 11241100x8000000000000000345339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a34eb51e5a40de2021-12-21 10:25:02.443root 11241100x8000000000000000345340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca81b83320dd19942021-12-21 10:25:02.443root 11241100x8000000000000000345341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4fb3ba24429f392021-12-21 10:25:02.443root 11241100x8000000000000000345342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380049fbf00dc5a42021-12-21 10:25:02.443root 11241100x8000000000000000345343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09015c01f48b70572021-12-21 10:25:02.443root 11241100x8000000000000000345344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adaa40e3d96cbe702021-12-21 10:25:02.443root 11241100x8000000000000000345345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9faa90cd7acc67492021-12-21 10:25:02.943root 11241100x8000000000000000345346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef0b9306b557a652021-12-21 10:25:02.943root 11241100x8000000000000000345347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c5045d5bb6ecc0d2021-12-21 10:25:02.943root 11241100x8000000000000000345348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6682e357ed6de2882021-12-21 10:25:02.943root 11241100x8000000000000000345349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c588d2c57fea7f2021-12-21 10:25:02.943root 11241100x8000000000000000345350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f253f7cca42e6112021-12-21 10:25:02.943root 11241100x8000000000000000345351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697f967e29ac4cd22021-12-21 10:25:02.943root 11241100x8000000000000000345352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.551a904c647566ea2021-12-21 10:25:03.443root 11241100x8000000000000000345353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c35bbc2b7567712021-12-21 10:25:03.443root 11241100x8000000000000000345354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239166da3585adf42021-12-21 10:25:03.443root 11241100x8000000000000000345355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc3bde6c88915702021-12-21 10:25:03.443root 11241100x8000000000000000345356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2861c21486e5792021-12-21 10:25:03.443root 11241100x8000000000000000345357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a78a767217e552c2021-12-21 10:25:03.443root 11241100x8000000000000000345358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0d2ef29766d2e62021-12-21 10:25:03.443root 11241100x8000000000000000345359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c661c24bb003fe442021-12-21 10:25:03.943root 11241100x8000000000000000345360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ff4d0943cca1c32021-12-21 10:25:03.943root 11241100x8000000000000000345361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81be5b068653bcf32021-12-21 10:25:03.943root 11241100x8000000000000000345362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba1ab2eb8d05e782021-12-21 10:25:03.943root 11241100x8000000000000000345363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeadd20ee27cae122021-12-21 10:25:03.943root 11241100x8000000000000000345364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c292876ff147693e2021-12-21 10:25:03.943root 11241100x8000000000000000345365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c93678654a8d8c2021-12-21 10:25:03.943root 11241100x8000000000000000345366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98638acd81da9c172021-12-21 10:25:04.443root 11241100x8000000000000000345367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe8eacb80c7c0602021-12-21 10:25:04.443root 11241100x8000000000000000345368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b3088a425fdd892021-12-21 10:25:04.443root 11241100x8000000000000000345369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87afa0147c10fb562021-12-21 10:25:04.443root 11241100x8000000000000000345370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809ca260a56d77ba2021-12-21 10:25:04.443root 11241100x8000000000000000345371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5981edd7610776042021-12-21 10:25:04.443root 11241100x8000000000000000345372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de0a014742f2ee12021-12-21 10:25:04.443root 11241100x8000000000000000345373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72f790d5bede8392021-12-21 10:25:04.943root 11241100x8000000000000000345374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b8125387d53f4d2021-12-21 10:25:04.943root 11241100x8000000000000000345375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33badaf64957d2a2021-12-21 10:25:04.943root 11241100x8000000000000000345376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35bc338a5911a45c2021-12-21 10:25:04.943root 11241100x8000000000000000345377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5fad4936311b342021-12-21 10:25:04.943root 11241100x8000000000000000345378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c790d756cd72dfb12021-12-21 10:25:04.943root 11241100x8000000000000000345379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b684c8431c9d4c2021-12-21 10:25:04.943root 11241100x8000000000000000345380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6318a299df26da82021-12-21 10:25:05.443root 11241100x8000000000000000345381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef160c886f38266d2021-12-21 10:25:05.443root 11241100x8000000000000000345382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a8e7522dee9fc02021-12-21 10:25:05.443root 11241100x8000000000000000345383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e247868f467c2642021-12-21 10:25:05.443root 11241100x8000000000000000345384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d98b06782a1fe82021-12-21 10:25:05.443root 11241100x8000000000000000345385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ba4420c144d06a2021-12-21 10:25:05.443root 11241100x8000000000000000345386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4602bf3106a732332021-12-21 10:25:05.443root 11241100x8000000000000000345387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c59849c7b8af1b3e2021-12-21 10:25:05.943root 11241100x8000000000000000345388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678324f10efc45be2021-12-21 10:25:05.943root 11241100x8000000000000000345389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01877e56541b9382021-12-21 10:25:05.943root 11241100x8000000000000000345390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f54469ed8070f7c2021-12-21 10:25:05.943root 11241100x8000000000000000345391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d66b76778f49c62021-12-21 10:25:05.943root 11241100x8000000000000000345392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf62bf39f61c16b42021-12-21 10:25:05.943root 11241100x8000000000000000345393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f979f0083bcbad52021-12-21 10:25:05.943root 354300x8000000000000000345394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:06.061{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47068-false10.0.1.12-8000- 11241100x8000000000000000345395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:06.349{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:25:06.349root 11241100x8000000000000000345396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825d82ea3ba3ba302021-12-21 10:25:06.350root 11241100x8000000000000000345397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0733165fce184f32021-12-21 10:25:06.350root 11241100x8000000000000000345398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6128a842ae70ee022021-12-21 10:25:06.350root 11241100x8000000000000000345399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314431984fd2165c2021-12-21 10:25:06.350root 11241100x8000000000000000345400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67fd113a1444322e2021-12-21 10:25:06.350root 11241100x8000000000000000345401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ef5521a4a1746a2021-12-21 10:25:06.350root 11241100x8000000000000000345402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0ce2a39421c6ca2021-12-21 10:25:06.350root 11241100x8000000000000000345403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04fb58ab138aeba52021-12-21 10:25:06.351root 11241100x8000000000000000345404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9fa200d5461ca12021-12-21 10:25:06.351root 11241100x8000000000000000345405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d9e935e2cf06d22021-12-21 10:25:06.693root 11241100x8000000000000000345406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d4a2412a6a713a2021-12-21 10:25:06.693root 11241100x8000000000000000345407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654814286e6de9d22021-12-21 10:25:06.693root 11241100x8000000000000000345408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ea815ec147727d2021-12-21 10:25:06.693root 11241100x8000000000000000345409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e363f4d6b8e3d32021-12-21 10:25:06.693root 11241100x8000000000000000345410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f717937c28b920672021-12-21 10:25:06.693root 11241100x8000000000000000345411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d26b0a2d19b510f2021-12-21 10:25:06.693root 11241100x8000000000000000345412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c93a2aebee8aca2021-12-21 10:25:06.693root 11241100x8000000000000000345413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e14cdb9eb2365e2021-12-21 10:25:06.693root 11241100x8000000000000000345414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99e3d5e33e3f1292021-12-21 10:25:07.193root 11241100x8000000000000000345415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73b68cd9ef090ff2021-12-21 10:25:07.193root 11241100x8000000000000000345416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b308fc1f4397f2222021-12-21 10:25:07.193root 11241100x8000000000000000345417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14763dff9cdf43172021-12-21 10:25:07.193root 11241100x8000000000000000345418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a221aa241b1469742021-12-21 10:25:07.193root 11241100x8000000000000000345419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0989b5a6aebe1e2021-12-21 10:25:07.193root 11241100x8000000000000000345420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556eeed162ea4fb22021-12-21 10:25:07.193root 11241100x8000000000000000345421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda9d4c3f0666d9b2021-12-21 10:25:07.193root 11241100x8000000000000000345422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317e2948d05b0f252021-12-21 10:25:07.193root 11241100x8000000000000000345423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c9909ed5d15adc2021-12-21 10:25:07.693root 11241100x8000000000000000345424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9506ab86b71e28242021-12-21 10:25:07.693root 11241100x8000000000000000345425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf99ce3c229fb76c2021-12-21 10:25:07.693root 11241100x8000000000000000345426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a3dca69a0a403db2021-12-21 10:25:07.693root 11241100x8000000000000000345427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8a100bfa30709b2021-12-21 10:25:07.693root 11241100x8000000000000000345428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82c16e7c58fb06e2021-12-21 10:25:07.693root 11241100x8000000000000000345429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2b909dee77d25f2021-12-21 10:25:07.693root 11241100x8000000000000000345430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea978b5694cdf7b2021-12-21 10:25:07.693root 11241100x8000000000000000345431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749495bbe3ac2c592021-12-21 10:25:07.693root 11241100x8000000000000000345432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b500ee3d68f67f2021-12-21 10:25:08.193root 11241100x8000000000000000345433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273e719a272db4e62021-12-21 10:25:08.193root 11241100x8000000000000000345434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab782258c554519e2021-12-21 10:25:08.193root 11241100x8000000000000000345435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af53fb18d6f561c82021-12-21 10:25:08.193root 11241100x8000000000000000345436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a225a56ce879fc9b2021-12-21 10:25:08.193root 11241100x8000000000000000345437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1435d4bd6f2d9a2021-12-21 10:25:08.193root 11241100x8000000000000000345438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dacbc24940813152021-12-21 10:25:08.193root 11241100x8000000000000000345439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed6272732be4dca2021-12-21 10:25:08.193root 11241100x8000000000000000345440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1d499b73e1b8962021-12-21 10:25:08.193root 11241100x8000000000000000345441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011320cd690b2c8d2021-12-21 10:25:08.693root 11241100x8000000000000000345442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afbfa9ea8db578e2021-12-21 10:25:08.693root 11241100x8000000000000000345443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e523bf71623df0212021-12-21 10:25:08.693root 11241100x8000000000000000345444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad7cf9f9693663b2021-12-21 10:25:08.693root 11241100x8000000000000000345445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699195f5222d61fe2021-12-21 10:25:08.693root 11241100x8000000000000000345446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50effc73b2978cf2021-12-21 10:25:08.693root 11241100x8000000000000000345447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05ef1df1b25c2262021-12-21 10:25:08.693root 11241100x8000000000000000345448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9ce7cf688b1dc82021-12-21 10:25:08.693root 11241100x8000000000000000345449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b952b56cadd3392021-12-21 10:25:08.694root 11241100x8000000000000000345450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fab58a93414c3fc2021-12-21 10:25:09.193root 11241100x8000000000000000345451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d4665900308dc12021-12-21 10:25:09.193root 11241100x8000000000000000345452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f2722eedb7f6672021-12-21 10:25:09.193root 11241100x8000000000000000345453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d04dee207d3e572021-12-21 10:25:09.193root 11241100x8000000000000000345454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3184f4d2b90cb0ba2021-12-21 10:25:09.193root 11241100x8000000000000000345455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015d95259e72203a2021-12-21 10:25:09.193root 11241100x8000000000000000345456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413139e94ad907b72021-12-21 10:25:09.193root 11241100x8000000000000000345457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef4735664be1ee72021-12-21 10:25:09.193root 11241100x8000000000000000345458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac755d7044bf3f532021-12-21 10:25:09.193root 23542300x8000000000000000345459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:09.351{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000345460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73fb3f7c171d6dea2021-12-21 10:25:09.693root 11241100x8000000000000000345461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.423af9892783ae9d2021-12-21 10:25:09.693root 11241100x8000000000000000345462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f873dbd5b563e12021-12-21 10:25:09.693root 11241100x8000000000000000345463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae4091aac8e2e252021-12-21 10:25:09.693root 11241100x8000000000000000345464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0259d03d8c74bbd2021-12-21 10:25:09.693root 11241100x8000000000000000345465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b182f99c6452812021-12-21 10:25:09.693root 11241100x8000000000000000345466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf8be57b109687b2021-12-21 10:25:09.694root 11241100x8000000000000000345467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf8384da5fe2d702021-12-21 10:25:09.694root 11241100x8000000000000000345468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88f466401bced3b2021-12-21 10:25:09.694root 11241100x8000000000000000345469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb67e2798fa36d92021-12-21 10:25:09.694root 11241100x8000000000000000345470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b3a62b619628022021-12-21 10:25:10.193root 11241100x8000000000000000345471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c8edab6bff62f82021-12-21 10:25:10.193root 11241100x8000000000000000345472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46188174225c3d682021-12-21 10:25:10.193root 11241100x8000000000000000345473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d839b14117188ed2021-12-21 10:25:10.193root 11241100x8000000000000000345474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7d7df1d75ba5b52021-12-21 10:25:10.193root 11241100x8000000000000000345475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149d3e4592cbf4012021-12-21 10:25:10.193root 11241100x8000000000000000345476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f88e235551a7e42021-12-21 10:25:10.193root 11241100x8000000000000000345477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae18d5ade590b6932021-12-21 10:25:10.193root 11241100x8000000000000000345478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0bca3bd2d775c872021-12-21 10:25:10.193root 11241100x8000000000000000345479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40def7b13c50b9de2021-12-21 10:25:10.194root 11241100x8000000000000000345480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e03761c5e2318312021-12-21 10:25:10.693root 11241100x8000000000000000345481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54d775d497dc5d582021-12-21 10:25:10.693root 11241100x8000000000000000345482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e7f32576a5eccd2021-12-21 10:25:10.693root 11241100x8000000000000000345483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f40779f097c181862021-12-21 10:25:10.693root 11241100x8000000000000000345484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc5f746e4df32282021-12-21 10:25:10.694root 11241100x8000000000000000345485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cdc15870facb4ff2021-12-21 10:25:10.694root 11241100x8000000000000000345486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70266a0935309cb82021-12-21 10:25:10.694root 11241100x8000000000000000345487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa398700d2e3fcfb2021-12-21 10:25:10.694root 11241100x8000000000000000345488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7026f49dd3044c002021-12-21 10:25:10.694root 11241100x8000000000000000345489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937847b64652e8e62021-12-21 10:25:10.694root 354300x8000000000000000345490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.102{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47070-false10.0.1.12-8000- 11241100x8000000000000000345491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.103{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d414c91cfa9a232021-12-21 10:25:11.103root 11241100x8000000000000000345492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.103{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d368633c657e65c52021-12-21 10:25:11.103root 11241100x8000000000000000345493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.103{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607a682a9b596ff92021-12-21 10:25:11.103root 11241100x8000000000000000345494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.103{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be4b959eb5b0aac2021-12-21 10:25:11.103root 11241100x8000000000000000345495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.103{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1231ed97df16a8dc2021-12-21 10:25:11.103root 11241100x8000000000000000345496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.103{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b9b992fc37d0222021-12-21 10:25:11.103root 11241100x8000000000000000345497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.103{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4107eee1081963332021-12-21 10:25:11.103root 11241100x8000000000000000345498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.104{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8b48be194af4532021-12-21 10:25:11.104root 11241100x8000000000000000345499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.104{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a839343be00f05bd2021-12-21 10:25:11.104root 11241100x8000000000000000345500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.104{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f4d507afced1bc2021-12-21 10:25:11.104root 11241100x8000000000000000345501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.104{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63986461a6f7c0d02021-12-21 10:25:11.104root 11241100x8000000000000000345502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a49d6493b60c3a2021-12-21 10:25:11.443root 11241100x8000000000000000345503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c537fdb92231ff722021-12-21 10:25:11.443root 11241100x8000000000000000345504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065bb5ee8d9d258b2021-12-21 10:25:11.443root 11241100x8000000000000000345505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e005ba858479cb3d2021-12-21 10:25:11.443root 11241100x8000000000000000345506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98007eb6fc56c2c2021-12-21 10:25:11.443root 11241100x8000000000000000345507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996b4f1b7669f2072021-12-21 10:25:11.443root 11241100x8000000000000000345508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2273de34aed6cb892021-12-21 10:25:11.443root 11241100x8000000000000000345509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ce7240af6437c12021-12-21 10:25:11.444root 11241100x8000000000000000345510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904a66d6b06e51d72021-12-21 10:25:11.444root 11241100x8000000000000000345511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1b3480c47f83762021-12-21 10:25:11.444root 11241100x8000000000000000345512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba13c2841a73e6012021-12-21 10:25:11.444root 11241100x8000000000000000345513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0329664f1ed8e262021-12-21 10:25:11.943root 11241100x8000000000000000345514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a57006bd674d672021-12-21 10:25:11.943root 11241100x8000000000000000345515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15da14f4bec499b52021-12-21 10:25:11.943root 11241100x8000000000000000345516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501d14bb7470fd2a2021-12-21 10:25:11.943root 11241100x8000000000000000345517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c2828e724d53862021-12-21 10:25:11.943root 11241100x8000000000000000345518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5d3fa56a2de8d72021-12-21 10:25:11.943root 11241100x8000000000000000345519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd846d2abe5843062021-12-21 10:25:11.943root 11241100x8000000000000000345520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d32b367e2342c72021-12-21 10:25:11.944root 11241100x8000000000000000345521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e84a3b49cdb5792021-12-21 10:25:11.944root 11241100x8000000000000000345522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85cdd4eda4ad559e2021-12-21 10:25:11.944root 11241100x8000000000000000345523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ed8f97a13a48d42021-12-21 10:25:11.944root 11241100x8000000000000000345524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0b899922d6fb282021-12-21 10:25:12.443root 11241100x8000000000000000345525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4038c7f195e515c22021-12-21 10:25:12.443root 11241100x8000000000000000345526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107dc73f23d0aaec2021-12-21 10:25:12.443root 11241100x8000000000000000345527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e2676a276f4a992021-12-21 10:25:12.443root 11241100x8000000000000000345528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d562063773c5dcdb2021-12-21 10:25:12.443root 11241100x8000000000000000345529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4c482f4018c4932021-12-21 10:25:12.443root 11241100x8000000000000000345530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30fd6b2c4cc2e03c2021-12-21 10:25:12.443root 11241100x8000000000000000345531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ccd47df6c78b6d82021-12-21 10:25:12.443root 11241100x8000000000000000345532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68cca8bc0704230f2021-12-21 10:25:12.444root 11241100x8000000000000000345533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1adb731f77753c2021-12-21 10:25:12.444root 11241100x8000000000000000345534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f554910c68a150e2021-12-21 10:25:12.444root 11241100x8000000000000000345535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da18feb86072e39e2021-12-21 10:25:12.943root 11241100x8000000000000000345536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107fb3decac4877f2021-12-21 10:25:12.943root 11241100x8000000000000000345537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341ee55a4fb66e262021-12-21 10:25:12.943root 11241100x8000000000000000345538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b98337312295362021-12-21 10:25:12.944root 11241100x8000000000000000345539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03a2965eadb625c2021-12-21 10:25:12.944root 11241100x8000000000000000345540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a602a7fffffdac842021-12-21 10:25:12.944root 11241100x8000000000000000345541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34a8092f4e0f0582021-12-21 10:25:12.944root 11241100x8000000000000000345542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fccbad345a06c8752021-12-21 10:25:12.944root 11241100x8000000000000000345543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d72c962bd016a932021-12-21 10:25:12.944root 11241100x8000000000000000345544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78fb6140a4f4c7b82021-12-21 10:25:12.944root 11241100x8000000000000000345545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbb285cf7db340d2021-12-21 10:25:12.944root 11241100x8000000000000000345546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce2e67f7743470b2021-12-21 10:25:13.443root 11241100x8000000000000000345547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885dfe4faf35b5cd2021-12-21 10:25:13.443root 11241100x8000000000000000345548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.191d38ea81f437362021-12-21 10:25:13.443root 11241100x8000000000000000345549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd56bc041e4490842021-12-21 10:25:13.443root 11241100x8000000000000000345550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8554e0e9d0dbc42021-12-21 10:25:13.443root 11241100x8000000000000000345551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b076353195419522021-12-21 10:25:13.443root 11241100x8000000000000000345552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3020621cbcbc8f2021-12-21 10:25:13.443root 11241100x8000000000000000345553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28e61f4691a7aa7c2021-12-21 10:25:13.443root 11241100x8000000000000000345554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb74105476df4a812021-12-21 10:25:13.444root 11241100x8000000000000000345555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22256125795eb09e2021-12-21 10:25:13.444root 11241100x8000000000000000345556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c1fadfcd6da0ff2021-12-21 10:25:13.444root 11241100x8000000000000000345557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b49c8b64ff8be82021-12-21 10:25:13.943root 11241100x8000000000000000345558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66275f6de58bbbd2021-12-21 10:25:13.943root 11241100x8000000000000000345559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d09087ac2262602021-12-21 10:25:13.943root 11241100x8000000000000000345560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d59a684b3204182021-12-21 10:25:13.943root 11241100x8000000000000000345561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3813fe9ced58301e2021-12-21 10:25:13.943root 11241100x8000000000000000345562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b4c3b6c84e34a62021-12-21 10:25:13.943root 11241100x8000000000000000345563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ec3eb9307c4a172021-12-21 10:25:13.944root 11241100x8000000000000000345564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eab16171ddb913b2021-12-21 10:25:13.944root 11241100x8000000000000000345565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5ccc2dd9f6d11f2021-12-21 10:25:13.944root 11241100x8000000000000000345566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17eea57453d9c0fe2021-12-21 10:25:13.944root 11241100x8000000000000000345567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640cd09aef2b270b2021-12-21 10:25:13.944root 154100x8000000000000000345568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:14.048{ec2b6afe-ab8a-61c1-6874-5ed849560000}5694/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x8000000000000000345569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:14.059{ec2b6afe-ab8a-61c1-6874-5ed849560000}5694/bin/psroot 11241100x8000000000000000345570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74a2b83b60107142021-12-21 10:25:14.443root 11241100x8000000000000000345571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031ac2cd605bde972021-12-21 10:25:14.443root 11241100x8000000000000000345572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a6695eb2d327962021-12-21 10:25:14.443root 11241100x8000000000000000345573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed36167d5cb01a692021-12-21 10:25:14.443root 11241100x8000000000000000345574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb7fa212d99a63f2021-12-21 10:25:14.443root 11241100x8000000000000000345575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d26f96025dad2e382021-12-21 10:25:14.444root 11241100x8000000000000000345576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c10cd62f44234fd2021-12-21 10:25:14.444root 11241100x8000000000000000345577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f533fc533c26bf672021-12-21 10:25:14.444root 11241100x8000000000000000345578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2182df9f11d9f762021-12-21 10:25:14.444root 11241100x8000000000000000345579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586ae5e931dde1832021-12-21 10:25:14.444root 11241100x8000000000000000345580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293b1cc2047f872e2021-12-21 10:25:14.444root 11241100x8000000000000000345581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ac3fdc656792bf2021-12-21 10:25:14.444root 11241100x8000000000000000345582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68405871aeec3682021-12-21 10:25:14.444root 11241100x8000000000000000345583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999c4e76917078932021-12-21 10:25:14.943root 11241100x8000000000000000345584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5378f7a3d450dd8d2021-12-21 10:25:14.943root 11241100x8000000000000000345585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baeecdb80cf068eb2021-12-21 10:25:14.943root 11241100x8000000000000000345586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f74b4e527892fc52021-12-21 10:25:14.943root 11241100x8000000000000000345587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b260a383559bfe3b2021-12-21 10:25:14.943root 11241100x8000000000000000345588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f738f9f10f4545042021-12-21 10:25:14.943root 11241100x8000000000000000345589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5bcd2ea394fedf2021-12-21 10:25:14.943root 11241100x8000000000000000345590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb77ae4a76d2917c2021-12-21 10:25:14.944root 11241100x8000000000000000345591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec091989dd97334d2021-12-21 10:25:14.944root 11241100x8000000000000000345592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acdf5abca73544f02021-12-21 10:25:14.944root 11241100x8000000000000000345593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f3dfdd898b309e2021-12-21 10:25:14.944root 11241100x8000000000000000345594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6c86378f1074e82021-12-21 10:25:14.944root 11241100x8000000000000000345595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6266902c27977e2021-12-21 10:25:14.944root 11241100x8000000000000000345596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da01dc6b4e9a5d612021-12-21 10:25:15.443root 11241100x8000000000000000345597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae6a12f54bf202f92021-12-21 10:25:15.443root 11241100x8000000000000000345598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db183ea9402c04a2021-12-21 10:25:15.443root 11241100x8000000000000000345599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb6c43bffc2d57d02021-12-21 10:25:15.443root 11241100x8000000000000000345600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec8c6672cb864982021-12-21 10:25:15.443root 11241100x8000000000000000345601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599358817c125f762021-12-21 10:25:15.444root 11241100x8000000000000000345602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5b8ec252ded4552021-12-21 10:25:15.444root 11241100x8000000000000000345603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ad4cff3c3691972021-12-21 10:25:15.444root 11241100x8000000000000000345604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655f164d6cf43ac42021-12-21 10:25:15.444root 11241100x8000000000000000345605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6373554e11a526e02021-12-21 10:25:15.444root 11241100x8000000000000000345606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283ebb949a5fa4912021-12-21 10:25:15.444root 11241100x8000000000000000345607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468a2cfc5dc7fa542021-12-21 10:25:15.445root 11241100x8000000000000000345608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b5ae4be717244f2021-12-21 10:25:15.445root 11241100x8000000000000000345609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19e880a5d7a4ef722021-12-21 10:25:15.943root 11241100x8000000000000000345610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c52f38907cad532021-12-21 10:25:15.943root 11241100x8000000000000000345611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f07f72b1baa1fc2021-12-21 10:25:15.943root 11241100x8000000000000000345612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d689e9818dc1f072021-12-21 10:25:15.943root 11241100x8000000000000000345613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2823b899d1ded22021-12-21 10:25:15.943root 11241100x8000000000000000345614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641965e31a7cfe882021-12-21 10:25:15.944root 11241100x8000000000000000345615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9adf5b99402d92a12021-12-21 10:25:15.944root 11241100x8000000000000000345616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ef6c5ed89f72862021-12-21 10:25:15.944root 11241100x8000000000000000345617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a0d0dc6776382f2021-12-21 10:25:15.944root 11241100x8000000000000000345618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4718c267adf2e1aa2021-12-21 10:25:15.944root 11241100x8000000000000000345619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b053e5e1d8bcdab72021-12-21 10:25:15.944root 11241100x8000000000000000345620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13396bd5581275582021-12-21 10:25:15.944root 11241100x8000000000000000345621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1833d28a53a3992021-12-21 10:25:15.945root 354300x8000000000000000345622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:16.226{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47072-false10.0.1.12-8000- 11241100x8000000000000000345623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:16.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2742941a5b645e7b2021-12-21 10:25:16.227root 11241100x8000000000000000345624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:16.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef2e6f464b508502021-12-21 10:25:16.227root 11241100x8000000000000000345625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:16.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04772dd7d706fa52021-12-21 10:25:16.227root 11241100x8000000000000000345626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:16.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6164eb5bb4aca9af2021-12-21 10:25:16.227root 11241100x8000000000000000345627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:16.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75ae6e5f66b5c312021-12-21 10:25:16.227root 11241100x8000000000000000345628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:16.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85b391d74ba90e32021-12-21 10:25:16.227root 11241100x8000000000000000345629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:16.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53f8323047f185a32021-12-21 10:25:16.228root 11241100x8000000000000000345630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:16.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d3437014c651032021-12-21 10:25:16.228root 11241100x8000000000000000345631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:16.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089a87f3f8e0d1e62021-12-21 10:25:16.228root 11241100x8000000000000000345632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:16.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e44f21585308da2021-12-21 10:25:16.228root 11241100x8000000000000000345633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:16.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b7a480d86eed152021-12-21 10:25:16.228root 11241100x8000000000000000345634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:16.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2c35cac01f3aff2021-12-21 10:25:16.228root 11241100x8000000000000000345635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:16.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b69a11455ba7f72021-12-21 10:25:16.228root 11241100x8000000000000000345636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:16.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec87dc31edff9dd72021-12-21 10:25:16.228root 11241100x8000000000000000345637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b85a949a09c3802021-12-21 10:25:16.693root 11241100x8000000000000000345638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e628a114b946682021-12-21 10:25:16.693root 11241100x8000000000000000345639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2050ed81657aa1752021-12-21 10:25:16.693root 11241100x8000000000000000345640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c0740260e8a8642021-12-21 10:25:16.693root 11241100x8000000000000000345641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57f156574fe5324c2021-12-21 10:25:16.693root 11241100x8000000000000000345642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06204e8be814e1562021-12-21 10:25:16.693root 11241100x8000000000000000345643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23b4199cbf4b89c2021-12-21 10:25:16.693root 11241100x8000000000000000345644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac268760bf3dab132021-12-21 10:25:16.693root 11241100x8000000000000000345645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6deb0a3ad3699f282021-12-21 10:25:16.694root 11241100x8000000000000000345646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19f9a6d2d62801a2021-12-21 10:25:16.694root 11241100x8000000000000000345647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed2fa89a63292aa2021-12-21 10:25:16.694root 11241100x8000000000000000345648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14df3d501a0d4422021-12-21 10:25:16.694root 11241100x8000000000000000345649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40cdaf8ffcc4c8da2021-12-21 10:25:16.694root 11241100x8000000000000000345650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422bb14137ce3d1b2021-12-21 10:25:16.695root 11241100x8000000000000000345651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c281c19964b2e4482021-12-21 10:25:17.193root 11241100x8000000000000000345652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff9a2d7dfcd8cc82021-12-21 10:25:17.193root 11241100x8000000000000000345653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66619802e67553cc2021-12-21 10:25:17.193root 11241100x8000000000000000345654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d86ef54543c078a2021-12-21 10:25:17.194root 11241100x8000000000000000345655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9be7cee7d82870b2021-12-21 10:25:17.194root 11241100x8000000000000000345656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a574e2bfab58ab502021-12-21 10:25:17.194root 11241100x8000000000000000345657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2bd5dfbaedf1f82021-12-21 10:25:17.195root 11241100x8000000000000000345658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bbeee91fd51e282021-12-21 10:25:17.195root 11241100x8000000000000000345659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb73759bdc975ab92021-12-21 10:25:17.195root 11241100x8000000000000000345660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e41abe1c4bf25e2021-12-21 10:25:17.196root 11241100x8000000000000000345661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27ae49da5ad4d322021-12-21 10:25:17.196root 11241100x8000000000000000345662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2ef63f7eac1ed32021-12-21 10:25:17.196root 11241100x8000000000000000345663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214eda2290d9109d2021-12-21 10:25:17.196root 11241100x8000000000000000345664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:17.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45d70bfeca1f99a2021-12-21 10:25:17.197root 11241100x8000000000000000345665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7354efb4aac8786b2021-12-21 10:25:17.693root 11241100x8000000000000000345666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa24a1ce8330a2232021-12-21 10:25:17.693root 11241100x8000000000000000345667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781e85ebe136c0872021-12-21 10:25:17.694root 11241100x8000000000000000345668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729d7254b7b208352021-12-21 10:25:17.694root 11241100x8000000000000000345669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d857c6b146791e972021-12-21 10:25:17.694root 11241100x8000000000000000345670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f383c0da5d8fac452021-12-21 10:25:17.694root 11241100x8000000000000000345671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88963b12da1719482021-12-21 10:25:17.695root 11241100x8000000000000000345672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d018b59a6b33b1c42021-12-21 10:25:17.695root 11241100x8000000000000000345673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39803630b557e0e32021-12-21 10:25:17.695root 11241100x8000000000000000345674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077950f2e915a6612021-12-21 10:25:17.695root 11241100x8000000000000000345675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:17.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223953f8859a5df82021-12-21 10:25:17.696root 11241100x8000000000000000345676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:17.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94797afe4ba06f042021-12-21 10:25:17.696root 11241100x8000000000000000345677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:17.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978619b0d442f34b2021-12-21 10:25:17.696root 11241100x8000000000000000345678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:17.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909311222094e3072021-12-21 10:25:17.697root 11241100x8000000000000000345679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8903bbcb90671daa2021-12-21 10:25:18.193root 11241100x8000000000000000345680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22fedfe32110ac382021-12-21 10:25:18.194root 11241100x8000000000000000345681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7694890b90aad9872021-12-21 10:25:18.194root 11241100x8000000000000000345682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9283708bee3ccc82021-12-21 10:25:18.194root 11241100x8000000000000000345683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1286cc67fded058a2021-12-21 10:25:18.195root 11241100x8000000000000000345684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1385435ee723ac42021-12-21 10:25:18.195root 11241100x8000000000000000345685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7847d9ae24aa8b2021-12-21 10:25:18.195root 11241100x8000000000000000345686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0128488ad94e26992021-12-21 10:25:18.196root 11241100x8000000000000000345687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5dae60c0abc44812021-12-21 10:25:18.196root 11241100x8000000000000000345688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa85b104d9a12d4c2021-12-21 10:25:18.196root 11241100x8000000000000000345689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdefd6be93b3c0982021-12-21 10:25:18.196root 11241100x8000000000000000345690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de61ec1dd1501752021-12-21 10:25:18.196root 11241100x8000000000000000345691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e526bb8b8714a822021-12-21 10:25:18.196root 11241100x8000000000000000345692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e30f2ae70111682021-12-21 10:25:18.196root 11241100x8000000000000000345693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf21e9666580a18e2021-12-21 10:25:18.693root 11241100x8000000000000000345694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f89231b11b23e72021-12-21 10:25:18.693root 11241100x8000000000000000345695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace7c9af0eb77e882021-12-21 10:25:18.693root 11241100x8000000000000000345696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46c9c7990b7bc2f2021-12-21 10:25:18.694root 11241100x8000000000000000345697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfd1c8446ce0d972021-12-21 10:25:18.694root 11241100x8000000000000000345698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ed04a8dcb961f92021-12-21 10:25:18.695root 11241100x8000000000000000345699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa922f3150d44bde2021-12-21 10:25:18.695root 11241100x8000000000000000345700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9c52155804aeef92021-12-21 10:25:18.695root 11241100x8000000000000000345701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2ce87a30ab78602021-12-21 10:25:18.695root 11241100x8000000000000000345702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802dd9b7278b4a3a2021-12-21 10:25:18.695root 11241100x8000000000000000345703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154c5af1304a800a2021-12-21 10:25:18.695root 11241100x8000000000000000345704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79586eb1a24407452021-12-21 10:25:18.696root 11241100x8000000000000000345705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8446871fe3a4012021-12-21 10:25:18.696root 11241100x8000000000000000345706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b4fd7b1c86114a2021-12-21 10:25:18.696root 11241100x8000000000000000345707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53435c86507b7b6e2021-12-21 10:25:19.193root 11241100x8000000000000000345708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5faa745e7376da2021-12-21 10:25:19.193root 11241100x8000000000000000345709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c978f31ab3bc522021-12-21 10:25:19.193root 11241100x8000000000000000345710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457c0923aae361b32021-12-21 10:25:19.194root 11241100x8000000000000000345711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feae3274714b33892021-12-21 10:25:19.194root 11241100x8000000000000000345712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf09fe0797f3dd32021-12-21 10:25:19.194root 11241100x8000000000000000345713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2245bea5d346aa372021-12-21 10:25:19.194root 11241100x8000000000000000345714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a5796f068d943402021-12-21 10:25:19.194root 11241100x8000000000000000345715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc3e0c710b117c72021-12-21 10:25:19.194root 11241100x8000000000000000345716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34fa79c597765ecf2021-12-21 10:25:19.194root 11241100x8000000000000000345717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f026396a3032872021-12-21 10:25:19.194root 11241100x8000000000000000345718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832dd9c487bf86282021-12-21 10:25:19.194root 11241100x8000000000000000345719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3750a7a3e0d66c2021-12-21 10:25:19.195root 11241100x8000000000000000345720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02c5523e06a50702021-12-21 10:25:19.195root 11241100x8000000000000000345721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11cc0ae58b32867a2021-12-21 10:25:19.693root 11241100x8000000000000000345722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5caf7a8b7f9551cc2021-12-21 10:25:19.693root 11241100x8000000000000000345723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f579ca13eacce2232021-12-21 10:25:19.694root 11241100x8000000000000000345724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dafbbdfc21619202021-12-21 10:25:19.695root 11241100x8000000000000000345725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081b362af31dcef52021-12-21 10:25:19.695root 11241100x8000000000000000345726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f093558a97fbaa2021-12-21 10:25:19.695root 11241100x8000000000000000345727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f29655ebe7449442021-12-21 10:25:19.695root 11241100x8000000000000000345728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ffd4c6aa8168b52021-12-21 10:25:19.695root 11241100x8000000000000000345729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12acd658aa7cbecc2021-12-21 10:25:19.695root 11241100x8000000000000000345730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa67f42e241930c42021-12-21 10:25:19.696root 11241100x8000000000000000345731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8766c07a32f1fa2021-12-21 10:25:19.696root 11241100x8000000000000000345732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc799084a4f227312021-12-21 10:25:19.696root 11241100x8000000000000000345733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffaa938e9b574d192021-12-21 10:25:19.696root 11241100x8000000000000000345734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0ef3a385d26bd72021-12-21 10:25:19.696root 11241100x8000000000000000345735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf3ab8759723bcf2021-12-21 10:25:20.193root 11241100x8000000000000000345736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deaf729d725b06152021-12-21 10:25:20.193root 11241100x8000000000000000345737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff29fd9e561f24112021-12-21 10:25:20.193root 11241100x8000000000000000345738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c51ccc741ee5d5b2021-12-21 10:25:20.194root 11241100x8000000000000000345739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6edd189ac483832021-12-21 10:25:20.194root 11241100x8000000000000000345740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7506071427463b1d2021-12-21 10:25:20.194root 11241100x8000000000000000345741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898dfbaec7a75a2a2021-12-21 10:25:20.194root 11241100x8000000000000000345742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251e6fb6cdefbe102021-12-21 10:25:20.194root 11241100x8000000000000000345743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8098273c65d0fc422021-12-21 10:25:20.194root 11241100x8000000000000000345744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc586aeb8f8b6f4f2021-12-21 10:25:20.194root 11241100x8000000000000000345745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecda589f7bb5b9a42021-12-21 10:25:20.194root 11241100x8000000000000000345746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd6c2154148297a2021-12-21 10:25:20.194root 11241100x8000000000000000345747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e1514d17a77d712021-12-21 10:25:20.195root 11241100x8000000000000000345748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6efbb69309b4b8fc2021-12-21 10:25:20.195root 11241100x8000000000000000345749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837e809e6f651d912021-12-21 10:25:20.693root 11241100x8000000000000000345750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4241bece2eaabf802021-12-21 10:25:20.693root 11241100x8000000000000000345751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d855aec8fb62382021-12-21 10:25:20.693root 11241100x8000000000000000345752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07eb7507b3aefde2021-12-21 10:25:20.693root 11241100x8000000000000000345753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433d8c1617a4928e2021-12-21 10:25:20.694root 11241100x8000000000000000345754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55717eacd7169e3c2021-12-21 10:25:20.694root 11241100x8000000000000000345755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64eccd9f3dd48e022021-12-21 10:25:20.694root 11241100x8000000000000000345756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aec31e5d743fad62021-12-21 10:25:20.694root 11241100x8000000000000000345757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a918a236aa244892021-12-21 10:25:20.694root 11241100x8000000000000000345758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d98089efda67e6e12021-12-21 10:25:20.694root 11241100x8000000000000000345759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf12690a76ed2e372021-12-21 10:25:20.694root 11241100x8000000000000000345760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78f073664a0108a92021-12-21 10:25:20.694root 11241100x8000000000000000345761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63cbe3984477e21f2021-12-21 10:25:20.694root 11241100x8000000000000000345762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1124586d53f972a2021-12-21 10:25:20.694root 11241100x8000000000000000345763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1c9bd778f3eb832021-12-21 10:25:21.193root 11241100x8000000000000000345764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81b09ef1d8f7f372021-12-21 10:25:21.193root 11241100x8000000000000000345765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eed3f6e49e51fed2021-12-21 10:25:21.193root 11241100x8000000000000000345766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b0417abadfc8762021-12-21 10:25:21.193root 11241100x8000000000000000345767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d98bb9f4b5b4ee2021-12-21 10:25:21.193root 11241100x8000000000000000345768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db52ff5c4e67cb42021-12-21 10:25:21.193root 11241100x8000000000000000345769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6198e41995388192021-12-21 10:25:21.194root 11241100x8000000000000000345770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c32b9dc1705fb62021-12-21 10:25:21.194root 11241100x8000000000000000345771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe23cada59110e22021-12-21 10:25:21.194root 11241100x8000000000000000345772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8409545b6cf07372021-12-21 10:25:21.194root 11241100x8000000000000000345773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae80f28d3421fc192021-12-21 10:25:21.194root 11241100x8000000000000000345774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a885f010b62e2b512021-12-21 10:25:21.194root 11241100x8000000000000000345775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639ebf51af1551032021-12-21 10:25:21.194root 11241100x8000000000000000345776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed304908adf24a5c2021-12-21 10:25:21.194root 11241100x8000000000000000345777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd070ee5bf4a83f82021-12-21 10:25:21.693root 11241100x8000000000000000345778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59a8fb21afa44052021-12-21 10:25:21.693root 11241100x8000000000000000345779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a4a23b4a61c9932021-12-21 10:25:21.693root 11241100x8000000000000000345780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1055a6aa2347862021-12-21 10:25:21.693root 11241100x8000000000000000345781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371193c49098218b2021-12-21 10:25:21.693root 11241100x8000000000000000345782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4a775e9c3449192021-12-21 10:25:21.694root 11241100x8000000000000000345783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d09a47a37d36782021-12-21 10:25:21.694root 11241100x8000000000000000345784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25cd34c8335900ea2021-12-21 10:25:21.694root 11241100x8000000000000000345785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4aa61c964b6b7812021-12-21 10:25:21.694root 11241100x8000000000000000345786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a199adaa8faa28e82021-12-21 10:25:21.694root 11241100x8000000000000000345787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aaccfb831fc7ca82021-12-21 10:25:21.694root 11241100x8000000000000000345788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d19379e04e84fc2021-12-21 10:25:21.694root 11241100x8000000000000000345789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a2309830ad084d2021-12-21 10:25:21.694root 11241100x8000000000000000345790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f46e80173d2f2c2021-12-21 10:25:21.694root 354300x8000000000000000345791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.114{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47074-false10.0.1.12-8000- 11241100x8000000000000000345792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab05c6a1131d00272021-12-21 10:25:22.115root 11241100x8000000000000000345793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86cf7076b155d3de2021-12-21 10:25:22.115root 11241100x8000000000000000345794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27179c34e45197b62021-12-21 10:25:22.115root 11241100x8000000000000000345795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.115{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5015ce47b4482f2021-12-21 10:25:22.115root 11241100x8000000000000000345796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a788577ad7aa7222021-12-21 10:25:22.116root 11241100x8000000000000000345797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0b7694bf385add2021-12-21 10:25:22.116root 11241100x8000000000000000345798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e018de053a575d9a2021-12-21 10:25:22.116root 11241100x8000000000000000345799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca331f71d48646cb2021-12-21 10:25:22.116root 11241100x8000000000000000345800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbca2300db24f2222021-12-21 10:25:22.116root 11241100x8000000000000000345801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8be835d357de452021-12-21 10:25:22.116root 11241100x8000000000000000345802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbcb692857e9ee2b2021-12-21 10:25:22.116root 11241100x8000000000000000345803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c2c6d6e18c1c422021-12-21 10:25:22.116root 11241100x8000000000000000345804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2faef8a92e826c2021-12-21 10:25:22.116root 11241100x8000000000000000345805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.116{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12639134e9b3ae082021-12-21 10:25:22.116root 11241100x8000000000000000345806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7687052573d41a2021-12-21 10:25:22.117root 11241100x8000000000000000345807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a89e198f77dcc1b2021-12-21 10:25:22.117root 11241100x8000000000000000345808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f59e2012634d3be2021-12-21 10:25:22.117root 11241100x8000000000000000345809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a684dbed52144d672021-12-21 10:25:22.117root 11241100x8000000000000000345810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21b8bf09bc9b58102021-12-21 10:25:22.117root 11241100x8000000000000000345811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af88127104dc9032021-12-21 10:25:22.117root 11241100x8000000000000000345812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d3274e01427eb52021-12-21 10:25:22.117root 11241100x8000000000000000345813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.117{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4a45a65b276b812021-12-21 10:25:22.117root 11241100x8000000000000000345814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc304641c2f01daf2021-12-21 10:25:22.443root 11241100x8000000000000000345815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf349df150ad09252021-12-21 10:25:22.443root 11241100x8000000000000000345816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa20341760163452021-12-21 10:25:22.443root 11241100x8000000000000000345817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7069810860062e232021-12-21 10:25:22.443root 11241100x8000000000000000345818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b808d45611b15c52021-12-21 10:25:22.443root 11241100x8000000000000000345819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2502682db550d502021-12-21 10:25:22.443root 11241100x8000000000000000345820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0e8c64b87614df2021-12-21 10:25:22.443root 11241100x8000000000000000345821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c2bd3d11801ba52021-12-21 10:25:22.444root 11241100x8000000000000000345822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5274ed7ed612322021-12-21 10:25:22.444root 11241100x8000000000000000345823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.613a70921b21700b2021-12-21 10:25:22.444root 11241100x8000000000000000345824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8408b96bb3e797ca2021-12-21 10:25:22.444root 11241100x8000000000000000345825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03bf2a6305fa05e2021-12-21 10:25:22.444root 11241100x8000000000000000345826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f6d887b890ac702021-12-21 10:25:22.444root 11241100x8000000000000000345827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fdde6cac1b608942021-12-21 10:25:22.444root 11241100x8000000000000000345828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a9b0275b39488c2021-12-21 10:25:22.444root 11241100x8000000000000000345829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4860e04180884c2021-12-21 10:25:22.943root 11241100x8000000000000000345830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67dd684ba29c54062021-12-21 10:25:22.943root 11241100x8000000000000000345831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10118c23e1e886092021-12-21 10:25:22.943root 11241100x8000000000000000345832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1fb82300c3673f72021-12-21 10:25:22.943root 11241100x8000000000000000345833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aebac546db2fe6ef2021-12-21 10:25:22.943root 11241100x8000000000000000345834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aff1314ba6915f22021-12-21 10:25:22.943root 11241100x8000000000000000345835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79106eeee2f6e4a2021-12-21 10:25:22.943root 11241100x8000000000000000345836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b0304e6afefa432021-12-21 10:25:22.944root 11241100x8000000000000000345837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c108da0abc74b892021-12-21 10:25:22.944root 11241100x8000000000000000345838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a6291ed4d06aef52021-12-21 10:25:22.944root 11241100x8000000000000000345839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e56976e8486abf2021-12-21 10:25:22.944root 11241100x8000000000000000345840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff24c7a1d0e4b5a52021-12-21 10:25:22.944root 11241100x8000000000000000345841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff10340d55c44cd82021-12-21 10:25:22.944root 11241100x8000000000000000345842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9089413eb30d022021-12-21 10:25:22.944root 11241100x8000000000000000345843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3235d37e4738172b2021-12-21 10:25:22.944root 11241100x8000000000000000345844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e16647d8781a832021-12-21 10:25:23.443root 11241100x8000000000000000345845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7ca49c027ec6d22021-12-21 10:25:23.443root 11241100x8000000000000000345846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755ef4a8bd2267b82021-12-21 10:25:23.443root 11241100x8000000000000000345847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103834733fc353a82021-12-21 10:25:23.443root 11241100x8000000000000000345848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912bfe7e67b415e62021-12-21 10:25:23.444root 11241100x8000000000000000345849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf4c66621449de72021-12-21 10:25:23.444root 11241100x8000000000000000345850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59972ae4b785afd2021-12-21 10:25:23.444root 11241100x8000000000000000345851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a015bb3190440d92021-12-21 10:25:23.444root 11241100x8000000000000000345852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be775bb9296b7222021-12-21 10:25:23.444root 11241100x8000000000000000345853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1962ae1a4ca25f972021-12-21 10:25:23.444root 11241100x8000000000000000345854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7a73cbf92df4212021-12-21 10:25:23.444root 11241100x8000000000000000345855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4716d57c809212d2021-12-21 10:25:23.445root 11241100x8000000000000000345856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd53d8b93ec0cb982021-12-21 10:25:23.445root 11241100x8000000000000000345857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80239071aaff9b92021-12-21 10:25:23.445root 11241100x8000000000000000345858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d389131676fb85c2021-12-21 10:25:23.445root 11241100x8000000000000000345859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e539f0a7cf149d0b2021-12-21 10:25:23.943root 11241100x8000000000000000345860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee819125669aa9d32021-12-21 10:25:23.943root 11241100x8000000000000000345861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e85c8a2b98ab35892021-12-21 10:25:23.943root 11241100x8000000000000000345862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d69c4be5e4cc822021-12-21 10:25:23.943root 11241100x8000000000000000345863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a41d64d12c8271f2021-12-21 10:25:23.943root 11241100x8000000000000000345864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165dfbea4b4386852021-12-21 10:25:23.944root 11241100x8000000000000000345865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae77ded6a1e1cddb2021-12-21 10:25:23.944root 11241100x8000000000000000345866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73fc2dc1025e311d2021-12-21 10:25:23.944root 11241100x8000000000000000345867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437172fe43d3f2fb2021-12-21 10:25:23.944root 11241100x8000000000000000345868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725dfa8d4462b5422021-12-21 10:25:23.944root 11241100x8000000000000000345869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88c33b24c52d0792021-12-21 10:25:23.944root 11241100x8000000000000000345870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.210aba30cc2de4012021-12-21 10:25:23.944root 11241100x8000000000000000345871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a685b50043b319272021-12-21 10:25:23.944root 11241100x8000000000000000345872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47492605da6bdc092021-12-21 10:25:23.944root 11241100x8000000000000000345873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b77db21ec5af6d2021-12-21 10:25:23.945root 11241100x8000000000000000345874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461531c88cab6e162021-12-21 10:25:24.443root 11241100x8000000000000000345875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f76412c84d058192021-12-21 10:25:24.443root 11241100x8000000000000000345876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c3c1d9a44746472021-12-21 10:25:24.443root 11241100x8000000000000000345877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db5b8d5746533382021-12-21 10:25:24.443root 11241100x8000000000000000345878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645cd7668c393cf32021-12-21 10:25:24.443root 11241100x8000000000000000345879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d18ca89b4d6c21c2021-12-21 10:25:24.444root 11241100x8000000000000000345880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef832d7dab9ee372021-12-21 10:25:24.444root 11241100x8000000000000000345881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e020316e3648a4292021-12-21 10:25:24.444root 11241100x8000000000000000345882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d12898d015520f2021-12-21 10:25:24.444root 11241100x8000000000000000345883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6de5c4e55f8d0e2021-12-21 10:25:24.444root 11241100x8000000000000000345884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b70b4dddf2aaaf2021-12-21 10:25:24.444root 11241100x8000000000000000345885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfb2f3e2bc590832021-12-21 10:25:24.444root 11241100x8000000000000000345886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9df64eb21f3e9a2021-12-21 10:25:24.445root 11241100x8000000000000000345887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8aebc9afc97d1472021-12-21 10:25:24.445root 11241100x8000000000000000345888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab58d1a5d5d391e92021-12-21 10:25:24.445root 11241100x8000000000000000345889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff57a22047802b62021-12-21 10:25:24.943root 11241100x8000000000000000345890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0da7185c3d68762021-12-21 10:25:24.943root 11241100x8000000000000000345891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648501333c39dd892021-12-21 10:25:24.944root 11241100x8000000000000000345892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8283e91dd06f1e002021-12-21 10:25:24.944root 11241100x8000000000000000345893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077984f1fd38235b2021-12-21 10:25:24.944root 11241100x8000000000000000345894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37b12576e2ae2492021-12-21 10:25:24.944root 11241100x8000000000000000345895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774ed78d3ce9f75f2021-12-21 10:25:24.944root 11241100x8000000000000000345896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89c4a5021c95b9742021-12-21 10:25:24.944root 11241100x8000000000000000345897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5080020554a950de2021-12-21 10:25:24.944root 11241100x8000000000000000345898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6926aca6ad081b2021-12-21 10:25:24.944root 11241100x8000000000000000345899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f11e8333f1d3c12021-12-21 10:25:24.944root 11241100x8000000000000000345900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f341fe08ff12e5a02021-12-21 10:25:24.945root 11241100x8000000000000000345901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ecb13ae5351fdb12021-12-21 10:25:24.945root 11241100x8000000000000000345902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0198f14c85ddb0f2021-12-21 10:25:24.945root 11241100x8000000000000000345903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24c80bad14628aa2021-12-21 10:25:24.945root 354300x8000000000000000345904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.091{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-34140-false10.0.1.12-8089- 11241100x8000000000000000345905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be784c2a9f4a23712021-12-21 10:25:25.443root 11241100x8000000000000000345906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4dac381cc151bc2021-12-21 10:25:25.443root 11241100x8000000000000000345907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30025fcb869af57a2021-12-21 10:25:25.443root 11241100x8000000000000000345908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8980b413abb751e92021-12-21 10:25:25.443root 11241100x8000000000000000345909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ee13d143c71e532021-12-21 10:25:25.443root 11241100x8000000000000000345910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6b798b0019c7ed2021-12-21 10:25:25.443root 11241100x8000000000000000345911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a63bbc0e33be602021-12-21 10:25:25.443root 11241100x8000000000000000345912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a38e5b0774158a2b2021-12-21 10:25:25.443root 11241100x8000000000000000345913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0df79f110dc341c2021-12-21 10:25:25.443root 11241100x8000000000000000345914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca091075ad47671c2021-12-21 10:25:25.443root 11241100x8000000000000000345915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9450f05d8d4cf7d62021-12-21 10:25:25.444root 11241100x8000000000000000345916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0a5f36a474f1282021-12-21 10:25:25.444root 11241100x8000000000000000345917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7e2568ceeefac32021-12-21 10:25:25.444root 11241100x8000000000000000345918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84dbcb095dc2524d2021-12-21 10:25:25.444root 11241100x8000000000000000345919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de93def819abdc92021-12-21 10:25:25.444root 11241100x8000000000000000345920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8370469a24db2e1c2021-12-21 10:25:25.444root 11241100x8000000000000000345921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc324612797fb6aa2021-12-21 10:25:25.943root 11241100x8000000000000000345922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a373b5a5fee5ef12021-12-21 10:25:25.943root 11241100x8000000000000000345923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2da074218e85e42021-12-21 10:25:25.943root 11241100x8000000000000000345924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e821a391cd8d4972021-12-21 10:25:25.943root 11241100x8000000000000000345925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9901cb30a373b8a2021-12-21 10:25:25.944root 11241100x8000000000000000345926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0a1b307d774a102021-12-21 10:25:25.944root 11241100x8000000000000000345927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa6be6708a7a4792021-12-21 10:25:25.944root 11241100x8000000000000000345928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d8de1f680d733fa2021-12-21 10:25:25.945root 11241100x8000000000000000345929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efcae555df874462021-12-21 10:25:25.945root 11241100x8000000000000000345930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08402474d6abbfce2021-12-21 10:25:25.946root 11241100x8000000000000000345931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eaa36ea7fb2d8682021-12-21 10:25:25.946root 11241100x8000000000000000345932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e10d00f99a6bed2021-12-21 10:25:25.946root 11241100x8000000000000000345933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e3fce8e87a299a2021-12-21 10:25:25.946root 11241100x8000000000000000345934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a8be81e342c4042021-12-21 10:25:25.947root 11241100x8000000000000000345935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1218a94bc80893ef2021-12-21 10:25:25.947root 11241100x8000000000000000345936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc2d547fb11d4d52021-12-21 10:25:25.947root 11241100x8000000000000000345937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6173ef6d9f269982021-12-21 10:25:26.443root 11241100x8000000000000000345938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746cdd217c221c942021-12-21 10:25:26.443root 11241100x8000000000000000345939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1b7aa89ff6b1cc2021-12-21 10:25:26.444root 11241100x8000000000000000345940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ec42ca8afa490a2021-12-21 10:25:26.444root 11241100x8000000000000000345941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff80c855944c2fcc2021-12-21 10:25:26.444root 11241100x8000000000000000345942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8de0e77383e8d2d2021-12-21 10:25:26.444root 11241100x8000000000000000345943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25049349e099ca52021-12-21 10:25:26.445root 11241100x8000000000000000345944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72422805c7582e392021-12-21 10:25:26.445root 11241100x8000000000000000345945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9301cabdff414eea2021-12-21 10:25:26.445root 11241100x8000000000000000345946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9508b6b958154d92021-12-21 10:25:26.445root 11241100x8000000000000000345947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20bd86eed3c7a4382021-12-21 10:25:26.445root 11241100x8000000000000000345948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b6c21e9393cc942021-12-21 10:25:26.446root 11241100x8000000000000000345949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b7ed5af36079f42021-12-21 10:25:26.446root 11241100x8000000000000000345950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65570798ab22d7892021-12-21 10:25:26.446root 11241100x8000000000000000345951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e71cd4d3f9538e92021-12-21 10:25:26.446root 11241100x8000000000000000345952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e22e848012635c2021-12-21 10:25:26.446root 11241100x8000000000000000345953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9a17e2a8a2f6e12021-12-21 10:25:26.943root 11241100x8000000000000000345954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6d439b907a97602021-12-21 10:25:26.943root 11241100x8000000000000000345955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd90732c4833ba132021-12-21 10:25:26.943root 11241100x8000000000000000345956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92190d874e128f02021-12-21 10:25:26.944root 11241100x8000000000000000345957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef99ca257b5c3bb22021-12-21 10:25:26.944root 11241100x8000000000000000345958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f01251b1f42db92021-12-21 10:25:26.944root 11241100x8000000000000000345959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45353c3b6cf76b332021-12-21 10:25:26.944root 11241100x8000000000000000345960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc850106578a131f2021-12-21 10:25:26.944root 11241100x8000000000000000345961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a7575f646c7e3d52021-12-21 10:25:26.944root 11241100x8000000000000000345962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265a6aceb0dd14182021-12-21 10:25:26.944root 11241100x8000000000000000345963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8cad4eb8ee177ab2021-12-21 10:25:26.945root 11241100x8000000000000000345964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a98dfa2ec8abc432021-12-21 10:25:26.945root 11241100x8000000000000000345965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde884e968ae0f012021-12-21 10:25:26.945root 11241100x8000000000000000345966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5756e216216010332021-12-21 10:25:26.945root 11241100x8000000000000000345967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a2c6581413de6e2021-12-21 10:25:26.945root 11241100x8000000000000000345968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b5fc3a1a5a46db2021-12-21 10:25:26.946root 354300x8000000000000000345969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.186{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47078-false10.0.1.12-8000- 11241100x8000000000000000345970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3078e8a7efff4a5b2021-12-21 10:25:27.443root 11241100x8000000000000000345971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a1ea09941483e02021-12-21 10:25:27.443root 11241100x8000000000000000345972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b568ff812033c01d2021-12-21 10:25:27.444root 11241100x8000000000000000345973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3829a423a763314c2021-12-21 10:25:27.444root 11241100x8000000000000000345974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4735e8b0af510c4b2021-12-21 10:25:27.444root 11241100x8000000000000000345975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ab3e61e81b46012021-12-21 10:25:27.444root 11241100x8000000000000000345976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b1e42cd8fe7c992021-12-21 10:25:27.444root 11241100x8000000000000000345977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f14739882654272021-12-21 10:25:27.444root 11241100x8000000000000000345978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b0aca99f868dc1e2021-12-21 10:25:27.444root 11241100x8000000000000000345979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd14558787126d5b2021-12-21 10:25:27.444root 11241100x8000000000000000345980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc98323898325bc2021-12-21 10:25:27.444root 11241100x8000000000000000345981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40505b350d9280342021-12-21 10:25:27.445root 11241100x8000000000000000345982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80aa633d8c7995ec2021-12-21 10:25:27.445root 11241100x8000000000000000345983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762a61a4551cdfa92021-12-21 10:25:27.445root 11241100x8000000000000000345984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fb503484b9e3362021-12-21 10:25:27.445root 11241100x8000000000000000345985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f4bb2014fb56a52021-12-21 10:25:27.445root 11241100x8000000000000000345986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187af50899f3a4272021-12-21 10:25:27.445root 11241100x8000000000000000345987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a657b56bdab6a62021-12-21 10:25:27.943root 11241100x8000000000000000345988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d304043be4946cc12021-12-21 10:25:27.943root 11241100x8000000000000000345989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674928b0844404022021-12-21 10:25:27.943root 11241100x8000000000000000345990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7a47eea49861e82021-12-21 10:25:27.943root 11241100x8000000000000000345991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a5e60c926214a82021-12-21 10:25:27.943root 11241100x8000000000000000345992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1640a9c93b472b62021-12-21 10:25:27.943root 11241100x8000000000000000345993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499b945ce7d480c92021-12-21 10:25:27.944root 11241100x8000000000000000345994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675fdfe3071c9f032021-12-21 10:25:27.944root 11241100x8000000000000000345995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd603a560429ecf52021-12-21 10:25:27.944root 11241100x8000000000000000345996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f1c08b7ba0f42de2021-12-21 10:25:27.944root 11241100x8000000000000000345997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b6c726051cc8b12021-12-21 10:25:27.944root 11241100x8000000000000000345998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0b0e6d28dfe9cef2021-12-21 10:25:27.944root 11241100x8000000000000000345999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb54cb2335e9a8d2021-12-21 10:25:27.944root 11241100x8000000000000000346000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66406b59e89c9332021-12-21 10:25:27.944root 11241100x8000000000000000346001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3fa144700bc91652021-12-21 10:25:27.944root 11241100x8000000000000000346002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca9fa100c53afb92021-12-21 10:25:27.945root 11241100x8000000000000000346003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f51593b1167bf182021-12-21 10:25:27.945root 11241100x8000000000000000346004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e62b0f4f4f86b4a2021-12-21 10:25:28.443root 11241100x8000000000000000346005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e74668523ca3bfb72021-12-21 10:25:28.443root 11241100x8000000000000000346006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c741d13d11b460e2021-12-21 10:25:28.443root 11241100x8000000000000000346007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a341834fbc53ea2021-12-21 10:25:28.443root 11241100x8000000000000000346008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc33e7c044c53fe2021-12-21 10:25:28.443root 11241100x8000000000000000346009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf49cd05732051e2021-12-21 10:25:28.444root 11241100x8000000000000000346010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a62a0c36516df1a2021-12-21 10:25:28.444root 11241100x8000000000000000346011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66cbd6e90d418e12021-12-21 10:25:28.444root 11241100x8000000000000000346012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c135628131648a752021-12-21 10:25:28.444root 11241100x8000000000000000346013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd1eec77eb8307d2021-12-21 10:25:28.444root 11241100x8000000000000000346014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b580f72defc6012021-12-21 10:25:28.444root 11241100x8000000000000000346015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b088d9afe0678e2021-12-21 10:25:28.444root 11241100x8000000000000000346016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f0e64839408dcc2021-12-21 10:25:28.444root 11241100x8000000000000000346017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d486099f04edcb2021-12-21 10:25:28.444root 11241100x8000000000000000346018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6965d0f1c7de94e2021-12-21 10:25:28.444root 11241100x8000000000000000346019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f19b76a18d29282021-12-21 10:25:28.444root 11241100x8000000000000000346020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bab6e5b0599cfd12021-12-21 10:25:28.444root 11241100x8000000000000000346021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef3c74fd30625732021-12-21 10:25:28.943root 11241100x8000000000000000346022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c76aaa90070d062021-12-21 10:25:28.943root 11241100x8000000000000000346023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5356e4b868ba76672021-12-21 10:25:28.943root 11241100x8000000000000000346024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a268c7fe2f591422021-12-21 10:25:28.943root 11241100x8000000000000000346025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43d16b2e9052fb02021-12-21 10:25:28.943root 11241100x8000000000000000346026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2fd35f7b35641b62021-12-21 10:25:28.943root 11241100x8000000000000000346027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824d7f0ab904100b2021-12-21 10:25:28.944root 11241100x8000000000000000346028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10668488ca094e932021-12-21 10:25:28.944root 11241100x8000000000000000346029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9602c2afa9c01b222021-12-21 10:25:28.944root 11241100x8000000000000000346030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca06591f49e98532021-12-21 10:25:28.944root 11241100x8000000000000000346031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f245ee2be53725702021-12-21 10:25:28.944root 11241100x8000000000000000346032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cebf0b359cb96812021-12-21 10:25:28.944root 11241100x8000000000000000346033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fa73798b4231e22021-12-21 10:25:28.944root 11241100x8000000000000000346034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf81bcec5782b6562021-12-21 10:25:28.944root 11241100x8000000000000000346035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbfdaee6bb684f922021-12-21 10:25:28.944root 11241100x8000000000000000346036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0772c8a9367da92021-12-21 10:25:28.944root 11241100x8000000000000000346037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac537e303bd33832021-12-21 10:25:28.944root 11241100x8000000000000000346038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3f69b6b473cb7c2021-12-21 10:25:29.443root 11241100x8000000000000000346039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483c53315a1336972021-12-21 10:25:29.443root 11241100x8000000000000000346040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150f5ff89c87439d2021-12-21 10:25:29.443root 11241100x8000000000000000346041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a80c7d89869fb222021-12-21 10:25:29.443root 11241100x8000000000000000346042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d575ad05bb9ae22021-12-21 10:25:29.444root 11241100x8000000000000000346043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab86f32bb67a2c052021-12-21 10:25:29.444root 11241100x8000000000000000346044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7346dd490f1914a2021-12-21 10:25:29.444root 11241100x8000000000000000346045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c7cd688b63f2ad2021-12-21 10:25:29.444root 11241100x8000000000000000346046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510a09f56a209df22021-12-21 10:25:29.444root 11241100x8000000000000000346047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9932f8f6059553a72021-12-21 10:25:29.444root 11241100x8000000000000000346048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b16149abd164bb92021-12-21 10:25:29.444root 11241100x8000000000000000346049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54afaed7f85590d22021-12-21 10:25:29.444root 11241100x8000000000000000346050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e160d9830db4e85e2021-12-21 10:25:29.444root 11241100x8000000000000000346051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd81147eb8b28072021-12-21 10:25:29.445root 11241100x8000000000000000346052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2ae00131cf51342021-12-21 10:25:29.445root 11241100x8000000000000000346053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140e718c59f7ec512021-12-21 10:25:29.445root 11241100x8000000000000000346054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0084cab256e8882021-12-21 10:25:29.445root 11241100x8000000000000000346055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc213561cd36769c2021-12-21 10:25:29.943root 11241100x8000000000000000346056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e550ac2dc1e478a02021-12-21 10:25:29.943root 11241100x8000000000000000346057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.027fd34bf43daf422021-12-21 10:25:29.943root 11241100x8000000000000000346058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de25476c1accce2f2021-12-21 10:25:29.944root 11241100x8000000000000000346059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72ecad2a1eeb7632021-12-21 10:25:29.944root 11241100x8000000000000000346060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f081a7f1801be82021-12-21 10:25:29.944root 11241100x8000000000000000346061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f6c05a9ef9f3e22021-12-21 10:25:29.944root 11241100x8000000000000000346062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e818461d3056f3422021-12-21 10:25:29.944root 11241100x8000000000000000346063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54fcbce366f040b92021-12-21 10:25:29.944root 11241100x8000000000000000346064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb79cf9e0bdc8842021-12-21 10:25:29.944root 11241100x8000000000000000346065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b25c3846fc76ab2021-12-21 10:25:29.945root 11241100x8000000000000000346066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8866a11bdd1be68e2021-12-21 10:25:29.945root 11241100x8000000000000000346067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a092761c4089012021-12-21 10:25:29.945root 11241100x8000000000000000346068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87139d5ef8d0d162021-12-21 10:25:29.945root 11241100x8000000000000000346069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.332c2f0bc26ceabc2021-12-21 10:25:29.945root 11241100x8000000000000000346070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6302b9d1eac4ef02021-12-21 10:25:29.947root 11241100x8000000000000000346071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d7a13c5cfdecde2021-12-21 10:25:29.947root 11241100x8000000000000000346072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2be2835ea8fd1e22021-12-21 10:25:30.443root 11241100x8000000000000000346073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e82442e14c196132021-12-21 10:25:30.443root 11241100x8000000000000000346074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d35fb849dfa03d2021-12-21 10:25:30.443root 11241100x8000000000000000346075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa85ea49d56c1fcc2021-12-21 10:25:30.443root 11241100x8000000000000000346076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4776ff64e51de732021-12-21 10:25:30.444root 11241100x8000000000000000346077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e18d3b5c8416a22021-12-21 10:25:30.444root 11241100x8000000000000000346078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a6a4ed26ab56852021-12-21 10:25:30.444root 11241100x8000000000000000346079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce08afa1cca3c1f82021-12-21 10:25:30.444root 11241100x8000000000000000346080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c3b6b3537776192021-12-21 10:25:30.444root 11241100x8000000000000000346081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5e4293c90ef96c2021-12-21 10:25:30.444root 11241100x8000000000000000346082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637a0f2b77a01a892021-12-21 10:25:30.445root 11241100x8000000000000000346083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4a1a09e49580102021-12-21 10:25:30.445root 11241100x8000000000000000346084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef56491518762c52021-12-21 10:25:30.445root 11241100x8000000000000000346085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520270d69bbbe8402021-12-21 10:25:30.445root 11241100x8000000000000000346086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de0de1753c5ef722021-12-21 10:25:30.445root 11241100x8000000000000000346087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5e8d3c827d86f52021-12-21 10:25:30.445root 11241100x8000000000000000346088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5fd6b29c163a8022021-12-21 10:25:30.445root 11241100x8000000000000000346089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a06e0fa9edd1392021-12-21 10:25:30.943root 11241100x8000000000000000346090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f957fcd9b88f6d82021-12-21 10:25:30.943root 11241100x8000000000000000346091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b7f1ecc2cb509f02021-12-21 10:25:30.944root 11241100x8000000000000000346092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77b4d8c395bd32c2021-12-21 10:25:30.944root 11241100x8000000000000000346093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c3acea3ab8fada2021-12-21 10:25:30.944root 11241100x8000000000000000346094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c310a9c808be542021-12-21 10:25:30.944root 11241100x8000000000000000346095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0edf1c4b95196472021-12-21 10:25:30.944root 11241100x8000000000000000346096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5466a2654505b6132021-12-21 10:25:30.944root 11241100x8000000000000000346097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d847c85af86642de2021-12-21 10:25:30.945root 11241100x8000000000000000346098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20abea65b7dcd6b12021-12-21 10:25:30.945root 11241100x8000000000000000346099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a26c46f61730e62021-12-21 10:25:30.945root 11241100x8000000000000000346100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32053e22fdd23dbf2021-12-21 10:25:30.945root 11241100x8000000000000000346101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72b4cfd0eae59992021-12-21 10:25:30.945root 11241100x8000000000000000346102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782f70a3b958d6b72021-12-21 10:25:30.945root 11241100x8000000000000000346103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eca8e04830854312021-12-21 10:25:30.946root 11241100x8000000000000000346104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcdc11ad1782c5d72021-12-21 10:25:30.946root 11241100x8000000000000000346105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc6e235ff5729d92021-12-21 10:25:30.946root 11241100x8000000000000000346106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.390bde99ec50d0042021-12-21 10:25:31.443root 11241100x8000000000000000346107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e80619bf5739fa2021-12-21 10:25:31.443root 11241100x8000000000000000346108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b62fbfac6f0b76d2021-12-21 10:25:31.443root 11241100x8000000000000000346109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75c6b3e96cffae42021-12-21 10:25:31.444root 11241100x8000000000000000346110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059b3a9c26489c7e2021-12-21 10:25:31.444root 11241100x8000000000000000346111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c633e03dcf8dbdd42021-12-21 10:25:31.444root 11241100x8000000000000000346112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0f64a24caac2332021-12-21 10:25:31.444root 11241100x8000000000000000346113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca29142c914009ef2021-12-21 10:25:31.444root 11241100x8000000000000000346114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321c5847ea7d8e442021-12-21 10:25:31.444root 11241100x8000000000000000346115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddad8c3bf4fefdf82021-12-21 10:25:31.444root 11241100x8000000000000000346116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea69d664c02917842021-12-21 10:25:31.444root 11241100x8000000000000000346117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ffc24e669c3f6e2021-12-21 10:25:31.444root 11241100x8000000000000000346118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac08fa4504bbd012021-12-21 10:25:31.445root 11241100x8000000000000000346119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bde2fe21b8f0d612021-12-21 10:25:31.445root 11241100x8000000000000000346120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05451b648421e5a2021-12-21 10:25:31.445root 11241100x8000000000000000346121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f21e517b0e8992142021-12-21 10:25:31.445root 11241100x8000000000000000346122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726b7976eccc928b2021-12-21 10:25:31.445root 11241100x8000000000000000346123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9dd3e907cf3da7d2021-12-21 10:25:31.943root 11241100x8000000000000000346124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ffba2841c373282021-12-21 10:25:31.943root 11241100x8000000000000000346125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4955a2cfbe8ea152021-12-21 10:25:31.943root 11241100x8000000000000000346126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c214d2a03ee47c1d2021-12-21 10:25:31.943root 11241100x8000000000000000346127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df6b4d6850ccc1642021-12-21 10:25:31.943root 11241100x8000000000000000346128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e99134130eff6982021-12-21 10:25:31.943root 11241100x8000000000000000346129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22aed59b1e99f6ff2021-12-21 10:25:31.944root 11241100x8000000000000000346130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410cb6caad3480cd2021-12-21 10:25:31.944root 11241100x8000000000000000346131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5008d24f885f222021-12-21 10:25:31.944root 11241100x8000000000000000346132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d33263d4e002d42021-12-21 10:25:31.944root 11241100x8000000000000000346133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b72d6e253a768d2021-12-21 10:25:31.944root 11241100x8000000000000000346134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3147846c16c65c542021-12-21 10:25:31.944root 11241100x8000000000000000346135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ecaf4249c66d502021-12-21 10:25:31.944root 11241100x8000000000000000346136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4e775552e813032021-12-21 10:25:31.944root 11241100x8000000000000000346137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1c3e7323a6f0472021-12-21 10:25:31.944root 11241100x8000000000000000346138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1aa64c6d714aaf2021-12-21 10:25:31.944root 11241100x8000000000000000346139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3277d155b627a12021-12-21 10:25:31.944root 354300x8000000000000000346140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.197{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47080-false10.0.1.12-8000- 11241100x8000000000000000346141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97edcdf2459ad0172021-12-21 10:25:32.198root 11241100x8000000000000000346142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3089d7e3ce0049c2021-12-21 10:25:32.198root 11241100x8000000000000000346143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a550c0caaed48b572021-12-21 10:25:32.198root 11241100x8000000000000000346144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3c1aa181748f292021-12-21 10:25:32.198root 11241100x8000000000000000346145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa011f61ad152eca2021-12-21 10:25:32.198root 11241100x8000000000000000346146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0851e86c39b8c60e2021-12-21 10:25:32.198root 11241100x8000000000000000346147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b47f459740fc342021-12-21 10:25:32.199root 11241100x8000000000000000346148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdee6e4401f3c6982021-12-21 10:25:32.199root 11241100x8000000000000000346149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42e0fcd2e65ac4d2021-12-21 10:25:32.199root 11241100x8000000000000000346150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b17b12eff8876c2021-12-21 10:25:32.199root 11241100x8000000000000000346151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9976928831111122021-12-21 10:25:32.199root 11241100x8000000000000000346152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94344ac96f038bb2021-12-21 10:25:32.199root 11241100x8000000000000000346153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a59403cfd4b281b2021-12-21 10:25:32.200root 11241100x8000000000000000346154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d76ce116f0cf3412021-12-21 10:25:32.200root 11241100x8000000000000000346155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed49a7db7296de32021-12-21 10:25:32.200root 11241100x8000000000000000346156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4a881a23d6f1832021-12-21 10:25:32.200root 11241100x8000000000000000346157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcee37cb80da388d2021-12-21 10:25:32.200root 11241100x8000000000000000346158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2da1b9adfa224e2021-12-21 10:25:32.200root 11241100x8000000000000000346159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0232197b5e92e5512021-12-21 10:25:32.693root 11241100x8000000000000000346160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97152fe959ef76fd2021-12-21 10:25:32.693root 11241100x8000000000000000346161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d10e086008780c2021-12-21 10:25:32.693root 11241100x8000000000000000346162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7865733d00ad93d62021-12-21 10:25:32.693root 11241100x8000000000000000346163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e261956c824e53312021-12-21 10:25:32.693root 11241100x8000000000000000346164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3c4e4a4088fa0f2021-12-21 10:25:32.694root 11241100x8000000000000000346165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14634b6a52dcc8dd2021-12-21 10:25:32.694root 11241100x8000000000000000346166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e628c196868391e2021-12-21 10:25:32.694root 11241100x8000000000000000346167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3c7309cd49974c2021-12-21 10:25:32.694root 11241100x8000000000000000346168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b37e620322c46e2021-12-21 10:25:32.694root 11241100x8000000000000000346169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3505a5f401077a192021-12-21 10:25:32.694root 11241100x8000000000000000346170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a263b2d2d7655ac92021-12-21 10:25:32.694root 11241100x8000000000000000346171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34718198fb51b622021-12-21 10:25:32.694root 11241100x8000000000000000346172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e764c1774b40c0c2021-12-21 10:25:32.694root 11241100x8000000000000000346173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ec7682e725e5b92021-12-21 10:25:32.694root 11241100x8000000000000000346174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39951e5c28c275f12021-12-21 10:25:32.694root 11241100x8000000000000000346175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0983503b1f314f02021-12-21 10:25:32.695root 11241100x8000000000000000346176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:32.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f3cfe705c69c202021-12-21 10:25:32.695root 11241100x8000000000000000346177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22bbe207ac2939262021-12-21 10:25:33.193root 11241100x8000000000000000346178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9129577791bcc52c2021-12-21 10:25:33.193root 11241100x8000000000000000346179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4453d4986d5eee2021-12-21 10:25:33.193root 11241100x8000000000000000346180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c1752732e965cf2021-12-21 10:25:33.193root 11241100x8000000000000000346181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b75f4e5e1c1c8942021-12-21 10:25:33.193root 11241100x8000000000000000346182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b89e1210ab7153e92021-12-21 10:25:33.194root 11241100x8000000000000000346183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08858ed4d55f2f582021-12-21 10:25:33.194root 11241100x8000000000000000346184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441a33977d70133a2021-12-21 10:25:33.194root 11241100x8000000000000000346185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31e2f71d93009d62021-12-21 10:25:33.194root 11241100x8000000000000000346186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd0afb73493a8582021-12-21 10:25:33.194root 11241100x8000000000000000346187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02189ae35a61661f2021-12-21 10:25:33.194root 11241100x8000000000000000346188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd83f113808b84b2021-12-21 10:25:33.194root 11241100x8000000000000000346189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6a4ffc8942cada2021-12-21 10:25:33.194root 11241100x8000000000000000346190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fd4ad1eb5001d02021-12-21 10:25:33.194root 11241100x8000000000000000346191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddbe1747060df8602021-12-21 10:25:33.194root 11241100x8000000000000000346192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e26ad4bfb7670b2021-12-21 10:25:33.194root 11241100x8000000000000000346193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd170c38a34321462021-12-21 10:25:33.194root 11241100x8000000000000000346194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010e602781ee56cd2021-12-21 10:25:33.195root 11241100x8000000000000000346195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490f1212466bf7622021-12-21 10:25:33.693root 11241100x8000000000000000346196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1ac437d91cd8e42021-12-21 10:25:33.693root 11241100x8000000000000000346197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e889e2236a725d432021-12-21 10:25:33.694root 11241100x8000000000000000346198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1bb6c7fb7d0a6082021-12-21 10:25:33.694root 11241100x8000000000000000346199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2daf66bc86125aa42021-12-21 10:25:33.694root 11241100x8000000000000000346200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0264f0e1a01b11462021-12-21 10:25:33.694root 11241100x8000000000000000346201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e145303b7fbea4732021-12-21 10:25:33.694root 11241100x8000000000000000346202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcd6519d63a5f272021-12-21 10:25:33.694root 11241100x8000000000000000346203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7bf472bbe3be2d2021-12-21 10:25:33.695root 11241100x8000000000000000346204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736969c3786da0ef2021-12-21 10:25:33.695root 11241100x8000000000000000346205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c536fd5d0a4a64752021-12-21 10:25:33.695root 11241100x8000000000000000346206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f737db90576dfdf2021-12-21 10:25:33.695root 11241100x8000000000000000346207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea21f851b030fa32021-12-21 10:25:33.695root 11241100x8000000000000000346208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04b65051e5045332021-12-21 10:25:33.695root 11241100x8000000000000000346209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9bfbf015680aec22021-12-21 10:25:33.695root 11241100x8000000000000000346210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91aef9997e7f06f52021-12-21 10:25:33.695root 11241100x8000000000000000346211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4e6ce23bea5afa2021-12-21 10:25:33.695root 11241100x8000000000000000346212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f94414ff1ef6dc2021-12-21 10:25:33.695root 11241100x8000000000000000346213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbcc81cb3411c0862021-12-21 10:25:34.193root 11241100x8000000000000000346214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3d23472e49260a2021-12-21 10:25:34.193root 11241100x8000000000000000346215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad63907cc91b69ad2021-12-21 10:25:34.193root 11241100x8000000000000000346216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41c8845c9d0935f2021-12-21 10:25:34.194root 11241100x8000000000000000346217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159a5805151757182021-12-21 10:25:34.194root 11241100x8000000000000000346218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6877ebe2be1f1a092021-12-21 10:25:34.194root 11241100x8000000000000000346219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e526fdcea96bc4e2021-12-21 10:25:34.194root 11241100x8000000000000000346220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a784aab99883a82021-12-21 10:25:34.194root 11241100x8000000000000000346221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b407124dc4ba152021-12-21 10:25:34.194root 11241100x8000000000000000346222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0f7cc77f94b37e2021-12-21 10:25:34.194root 11241100x8000000000000000346223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc1876ef8a18d262021-12-21 10:25:34.194root 11241100x8000000000000000346224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724ca5fa93ce49d82021-12-21 10:25:34.194root 11241100x8000000000000000346225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcfe3142e13a7142021-12-21 10:25:34.195root 11241100x8000000000000000346226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8767854d1d185f322021-12-21 10:25:34.195root 11241100x8000000000000000346227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f804b513d0bc10c82021-12-21 10:25:34.195root 11241100x8000000000000000346228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69dd98ff85ac7d6d2021-12-21 10:25:34.195root 11241100x8000000000000000346229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89bd6288c94f9262021-12-21 10:25:34.195root 11241100x8000000000000000346230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a6cf9845c973d52021-12-21 10:25:34.195root 11241100x8000000000000000346231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46615f36fb142c6f2021-12-21 10:25:34.693root 11241100x8000000000000000346232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3989b98d4a6c04ce2021-12-21 10:25:34.693root 11241100x8000000000000000346233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c25a406a7dc5b2b2021-12-21 10:25:34.694root 11241100x8000000000000000346234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec85df7d3e564152021-12-21 10:25:34.694root 11241100x8000000000000000346235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9940165c9f0a2342021-12-21 10:25:34.694root 11241100x8000000000000000346236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9805197a1413d4bd2021-12-21 10:25:34.694root 11241100x8000000000000000346237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b556f1c63f4b0e2021-12-21 10:25:34.694root 11241100x8000000000000000346238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22d5c35ec96fd212021-12-21 10:25:34.694root 11241100x8000000000000000346239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb81152fc6c1d712021-12-21 10:25:34.694root 11241100x8000000000000000346240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec0a9c2d4b59e4c2021-12-21 10:25:34.694root 11241100x8000000000000000346241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2eca1ce2ba0db92021-12-21 10:25:34.695root 11241100x8000000000000000346242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47437e558ed515a2021-12-21 10:25:34.695root 11241100x8000000000000000346243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db37fecc42949092021-12-21 10:25:34.695root 11241100x8000000000000000346244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d977721ae94cb9082021-12-21 10:25:34.695root 11241100x8000000000000000346245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01924a6309df8db92021-12-21 10:25:34.696root 11241100x8000000000000000346246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef78dffeca297402021-12-21 10:25:34.696root 11241100x8000000000000000346247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76336a1f96f681fa2021-12-21 10:25:34.696root 11241100x8000000000000000346248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80486e8cb05c113d2021-12-21 10:25:34.696root 11241100x8000000000000000346249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bb2e15274398cc32021-12-21 10:25:35.193root 11241100x8000000000000000346250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da838a787cdf69d42021-12-21 10:25:35.193root 11241100x8000000000000000346251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fdaee716843d2272021-12-21 10:25:35.193root 11241100x8000000000000000346252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8560e348c40442e2021-12-21 10:25:35.193root 11241100x8000000000000000346253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07778f443a1765cd2021-12-21 10:25:35.193root 11241100x8000000000000000346254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb65e56f8e06b682021-12-21 10:25:35.194root 11241100x8000000000000000346255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e97576d43df9e22021-12-21 10:25:35.194root 11241100x8000000000000000346256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8ead5700f81b282021-12-21 10:25:35.194root 11241100x8000000000000000346257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8788c457e97a55252021-12-21 10:25:35.194root 11241100x8000000000000000346258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d97e0039b004892021-12-21 10:25:35.194root 11241100x8000000000000000346259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d39e2442c202362021-12-21 10:25:35.194root 11241100x8000000000000000346260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55fbe79576e984012021-12-21 10:25:35.194root 11241100x8000000000000000346261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1db87969896a4b682021-12-21 10:25:35.194root 11241100x8000000000000000346262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5c161dec4940da2021-12-21 10:25:35.194root 11241100x8000000000000000346263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3985faab52b43722021-12-21 10:25:35.194root 11241100x8000000000000000346264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113180dd666132d42021-12-21 10:25:35.195root 11241100x8000000000000000346265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a2b1ce66bc9e6b2021-12-21 10:25:35.195root 11241100x8000000000000000346266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910b29db50bc8b672021-12-21 10:25:35.195root 11241100x8000000000000000346267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8dbeece10eff6902021-12-21 10:25:35.693root 11241100x8000000000000000346268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2796f137cd395b3f2021-12-21 10:25:35.693root 11241100x8000000000000000346269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a975fce84c61712021-12-21 10:25:35.693root 11241100x8000000000000000346270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07cb67ef307be042021-12-21 10:25:35.693root 11241100x8000000000000000346271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3955a8daaefb282021-12-21 10:25:35.694root 11241100x8000000000000000346272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.002cf5fbd78845612021-12-21 10:25:35.694root 11241100x8000000000000000346273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98bc5deb8525ee852021-12-21 10:25:35.694root 11241100x8000000000000000346274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd55cbd63ed3ed72021-12-21 10:25:35.694root 11241100x8000000000000000346275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752522240434fdb82021-12-21 10:25:35.694root 11241100x8000000000000000346276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67bfc2805f7c07462021-12-21 10:25:35.694root 11241100x8000000000000000346277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d957e8d7d7267462021-12-21 10:25:35.694root 11241100x8000000000000000346278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508e6cbbdca68fd62021-12-21 10:25:35.694root 11241100x8000000000000000346279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1c3c55aa6e1c002021-12-21 10:25:35.694root 11241100x8000000000000000346280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ddaa7697cb8e1cc2021-12-21 10:25:35.694root 11241100x8000000000000000346281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b10f65617572202021-12-21 10:25:35.695root 11241100x8000000000000000346282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94ebd534ef2acda2021-12-21 10:25:35.695root 11241100x8000000000000000346283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73dd651d43386e032021-12-21 10:25:35.695root 11241100x8000000000000000346284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1904e10dd5c9f7702021-12-21 10:25:35.695root 11241100x8000000000000000346285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b2a2d54d511eae2021-12-21 10:25:36.193root 11241100x8000000000000000346286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9782b806e40223d82021-12-21 10:25:36.193root 11241100x8000000000000000346287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99699e69144b39982021-12-21 10:25:36.194root 11241100x8000000000000000346288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8986b1c6bad670952021-12-21 10:25:36.194root 11241100x8000000000000000346289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5e79af53d1fcc42021-12-21 10:25:36.194root 11241100x8000000000000000346290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04660d5b1d1da4232021-12-21 10:25:36.194root 11241100x8000000000000000346291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537bf0f62166f4882021-12-21 10:25:36.194root 11241100x8000000000000000346292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8414f66e5f6d32632021-12-21 10:25:36.194root 11241100x8000000000000000346293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70e424bb01fa5d52021-12-21 10:25:36.194root 11241100x8000000000000000346294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405369644e913a1e2021-12-21 10:25:36.194root 11241100x8000000000000000346295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf55cc04934d5b22021-12-21 10:25:36.194root 11241100x8000000000000000346296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53dc60289aa2cebb2021-12-21 10:25:36.195root 11241100x8000000000000000346297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4bca9face82a3db2021-12-21 10:25:36.195root 11241100x8000000000000000346298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127214fc339d70282021-12-21 10:25:36.195root 11241100x8000000000000000346299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d078c99a5f04fe582021-12-21 10:25:36.195root 11241100x8000000000000000346300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b33f61b9155b5d2021-12-21 10:25:36.195root 11241100x8000000000000000346301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec9aa45d020fd862021-12-21 10:25:36.195root 11241100x8000000000000000346302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d79724e04bacfab2021-12-21 10:25:36.195root 11241100x8000000000000000346303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.349{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:25:36.349root 11241100x8000000000000000346304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499dfa727866210a2021-12-21 10:25:36.693root 11241100x8000000000000000346305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a4443acac013fb2021-12-21 10:25:36.693root 11241100x8000000000000000346306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc4010c598df0a12021-12-21 10:25:36.693root 11241100x8000000000000000346307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f08b1f5469c1a92021-12-21 10:25:36.693root 11241100x8000000000000000346308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32fdd99ed667fd182021-12-21 10:25:36.694root 11241100x8000000000000000346309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33139e69aff1d1de2021-12-21 10:25:36.694root 11241100x8000000000000000346310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e061672710b0f5a2021-12-21 10:25:36.694root 11241100x8000000000000000346311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5db438009a3f33a2021-12-21 10:25:36.694root 11241100x8000000000000000346312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a53075a2fee3652021-12-21 10:25:36.694root 11241100x8000000000000000346313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae639059fc0446bf2021-12-21 10:25:36.694root 11241100x8000000000000000346314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b25e202e5459ca2021-12-21 10:25:36.694root 11241100x8000000000000000346315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12590d7481f1d9772021-12-21 10:25:36.694root 11241100x8000000000000000346316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2633a46464f8f0f2021-12-21 10:25:36.694root 11241100x8000000000000000346317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85c5ba8b33cfabb2021-12-21 10:25:36.695root 11241100x8000000000000000346318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa8aae648df4a5e2021-12-21 10:25:36.695root 11241100x8000000000000000346319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754d755f14224a422021-12-21 10:25:36.695root 11241100x8000000000000000346320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1f4aec797766a42021-12-21 10:25:36.695root 11241100x8000000000000000346321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92f766dc8c8f37f2021-12-21 10:25:36.695root 11241100x8000000000000000346322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3970788ba2bdb9a2021-12-21 10:25:36.695root 11241100x8000000000000000346323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c9e83133219c222021-12-21 10:25:37.193root 11241100x8000000000000000346324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a74a2d27a0cd2f52021-12-21 10:25:37.194root 11241100x8000000000000000346325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f307dd49ca4707222021-12-21 10:25:37.194root 11241100x8000000000000000346326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec6f2039a9720f12021-12-21 10:25:37.194root 11241100x8000000000000000346327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163e4b58628daf942021-12-21 10:25:37.194root 11241100x8000000000000000346328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40cd008c85cdeeb02021-12-21 10:25:37.195root 11241100x8000000000000000346329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d402b6d6917564e2021-12-21 10:25:37.195root 11241100x8000000000000000346330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a575878f392215442021-12-21 10:25:37.195root 11241100x8000000000000000346331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5afed247038bdaf2021-12-21 10:25:37.195root 11241100x8000000000000000346332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4436f21d87c2ec7e2021-12-21 10:25:37.195root 11241100x8000000000000000346333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034bc28a4ac6fe152021-12-21 10:25:37.195root 11241100x8000000000000000346334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f513dea09997c9e52021-12-21 10:25:37.195root 11241100x8000000000000000346335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c80508e888dba92021-12-21 10:25:37.195root 11241100x8000000000000000346336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec75d6bf16046f8f2021-12-21 10:25:37.195root 11241100x8000000000000000346337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f74331bada18002021-12-21 10:25:37.196root 11241100x8000000000000000346338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ea5367cdc0984e2021-12-21 10:25:37.196root 11241100x8000000000000000346339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f410ebcabe3bfa2021-12-21 10:25:37.196root 11241100x8000000000000000346340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36546c4eefb6c5812021-12-21 10:25:37.196root 11241100x8000000000000000346341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e222b26902ecc9e2021-12-21 10:25:37.196root 11241100x8000000000000000346342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6bac78ed3d16e82021-12-21 10:25:37.693root 11241100x8000000000000000346343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cddb568312ddb742021-12-21 10:25:37.693root 11241100x8000000000000000346344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7458385b4483ee2021-12-21 10:25:37.693root 11241100x8000000000000000346345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267858e2d16e3f502021-12-21 10:25:37.694root 11241100x8000000000000000346346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2127f06584b436d82021-12-21 10:25:37.694root 11241100x8000000000000000346347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.272d1447e66079d22021-12-21 10:25:37.694root 11241100x8000000000000000346348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa60b6bffcc168b62021-12-21 10:25:37.694root 11241100x8000000000000000346349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d1f9018879cd2d2021-12-21 10:25:37.694root 11241100x8000000000000000346350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14546cdcbae97b22021-12-21 10:25:37.694root 11241100x8000000000000000346351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ce8066812b98212021-12-21 10:25:37.695root 11241100x8000000000000000346352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c39efaead0b0042021-12-21 10:25:37.695root 11241100x8000000000000000346353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1be634b67a924c4d2021-12-21 10:25:37.695root 11241100x8000000000000000346354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a46a959117ff122021-12-21 10:25:37.695root 11241100x8000000000000000346355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e2fbd622f656af2021-12-21 10:25:37.695root 11241100x8000000000000000346356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f45955f9ec43c1f2021-12-21 10:25:37.695root 11241100x8000000000000000346357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4994098ff88609262021-12-21 10:25:37.696root 11241100x8000000000000000346358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b957e0fe47f4f63a2021-12-21 10:25:37.696root 11241100x8000000000000000346359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0dba26c6c5ecc362021-12-21 10:25:37.696root 11241100x8000000000000000346360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad11755d33d400f2021-12-21 10:25:37.696root 354300x8000000000000000346361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.080{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47082-false10.0.1.12-8000- 11241100x8000000000000000346362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6313dcf745341ad92021-12-21 10:25:38.081root 11241100x8000000000000000346363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f3a4f8b213171b2021-12-21 10:25:38.081root 11241100x8000000000000000346364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c59c103a00d5e582021-12-21 10:25:38.081root 11241100x8000000000000000346365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33b95dc925437542021-12-21 10:25:38.081root 11241100x8000000000000000346366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35249d0658f40a72021-12-21 10:25:38.081root 11241100x8000000000000000346367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf8bb84194e5dd82021-12-21 10:25:38.081root 11241100x8000000000000000346368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728b75630fa5d48c2021-12-21 10:25:38.081root 11241100x8000000000000000346369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2401e195f10dc122021-12-21 10:25:38.081root 11241100x8000000000000000346370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.081{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4499bab9e08971d2021-12-21 10:25:38.081root 11241100x8000000000000000346371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684df45e29ddae6e2021-12-21 10:25:38.082root 11241100x8000000000000000346372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff80db9436dba70e2021-12-21 10:25:38.082root 11241100x8000000000000000346373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e26aa96002fe1912021-12-21 10:25:38.082root 11241100x8000000000000000346374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4fb8d41f7433752021-12-21 10:25:38.082root 11241100x8000000000000000346375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ecae3f9a062f0992021-12-21 10:25:38.082root 11241100x8000000000000000346376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903622cec36639d52021-12-21 10:25:38.082root 11241100x8000000000000000346377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462fc3c47206e7632021-12-21 10:25:38.082root 11241100x8000000000000000346378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5072b71a32103f2021-12-21 10:25:38.082root 11241100x8000000000000000346379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f250cadf156115a2021-12-21 10:25:38.082root 11241100x8000000000000000346380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.082{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ba5f8b82e750d22021-12-21 10:25:38.082root 11241100x8000000000000000346381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087007f6dd93c7cb2021-12-21 10:25:38.083root 11241100x8000000000000000346382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fecfac4a7092182d2021-12-21 10:25:38.083root 11241100x8000000000000000346383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef50c45785a933a32021-12-21 10:25:38.083root 11241100x8000000000000000346384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72216b41befd112a2021-12-21 10:25:38.083root 11241100x8000000000000000346385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064da0b9e4db8d7b2021-12-21 10:25:38.083root 11241100x8000000000000000346386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.083{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617a2c85f0d7ab842021-12-21 10:25:38.083root 11241100x8000000000000000346387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c7d2b9c628e9c82021-12-21 10:25:38.443root 11241100x8000000000000000346388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69a981c17efd63a2021-12-21 10:25:38.443root 11241100x8000000000000000346389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32427895c322853b2021-12-21 10:25:38.443root 11241100x8000000000000000346390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc07f6552103970d2021-12-21 10:25:38.443root 11241100x8000000000000000346391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c98a2939b2a91fd2021-12-21 10:25:38.444root 11241100x8000000000000000346392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87930139c4b69e32021-12-21 10:25:38.444root 11241100x8000000000000000346393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35f6c7f20a0759c2021-12-21 10:25:38.444root 11241100x8000000000000000346394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6d73ae2b7a36772021-12-21 10:25:38.444root 11241100x8000000000000000346395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac2f1ab9ebcd5ea2021-12-21 10:25:38.444root 11241100x8000000000000000346396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f839e44a5d2dac2021-12-21 10:25:38.444root 11241100x8000000000000000346397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a510cd64489afdea2021-12-21 10:25:38.444root 11241100x8000000000000000346398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b7a9e60c1c701f2021-12-21 10:25:38.444root 11241100x8000000000000000346399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d446713f9b2e19822021-12-21 10:25:38.444root 11241100x8000000000000000346400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395e2f7bbf3efab22021-12-21 10:25:38.444root 11241100x8000000000000000346401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fac841ad225138e2021-12-21 10:25:38.445root 11241100x8000000000000000346402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23862709dd2404d2021-12-21 10:25:38.445root 11241100x8000000000000000346403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb78a7ee036e24d72021-12-21 10:25:38.445root 11241100x8000000000000000346404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b37c11924d9a27c2021-12-21 10:25:38.445root 11241100x8000000000000000346405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48bac2af63014af82021-12-21 10:25:38.445root 11241100x8000000000000000346406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f8953879000e0e2021-12-21 10:25:38.445root 11241100x8000000000000000346407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0d50b03e3abd152021-12-21 10:25:38.943root 11241100x8000000000000000346408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8486410ddc2fd82021-12-21 10:25:38.943root 11241100x8000000000000000346409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8affc5b038865bf42021-12-21 10:25:38.943root 11241100x8000000000000000346410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d55ac060b67c1a2021-12-21 10:25:38.943root 11241100x8000000000000000346411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be5f31e8d477ff72021-12-21 10:25:38.944root 11241100x8000000000000000346412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146a510b81a850d82021-12-21 10:25:38.944root 11241100x8000000000000000346413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3389d0966a5d67132021-12-21 10:25:38.944root 11241100x8000000000000000346414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c20cc8dc452e7f2021-12-21 10:25:38.944root 11241100x8000000000000000346415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452f32bf63f0ce042021-12-21 10:25:38.944root 11241100x8000000000000000346416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597923ed787420e72021-12-21 10:25:38.944root 11241100x8000000000000000346417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34846e70f6dc78e02021-12-21 10:25:38.944root 11241100x8000000000000000346418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b4d0deb09fc2eb2021-12-21 10:25:38.944root 11241100x8000000000000000346419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0655466a8b2a722e2021-12-21 10:25:38.944root 11241100x8000000000000000346420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468f57ae01bc9bff2021-12-21 10:25:38.944root 11241100x8000000000000000346421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec65d271d1fa7792021-12-21 10:25:38.944root 11241100x8000000000000000346422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09995067253355992021-12-21 10:25:38.944root 11241100x8000000000000000346423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99ca51dafada7a52021-12-21 10:25:38.944root 11241100x8000000000000000346424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f15f162bd46b1de2021-12-21 10:25:38.944root 11241100x8000000000000000346425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4882059f1c7f1c42021-12-21 10:25:38.945root 11241100x8000000000000000346426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:38.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4ef732dd2e71c92021-12-21 10:25:38.945root 23542300x8000000000000000346427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.350{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000346428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e7bb60d6d492e72021-12-21 10:25:39.351root 11241100x8000000000000000346429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7481e7f7f66ad8172021-12-21 10:25:39.352root 11241100x8000000000000000346430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0535393304d4d12021-12-21 10:25:39.352root 11241100x8000000000000000346431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49455913971e54802021-12-21 10:25:39.353root 11241100x8000000000000000346432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554a4edffa559c7c2021-12-21 10:25:39.353root 11241100x8000000000000000346433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e23b64e72c5955d2021-12-21 10:25:39.354root 11241100x8000000000000000346434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e091e55edd0282c72021-12-21 10:25:39.354root 11241100x8000000000000000346435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebe590e4c438a042021-12-21 10:25:39.354root 11241100x8000000000000000346436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fa81ca81109c2d2021-12-21 10:25:39.355root 11241100x8000000000000000346437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbee72f3d25b0202021-12-21 10:25:39.355root 11241100x8000000000000000346438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaad758f40ca8bb62021-12-21 10:25:39.356root 11241100x8000000000000000346439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f009e929a47403af2021-12-21 10:25:39.356root 11241100x8000000000000000346440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1dff3b441d0f102021-12-21 10:25:39.357root 11241100x8000000000000000346441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20fc81ca44c99bcd2021-12-21 10:25:39.357root 11241100x8000000000000000346442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72466da07201c3632021-12-21 10:25:39.357root 11241100x8000000000000000346443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6abe05278f70582021-12-21 10:25:39.357root 11241100x8000000000000000346444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.358{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b3c5b33307e1cc2021-12-21 10:25:39.358root 11241100x8000000000000000346445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.358{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0d29fd04a1b48f2021-12-21 10:25:39.358root 11241100x8000000000000000346446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.358{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e95df784b8beee2021-12-21 10:25:39.358root 11241100x8000000000000000346447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.358{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22c1505843987b12021-12-21 10:25:39.358root 11241100x8000000000000000346448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.358{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a96da246935a07d2021-12-21 10:25:39.358root 11241100x8000000000000000346449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.358{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2df239bd13644582021-12-21 10:25:39.358root 11241100x8000000000000000346450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.359{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56311b7c2d5d83702021-12-21 10:25:39.359root 11241100x8000000000000000346451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.359{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f1fad07d2d440e2021-12-21 10:25:39.359root 11241100x8000000000000000346452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b6ec5fe7954fee2021-12-21 10:25:39.693root 11241100x8000000000000000346453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a5e497d2b549b42021-12-21 10:25:39.693root 11241100x8000000000000000346454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26bc2a4f235610352021-12-21 10:25:39.694root 11241100x8000000000000000346455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90143bde030dda202021-12-21 10:25:39.694root 11241100x8000000000000000346456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.defdbd54851aaa412021-12-21 10:25:39.694root 11241100x8000000000000000346457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58159b0429d5bccf2021-12-21 10:25:39.694root 11241100x8000000000000000346458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb365ceaba42817d2021-12-21 10:25:39.694root 11241100x8000000000000000346459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a8356eb6c9bc612021-12-21 10:25:39.694root 11241100x8000000000000000346460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406cb74e63883b692021-12-21 10:25:39.694root 11241100x8000000000000000346461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5dcbc3abdbed9d2021-12-21 10:25:39.694root 11241100x8000000000000000346462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987bb2050c41b3722021-12-21 10:25:39.695root 11241100x8000000000000000346463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21afd865319f96612021-12-21 10:25:39.695root 11241100x8000000000000000346464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14d002d168a4df82021-12-21 10:25:39.695root 11241100x8000000000000000346465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522587e5053240fc2021-12-21 10:25:39.695root 11241100x8000000000000000346466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5830fb08285962312021-12-21 10:25:39.695root 11241100x8000000000000000346467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7b3b0d610d040a2021-12-21 10:25:39.695root 11241100x8000000000000000346468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a27d5826aae44862021-12-21 10:25:39.695root 11241100x8000000000000000346469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23caaf21c38277c2021-12-21 10:25:39.695root 11241100x8000000000000000346470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274023fd0542b3742021-12-21 10:25:39.695root 11241100x8000000000000000346471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576727c31cc920332021-12-21 10:25:39.695root 11241100x8000000000000000346472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62c56102aba06632021-12-21 10:25:39.696root 11241100x8000000000000000346473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ea45e3cf3825592021-12-21 10:25:40.193root 11241100x8000000000000000346474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331b2ff2a38daa862021-12-21 10:25:40.193root 11241100x8000000000000000346475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9974cc7519aed1832021-12-21 10:25:40.193root 11241100x8000000000000000346476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d47de79723c0b802021-12-21 10:25:40.194root 11241100x8000000000000000346477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638646fc5245cf812021-12-21 10:25:40.194root 11241100x8000000000000000346478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667378c62392fa012021-12-21 10:25:40.194root 11241100x8000000000000000346479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83fc08fc32ac82412021-12-21 10:25:40.194root 11241100x8000000000000000346480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64712a82560bfd472021-12-21 10:25:40.194root 11241100x8000000000000000346481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e5324d9961d6002021-12-21 10:25:40.194root 11241100x8000000000000000346482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3966fa3b626c9e1c2021-12-21 10:25:40.194root 11241100x8000000000000000346483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f039c19f1c874f2021-12-21 10:25:40.194root 11241100x8000000000000000346484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0601a37bb91327102021-12-21 10:25:40.194root 11241100x8000000000000000346485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8427d863d979dbe12021-12-21 10:25:40.194root 11241100x8000000000000000346486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e6a44dd8aebb3a2021-12-21 10:25:40.195root 11241100x8000000000000000346487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda3a29512f035152021-12-21 10:25:40.195root 11241100x8000000000000000346488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2824f9be6514f0582021-12-21 10:25:40.195root 11241100x8000000000000000346489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6ac7a39f893cb622021-12-21 10:25:40.195root 11241100x8000000000000000346490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff69dd94a22b170a2021-12-21 10:25:40.195root 11241100x8000000000000000346491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f4d9275d3db0f52021-12-21 10:25:40.196root 11241100x8000000000000000346492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2a7cbd9aec49e22021-12-21 10:25:40.196root 11241100x8000000000000000346493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54581cb0634d307b2021-12-21 10:25:40.197root 11241100x8000000000000000346494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37946834471c88ce2021-12-21 10:25:40.693root 11241100x8000000000000000346495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4559d37dabd84952021-12-21 10:25:40.693root 11241100x8000000000000000346496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0011d8b5bebd03a12021-12-21 10:25:40.694root 11241100x8000000000000000346497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022dff8ba6478b682021-12-21 10:25:40.694root 11241100x8000000000000000346498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8870617585217ded2021-12-21 10:25:40.694root 11241100x8000000000000000346499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0257a6548bec6122021-12-21 10:25:40.695root 11241100x8000000000000000346500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856630f67faea8652021-12-21 10:25:40.695root 11241100x8000000000000000346501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe141491ab4f5612021-12-21 10:25:40.695root 11241100x8000000000000000346502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8aced419eeb6f62021-12-21 10:25:40.695root 11241100x8000000000000000346503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3120f79a682055272021-12-21 10:25:40.696root 11241100x8000000000000000346504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4557f6309e2c060a2021-12-21 10:25:40.696root 11241100x8000000000000000346505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2f22ab19fb7e2c2021-12-21 10:25:40.697root 11241100x8000000000000000346506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39584a0f1a565ad2021-12-21 10:25:40.697root 11241100x8000000000000000346507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596a275f26a44c8b2021-12-21 10:25:40.698root 11241100x8000000000000000346508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643f84e598f684ae2021-12-21 10:25:40.698root 11241100x8000000000000000346509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2fd860d94afd462021-12-21 10:25:40.699root 11241100x8000000000000000346510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8d01fec180ae542021-12-21 10:25:40.699root 11241100x8000000000000000346511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6915d9bfa386f2a52021-12-21 10:25:40.700root 11241100x8000000000000000346512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76f9197901106d42021-12-21 10:25:40.700root 11241100x8000000000000000346513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16cfb23f8cb18b442021-12-21 10:25:40.701root 11241100x8000000000000000346514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:40.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1640b0a53248224c2021-12-21 10:25:40.701root 11241100x8000000000000000346515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5044d2d8d91386ef2021-12-21 10:25:41.193root 11241100x8000000000000000346516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91cebee627cba522021-12-21 10:25:41.193root 11241100x8000000000000000346517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230c54e3c9a4573b2021-12-21 10:25:41.194root 11241100x8000000000000000346518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f26671557ec3c2a2021-12-21 10:25:41.194root 11241100x8000000000000000346519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2427fc2f3397f91e2021-12-21 10:25:41.194root 11241100x8000000000000000346520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6833c1b17b3165e02021-12-21 10:25:41.194root 11241100x8000000000000000346521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba966f90e1537ee2021-12-21 10:25:41.194root 11241100x8000000000000000346522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e01761844ada7fb2021-12-21 10:25:41.194root 11241100x8000000000000000346523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5daf957ad1ac3f2021-12-21 10:25:41.194root 11241100x8000000000000000346524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c30795013f98ec122021-12-21 10:25:41.194root 11241100x8000000000000000346525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7981faf7d87c1792021-12-21 10:25:41.194root 11241100x8000000000000000346526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18aa0c7c6ce433e22021-12-21 10:25:41.194root 11241100x8000000000000000346527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9982da10254eeed2021-12-21 10:25:41.194root 11241100x8000000000000000346528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e75b56d46e3a7132021-12-21 10:25:41.194root 11241100x8000000000000000346529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c63f5f71b62cc852021-12-21 10:25:41.195root 11241100x8000000000000000346530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceae8327138f83092021-12-21 10:25:41.195root 11241100x8000000000000000346531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56359cec85816e12021-12-21 10:25:41.195root 11241100x8000000000000000346532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32bf242bcbfefea2021-12-21 10:25:41.195root 11241100x8000000000000000346533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b381a554c10219a72021-12-21 10:25:41.196root 11241100x8000000000000000346534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc75ede5633058f42021-12-21 10:25:41.196root 11241100x8000000000000000346535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75dccc180ba658012021-12-21 10:25:41.197root 11241100x8000000000000000346536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e58bc6c1628f132021-12-21 10:25:41.693root 11241100x8000000000000000346537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b2ff8f97efb2d32021-12-21 10:25:41.694root 11241100x8000000000000000346538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b544e2f82fb5a22021-12-21 10:25:41.694root 11241100x8000000000000000346539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407a21586471a6ec2021-12-21 10:25:41.694root 11241100x8000000000000000346540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad651fe0a496eebb2021-12-21 10:25:41.694root 11241100x8000000000000000346541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.875b889aa2ce9cce2021-12-21 10:25:41.694root 11241100x8000000000000000346542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6c17ba6d3c85332021-12-21 10:25:41.694root 11241100x8000000000000000346543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff6b365d9db452b2021-12-21 10:25:41.694root 11241100x8000000000000000346544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e4e08def2e7b9ff2021-12-21 10:25:41.695root 11241100x8000000000000000346545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc10f4f8131b8f342021-12-21 10:25:41.695root 11241100x8000000000000000346546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8fb111e4e3e5bb2021-12-21 10:25:41.695root 11241100x8000000000000000346547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18a4f9c024c79b32021-12-21 10:25:41.695root 11241100x8000000000000000346548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e70ccc1894877f2021-12-21 10:25:41.695root 11241100x8000000000000000346549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943f2540162c45722021-12-21 10:25:41.695root 11241100x8000000000000000346550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbfc3e652a341c62021-12-21 10:25:41.695root 11241100x8000000000000000346551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a18c887a8a5b702021-12-21 10:25:41.695root 11241100x8000000000000000346552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5817d33f1cfb2e2021-12-21 10:25:41.695root 11241100x8000000000000000346553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8aedc424d02a4922021-12-21 10:25:41.695root 11241100x8000000000000000346554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53048d4dec250de62021-12-21 10:25:41.696root 11241100x8000000000000000346555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b84325b6dd1fdcf2021-12-21 10:25:41.696root 11241100x8000000000000000346556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71d4c1fa7cf88442021-12-21 10:25:41.696root 11241100x8000000000000000346557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fe9ac2a80060c12021-12-21 10:25:42.193root 11241100x8000000000000000346558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fae6b5e36f4ff062021-12-21 10:25:42.193root 11241100x8000000000000000346559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de9cd1f3b97350a2021-12-21 10:25:42.193root 11241100x8000000000000000346560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f7aed3e57c97f32021-12-21 10:25:42.193root 11241100x8000000000000000346561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e06ca5aab58a162021-12-21 10:25:42.193root 11241100x8000000000000000346562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fe42138e337c5c2021-12-21 10:25:42.194root 11241100x8000000000000000346563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dbcc1f1b19635992021-12-21 10:25:42.194root 11241100x8000000000000000346564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a45ebcf658103ea2021-12-21 10:25:42.194root 11241100x8000000000000000346565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92577e91ede795a82021-12-21 10:25:42.194root 11241100x8000000000000000346566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0263159f4404322021-12-21 10:25:42.194root 11241100x8000000000000000346567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c9e9dc23deef672021-12-21 10:25:42.194root 11241100x8000000000000000346568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6910467aac281f2021-12-21 10:25:42.194root 11241100x8000000000000000346569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af90a6df0804ffc2021-12-21 10:25:42.194root 11241100x8000000000000000346570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7662202d9575fbf2021-12-21 10:25:42.195root 11241100x8000000000000000346571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06983dc9be3b74e12021-12-21 10:25:42.195root 11241100x8000000000000000346572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e86983bfc2897572021-12-21 10:25:42.195root 11241100x8000000000000000346573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706c7c4088aa95f72021-12-21 10:25:42.195root 11241100x8000000000000000346574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001e25ad95e9d0ce2021-12-21 10:25:42.195root 11241100x8000000000000000346575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf29471f6915e66a2021-12-21 10:25:42.195root 11241100x8000000000000000346576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97337cc84db25ad22021-12-21 10:25:42.195root 11241100x8000000000000000346577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da038749cd7dd6712021-12-21 10:25:42.195root 11241100x8000000000000000346578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da951a4996a5c302021-12-21 10:25:42.693root 11241100x8000000000000000346579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0fc56b3da42f262021-12-21 10:25:42.693root 11241100x8000000000000000346580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659fa860bddce5a22021-12-21 10:25:42.693root 11241100x8000000000000000346581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fab1e31507f39692021-12-21 10:25:42.693root 11241100x8000000000000000346582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f843fd1ecf54d32021-12-21 10:25:42.693root 11241100x8000000000000000346583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6cd8cf786ffe93f2021-12-21 10:25:42.693root 11241100x8000000000000000346584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba788286a65f7242021-12-21 10:25:42.693root 11241100x8000000000000000346585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabedecec47ba9e02021-12-21 10:25:42.694root 11241100x8000000000000000346586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f7e85d101553012021-12-21 10:25:42.694root 11241100x8000000000000000346587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5dcba0e7e0fdec2021-12-21 10:25:42.694root 11241100x8000000000000000346588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbaafba5e7d8d2982021-12-21 10:25:42.694root 11241100x8000000000000000346589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a3ff73c466782a2021-12-21 10:25:42.694root 11241100x8000000000000000346590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84032f8058f5a1ca2021-12-21 10:25:42.694root 11241100x8000000000000000346591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7be48c7e59dd3f2021-12-21 10:25:42.694root 11241100x8000000000000000346592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2990d7ce58335d22021-12-21 10:25:42.695root 11241100x8000000000000000346593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758acb0c59a19f132021-12-21 10:25:42.695root 11241100x8000000000000000346594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de33e5a4783d1f62021-12-21 10:25:42.695root 11241100x8000000000000000346595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac99d7e8cb993ef02021-12-21 10:25:42.695root 11241100x8000000000000000346596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c168b6a6e7130e2021-12-21 10:25:42.695root 11241100x8000000000000000346597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2297f49690b3bc1d2021-12-21 10:25:42.695root 11241100x8000000000000000346598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7f9886f3aa67892021-12-21 10:25:42.696root 11241100x8000000000000000346599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe731e35c6a794a02021-12-21 10:25:43.193root 11241100x8000000000000000346600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97c987978f02f5c42021-12-21 10:25:43.193root 11241100x8000000000000000346601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3534344ea037fd8f2021-12-21 10:25:43.193root 11241100x8000000000000000346602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f1771cfd58e0fd2021-12-21 10:25:43.193root 11241100x8000000000000000346603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a666a7e87795612021-12-21 10:25:43.193root 11241100x8000000000000000346604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56396016e7e930a42021-12-21 10:25:43.193root 11241100x8000000000000000346605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f80ef1009d8ac1c2021-12-21 10:25:43.194root 11241100x8000000000000000346606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beed95da254f352f2021-12-21 10:25:43.194root 11241100x8000000000000000346607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5275ab3b8174292021-12-21 10:25:43.194root 11241100x8000000000000000346608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da68a3c773f53452021-12-21 10:25:43.194root 11241100x8000000000000000346609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b189a2bf7e9b05f2021-12-21 10:25:43.194root 11241100x8000000000000000346610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d84b766e76c91e72021-12-21 10:25:43.194root 11241100x8000000000000000346611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.961e2ec73a61dc072021-12-21 10:25:43.195root 11241100x8000000000000000346612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d40545046cf1b32021-12-21 10:25:43.195root 11241100x8000000000000000346613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d832bb9dcebdc2572021-12-21 10:25:43.195root 11241100x8000000000000000346614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcdb84b4cd37df8c2021-12-21 10:25:43.195root 11241100x8000000000000000346615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a4ee5551a003c32021-12-21 10:25:43.195root 11241100x8000000000000000346616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ecfbfebe5fc5f222021-12-21 10:25:43.195root 11241100x8000000000000000346617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b6105102b044192021-12-21 10:25:43.195root 11241100x8000000000000000346618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a6bfcf8138eb1bf2021-12-21 10:25:43.195root 11241100x8000000000000000346619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0344d7e1447dcfe22021-12-21 10:25:43.195root 11241100x8000000000000000346620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a7d9ba54f94a462021-12-21 10:25:43.196root 11241100x8000000000000000346621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a4a7aef88a8fa82021-12-21 10:25:43.196root 11241100x8000000000000000346622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998b56106a45a3472021-12-21 10:25:43.196root 354300x8000000000000000346623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.211{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47084-false10.0.1.12-8000- 11241100x8000000000000000346624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d05f55f512562452021-12-21 10:25:43.693root 11241100x8000000000000000346625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4a7f9babaf757e2021-12-21 10:25:43.693root 11241100x8000000000000000346626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe0c40647de772f2021-12-21 10:25:43.693root 11241100x8000000000000000346627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9099938117014502021-12-21 10:25:43.694root 11241100x8000000000000000346628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7707e2e7d39aeac2021-12-21 10:25:43.694root 11241100x8000000000000000346629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7356666452e880652021-12-21 10:25:43.694root 11241100x8000000000000000346630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfce0251b76c2e0b2021-12-21 10:25:43.694root 11241100x8000000000000000346631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c37c01f5f75b582021-12-21 10:25:43.694root 11241100x8000000000000000346632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d3d2a970e04c552021-12-21 10:25:43.694root 11241100x8000000000000000346633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee008b9fb49074992021-12-21 10:25:43.694root 11241100x8000000000000000346634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa111aa26aaf9bd2021-12-21 10:25:43.694root 11241100x8000000000000000346635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234e407491aab2e82021-12-21 10:25:43.694root 11241100x8000000000000000346636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0c6e67293811ae2021-12-21 10:25:43.694root 11241100x8000000000000000346637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717f3178268fcf112021-12-21 10:25:43.694root 11241100x8000000000000000346638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a45712f89d11f52021-12-21 10:25:43.695root 11241100x8000000000000000346639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04211d9343407b22021-12-21 10:25:43.695root 11241100x8000000000000000346640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18636049bf6f2ee2021-12-21 10:25:43.695root 11241100x8000000000000000346641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e69ce8213320202021-12-21 10:25:43.695root 11241100x8000000000000000346642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e13f55ad8d47c512021-12-21 10:25:43.696root 11241100x8000000000000000346643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee678898809b8822021-12-21 10:25:43.696root 11241100x8000000000000000346644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c43020f49d29252021-12-21 10:25:43.696root 11241100x8000000000000000346645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f51c1cf5ab2d20e2021-12-21 10:25:43.696root 11241100x8000000000000000346646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f587f2dea6801142021-12-21 10:25:44.193root 11241100x8000000000000000346647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4af60b273611242021-12-21 10:25:44.193root 11241100x8000000000000000346648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824eb1745325546e2021-12-21 10:25:44.193root 11241100x8000000000000000346649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bceb9dacf265fa5c2021-12-21 10:25:44.193root 11241100x8000000000000000346650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654572bf1f5122b02021-12-21 10:25:44.194root 11241100x8000000000000000346651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10f3922477765bf2021-12-21 10:25:44.194root 11241100x8000000000000000346652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf47ddc4ea8243b42021-12-21 10:25:44.194root 11241100x8000000000000000346653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdfbef0ebf6fd1082021-12-21 10:25:44.194root 11241100x8000000000000000346654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf925a73c10ca372021-12-21 10:25:44.194root 11241100x8000000000000000346655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce915740b8bcf0a2021-12-21 10:25:44.194root 11241100x8000000000000000346656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0d42a75c2e452a2021-12-21 10:25:44.194root 11241100x8000000000000000346657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682127048f01abc72021-12-21 10:25:44.194root 11241100x8000000000000000346658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.920e9638c6052cda2021-12-21 10:25:44.194root 11241100x8000000000000000346659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a6848e879cd52d2021-12-21 10:25:44.194root 11241100x8000000000000000346660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6c651f3501010c2021-12-21 10:25:44.194root 11241100x8000000000000000346661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b21ecdb74c643b02021-12-21 10:25:44.195root 11241100x8000000000000000346662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed7aeffcd0e01be2021-12-21 10:25:44.195root 11241100x8000000000000000346663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528784d57b77beef2021-12-21 10:25:44.195root 11241100x8000000000000000346664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223dc6ae4be418912021-12-21 10:25:44.195root 11241100x8000000000000000346665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99daa2bdff436a322021-12-21 10:25:44.195root 11241100x8000000000000000346666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb623ea9a37054c12021-12-21 10:25:44.195root 11241100x8000000000000000346667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772e223d8585467e2021-12-21 10:25:44.195root 11241100x8000000000000000346668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d9aa10afd47a012021-12-21 10:25:44.693root 11241100x8000000000000000346669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c09b1ee03692a8d2021-12-21 10:25:44.693root 11241100x8000000000000000346670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58acf930b654d6f72021-12-21 10:25:44.693root 11241100x8000000000000000346671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ebc21f713108812021-12-21 10:25:44.693root 11241100x8000000000000000346672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb83bc8a79cafd72021-12-21 10:25:44.693root 11241100x8000000000000000346673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ebc18d78c9d7c62021-12-21 10:25:44.694root 11241100x8000000000000000346674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b178460ebeeb8b2021-12-21 10:25:44.694root 11241100x8000000000000000346675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4976d6df5f5425582021-12-21 10:25:44.694root 11241100x8000000000000000346676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9c83282a60dcc32021-12-21 10:25:44.694root 11241100x8000000000000000346677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a5062dd051bb922021-12-21 10:25:44.694root 11241100x8000000000000000346678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efa89f27c2226522021-12-21 10:25:44.694root 11241100x8000000000000000346679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f33db76a1c7ad02021-12-21 10:25:44.694root 11241100x8000000000000000346680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1ab61eff9e2d0a2021-12-21 10:25:44.694root 11241100x8000000000000000346681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c384cd188a102272021-12-21 10:25:44.694root 11241100x8000000000000000346682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4535e5f158520572021-12-21 10:25:44.694root 11241100x8000000000000000346683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62d4cfd459278dd2021-12-21 10:25:44.695root 11241100x8000000000000000346684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02b9438495f3c2b2021-12-21 10:25:44.695root 11241100x8000000000000000346685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297d3856b96840d02021-12-21 10:25:44.695root 11241100x8000000000000000346686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83559e71bc8a84012021-12-21 10:25:44.695root 11241100x8000000000000000346687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546b3fb7033ed9e02021-12-21 10:25:44.695root 11241100x8000000000000000346688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23299cbb9a6669b2021-12-21 10:25:44.695root 11241100x8000000000000000346689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289822db213756762021-12-21 10:25:44.695root 11241100x8000000000000000346690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85fc7137064b10612021-12-21 10:25:45.193root 11241100x8000000000000000346691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e141e00e8ebd9352021-12-21 10:25:45.193root 11241100x8000000000000000346692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69b0c97d95294952021-12-21 10:25:45.193root 11241100x8000000000000000346693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388882b7f2af4ca82021-12-21 10:25:45.194root 11241100x8000000000000000346694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3059a7cf1fa588a12021-12-21 10:25:45.194root 11241100x8000000000000000346695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21435694a987b9a2021-12-21 10:25:45.194root 11241100x8000000000000000346696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1cea8f715d76a62021-12-21 10:25:45.194root 11241100x8000000000000000346697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44694fce11d63342021-12-21 10:25:45.194root 11241100x8000000000000000346698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684cfb8df337cee12021-12-21 10:25:45.194root 11241100x8000000000000000346699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7e03fd04557d092021-12-21 10:25:45.194root 11241100x8000000000000000346700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbdd4a608ff0f4c62021-12-21 10:25:45.194root 11241100x8000000000000000346701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3980d427ecd15872021-12-21 10:25:45.194root 11241100x8000000000000000346702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e143f31fbbe587c2021-12-21 10:25:45.194root 11241100x8000000000000000346703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b183cc1da55fa7fb2021-12-21 10:25:45.194root 11241100x8000000000000000346704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e476beca997052dc2021-12-21 10:25:45.194root 11241100x8000000000000000346705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa4c26a1241b3b02021-12-21 10:25:45.194root 11241100x8000000000000000346706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bba3f4cc1a753032021-12-21 10:25:45.194root 11241100x8000000000000000346707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0106342621a966a2021-12-21 10:25:45.194root 11241100x8000000000000000346708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d7fcbd1eafdf1c2021-12-21 10:25:45.195root 11241100x8000000000000000346709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c764cd3f29af5f2021-12-21 10:25:45.195root 11241100x8000000000000000346710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6645a92bd84c602021-12-21 10:25:45.195root 11241100x8000000000000000346711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac6fcfc17b4cf6e2021-12-21 10:25:45.195root 11241100x8000000000000000346712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429da14119bb98502021-12-21 10:25:45.693root 11241100x8000000000000000346713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf9d77d45ad81c52021-12-21 10:25:45.693root 11241100x8000000000000000346714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a408d9caf3d97e922021-12-21 10:25:45.693root 11241100x8000000000000000346715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ca10048409ccfb2021-12-21 10:25:45.693root 11241100x8000000000000000346716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2147a86678945d2021-12-21 10:25:45.693root 11241100x8000000000000000346717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87b55ec87a060062021-12-21 10:25:45.693root 11241100x8000000000000000346718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1fcaf606128b402021-12-21 10:25:45.694root 11241100x8000000000000000346719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149ae56929a64a942021-12-21 10:25:45.694root 11241100x8000000000000000346720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0d2de24fd334472021-12-21 10:25:45.694root 11241100x8000000000000000346721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4232125d9d0948882021-12-21 10:25:45.695root 11241100x8000000000000000346722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e05c99eb87794482021-12-21 10:25:45.695root 11241100x8000000000000000346723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e71d8938a4041e202021-12-21 10:25:45.695root 11241100x8000000000000000346724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb8c770c0b87cd72021-12-21 10:25:45.695root 11241100x8000000000000000346725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9c0f9556ecaf502021-12-21 10:25:45.695root 11241100x8000000000000000346726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14fc4f6d0a6fa5842021-12-21 10:25:45.696root 11241100x8000000000000000346727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.639c09122f11fb322021-12-21 10:25:45.696root 11241100x8000000000000000346728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc500d0dcb19cd52021-12-21 10:25:45.696root 11241100x8000000000000000346729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb9354e50429ee922021-12-21 10:25:45.696root 11241100x8000000000000000346730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba980be02779e362021-12-21 10:25:45.696root 11241100x8000000000000000346731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec80c21cb485ac22021-12-21 10:25:45.696root 11241100x8000000000000000346732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee0d9f296de35b5f2021-12-21 10:25:45.696root 11241100x8000000000000000346733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f202c52248cc5162021-12-21 10:25:45.696root 11241100x8000000000000000346734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1fc177f2a292c762021-12-21 10:25:45.697root 11241100x8000000000000000346735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29cf190815a8bed92021-12-21 10:25:45.697root 11241100x8000000000000000346736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c922c893f8379dea2021-12-21 10:25:45.697root 11241100x8000000000000000346737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2fe27cc50e3f022021-12-21 10:25:45.697root 11241100x8000000000000000346738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c55bf7ecd8b5392021-12-21 10:25:45.697root 11241100x8000000000000000346739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12315d94c7129ea92021-12-21 10:25:45.697root 11241100x8000000000000000346740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2b9578a2a177ef2021-12-21 10:25:46.193root 11241100x8000000000000000346741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9adf5b4487bf4e052021-12-21 10:25:46.193root 11241100x8000000000000000346742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7824dcc5738b2952021-12-21 10:25:46.193root 11241100x8000000000000000346743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d1977c4c0c59e22021-12-21 10:25:46.194root 11241100x8000000000000000346744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba62bbb9b6f71c9d2021-12-21 10:25:46.194root 11241100x8000000000000000346745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4505bb656f4d8b332021-12-21 10:25:46.194root 11241100x8000000000000000346746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ab164649953a1e2021-12-21 10:25:46.195root 11241100x8000000000000000346747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ccaa8dfc7ef2be2021-12-21 10:25:46.195root 11241100x8000000000000000346748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a057c03b68561052021-12-21 10:25:46.195root 11241100x8000000000000000346749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e255e4b03e8c762021-12-21 10:25:46.196root 11241100x8000000000000000346750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea5aa84e29ee6b32021-12-21 10:25:46.197root 11241100x8000000000000000346751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66f76ace62ba1372021-12-21 10:25:46.198root 11241100x8000000000000000346752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd5a3e83592d8062021-12-21 10:25:46.198root 11241100x8000000000000000346753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22d000d8538e7782021-12-21 10:25:46.198root 11241100x8000000000000000346754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af0c4f274364f5882021-12-21 10:25:46.198root 11241100x8000000000000000346755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65cefdad1a2ea5602021-12-21 10:25:46.199root 11241100x8000000000000000346756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a0f64eebc1de222021-12-21 10:25:46.199root 11241100x8000000000000000346757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a2af791c7561702021-12-21 10:25:46.199root 11241100x8000000000000000346758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7125e8bd55c3d52021-12-21 10:25:46.199root 11241100x8000000000000000346759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f077c2192f979822021-12-21 10:25:46.199root 11241100x8000000000000000346760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f473e463cc450cd22021-12-21 10:25:46.199root 11241100x8000000000000000346761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32197a069e5ef4c2021-12-21 10:25:46.199root 11241100x8000000000000000346762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33095a9795b9c592021-12-21 10:25:46.200root 11241100x8000000000000000346763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6fcfbc8bbca6ed2021-12-21 10:25:46.200root 11241100x8000000000000000346764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335d1734fdaacf0e2021-12-21 10:25:46.693root 11241100x8000000000000000346765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0b6607f327005a2021-12-21 10:25:46.693root 11241100x8000000000000000346766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6978f2cc426374512021-12-21 10:25:46.694root 11241100x8000000000000000346767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3378fcfa8fb7c32021-12-21 10:25:46.694root 11241100x8000000000000000346768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37dcd1d791ee64952021-12-21 10:25:46.694root 11241100x8000000000000000346769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22d9de63a67ace02021-12-21 10:25:46.694root 11241100x8000000000000000346770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6488ea1ba1420d432021-12-21 10:25:46.695root 11241100x8000000000000000346771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc368fd9374b1452021-12-21 10:25:46.695root 11241100x8000000000000000346772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da676aac029faa72021-12-21 10:25:46.696root 11241100x8000000000000000346773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77e7117df682a5d2021-12-21 10:25:46.696root 11241100x8000000000000000346774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5adac22bdd3914032021-12-21 10:25:46.696root 11241100x8000000000000000346775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d066868fb2ec63f22021-12-21 10:25:46.696root 11241100x8000000000000000346776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ce5d13c6ae0c322021-12-21 10:25:46.696root 11241100x8000000000000000346777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3ad44f2161628a2021-12-21 10:25:46.696root 11241100x8000000000000000346778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe6ec06436735882021-12-21 10:25:46.696root 11241100x8000000000000000346779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d6bcb112d49bba2021-12-21 10:25:46.696root 11241100x8000000000000000346780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47596ba9eb98f92f2021-12-21 10:25:46.696root 11241100x8000000000000000346781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc02ee3c3513de4c2021-12-21 10:25:46.697root 11241100x8000000000000000346782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb7de81add24cbf2021-12-21 10:25:46.697root 11241100x8000000000000000346783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbdccaf561fb5c7f2021-12-21 10:25:46.697root 11241100x8000000000000000346784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25fe251c56a8be52021-12-21 10:25:46.697root 11241100x8000000000000000346785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:46.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fd6bf7ed15eed22021-12-21 10:25:46.697root 11241100x8000000000000000346786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ac88b07ba8a5c92021-12-21 10:25:47.193root 11241100x8000000000000000346787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e4d6a387fe8e6b2021-12-21 10:25:47.194root 11241100x8000000000000000346788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f00cf9966f157fc2021-12-21 10:25:47.194root 11241100x8000000000000000346789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f887db32046cc0452021-12-21 10:25:47.194root 11241100x8000000000000000346790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d349821f151b765a2021-12-21 10:25:47.194root 11241100x8000000000000000346791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5280c6c701ab83682021-12-21 10:25:47.195root 11241100x8000000000000000346792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b3581542c16f722021-12-21 10:25:47.195root 11241100x8000000000000000346793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffbceb897b3b06fc2021-12-21 10:25:47.195root 11241100x8000000000000000346794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a4c6557453d6ea2021-12-21 10:25:47.195root 11241100x8000000000000000346795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aff691c694e3fcf2021-12-21 10:25:47.195root 11241100x8000000000000000346796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91731f0adb2d93582021-12-21 10:25:47.195root 11241100x8000000000000000346797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf2563f1f4d7d222021-12-21 10:25:47.195root 11241100x8000000000000000346798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477f0dee053e36292021-12-21 10:25:47.196root 11241100x8000000000000000346799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09423b4c2323dfd2021-12-21 10:25:47.196root 11241100x8000000000000000346800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1d2f70a42545652021-12-21 10:25:47.196root 11241100x8000000000000000346801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c367050d51de152021-12-21 10:25:47.196root 11241100x8000000000000000346802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c8d16515ea8d472021-12-21 10:25:47.196root 11241100x8000000000000000346803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22bb2c0c6c3cde6e2021-12-21 10:25:47.196root 11241100x8000000000000000346804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e6d7421cf6cb622021-12-21 10:25:47.196root 11241100x8000000000000000346805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d91c089f9d260822021-12-21 10:25:47.197root 11241100x8000000000000000346806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c13f3c87cb7fb4222021-12-21 10:25:47.197root 11241100x8000000000000000346807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add133b33494716b2021-12-21 10:25:47.197root 11241100x8000000000000000346808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56bad4853b30bac92021-12-21 10:25:47.693root 11241100x8000000000000000346809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb3291343fdf3fb2021-12-21 10:25:47.693root 11241100x8000000000000000346810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bed495bfef30e132021-12-21 10:25:47.694root 11241100x8000000000000000346811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e71fe89d14849d12021-12-21 10:25:47.694root 11241100x8000000000000000346812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d4576e750e36522021-12-21 10:25:47.694root 11241100x8000000000000000346813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c1df8e0d323ae12021-12-21 10:25:47.694root 11241100x8000000000000000346814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710f3c110a9ebcea2021-12-21 10:25:47.694root 11241100x8000000000000000346815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f9a9db81e558fb2021-12-21 10:25:47.695root 11241100x8000000000000000346816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93dd41e33da86d0f2021-12-21 10:25:47.695root 11241100x8000000000000000346817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.918755304a2eda802021-12-21 10:25:47.695root 11241100x8000000000000000346818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14286c3a7139cc4d2021-12-21 10:25:47.695root 11241100x8000000000000000346819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e1a523ad9cb1322021-12-21 10:25:47.695root 11241100x8000000000000000346820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e82131750194542021-12-21 10:25:47.696root 11241100x8000000000000000346821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557ce74f1e7e111b2021-12-21 10:25:47.696root 11241100x8000000000000000346822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce298ed3ce0c1182021-12-21 10:25:47.696root 11241100x8000000000000000346823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c398fefb7cdd152021-12-21 10:25:47.697root 11241100x8000000000000000346824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6729d23c2202dc432021-12-21 10:25:47.697root 11241100x8000000000000000346825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55fe0024b65ae4b52021-12-21 10:25:47.697root 11241100x8000000000000000346826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7b440d86ee68e32021-12-21 10:25:47.698root 11241100x8000000000000000346827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd13e6e4ce9bf6972021-12-21 10:25:47.698root 11241100x8000000000000000346828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b15b68fa6b11eb2021-12-21 10:25:47.699root 11241100x8000000000000000346829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4bb414ca1b211c72021-12-21 10:25:47.699root 11241100x8000000000000000346830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba289a03dd390ca2021-12-21 10:25:47.700root 11241100x8000000000000000346831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1e249fb63aa6142021-12-21 10:25:47.700root 11241100x8000000000000000346832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e6fac82efc428f12021-12-21 10:25:47.701root 11241100x8000000000000000346833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:47.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ddf47db01bfc5f2021-12-21 10:25:47.701root 11241100x8000000000000000346834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79f786aca415be12021-12-21 10:25:48.193root 11241100x8000000000000000346835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55397cde8b747292021-12-21 10:25:48.193root 11241100x8000000000000000346836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77a0412d57a14282021-12-21 10:25:48.193root 11241100x8000000000000000346837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ebaccdda170a8812021-12-21 10:25:48.193root 11241100x8000000000000000346838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0624aad1c0966d2021-12-21 10:25:48.194root 11241100x8000000000000000346839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd6661c450c0eff2021-12-21 10:25:48.194root 11241100x8000000000000000346840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0131dee8ccdd852021-12-21 10:25:48.194root 11241100x8000000000000000346841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e47670cdfea1922021-12-21 10:25:48.194root 11241100x8000000000000000346842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b673c4c82497aa2021-12-21 10:25:48.194root 11241100x8000000000000000346843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7053226245b5f9a2021-12-21 10:25:48.195root 11241100x8000000000000000346844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e94da9361277472021-12-21 10:25:48.195root 11241100x8000000000000000346845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d349692f89fecc2021-12-21 10:25:48.195root 11241100x8000000000000000346846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86a4b78bada66192021-12-21 10:25:48.195root 11241100x8000000000000000346847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230d51e0586c461e2021-12-21 10:25:48.195root 11241100x8000000000000000346848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c8ef0990da12102021-12-21 10:25:48.195root 11241100x8000000000000000346849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4b1ca97a2564422021-12-21 10:25:48.195root 11241100x8000000000000000346850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4a052b3bcf63882021-12-21 10:25:48.196root 11241100x8000000000000000346851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f39c41dc9369c42021-12-21 10:25:48.196root 11241100x8000000000000000346852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97e7fa28757e5312021-12-21 10:25:48.196root 11241100x8000000000000000346853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065631b8d8e957fc2021-12-21 10:25:48.196root 11241100x8000000000000000346854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60e9ca34f89e2992021-12-21 10:25:48.196root 11241100x8000000000000000346855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7afbf28ae9ca766d2021-12-21 10:25:48.196root 11241100x8000000000000000346856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea22df9e8aec8eb2021-12-21 10:25:48.693root 11241100x8000000000000000346857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ea7111e8133abb2021-12-21 10:25:48.693root 11241100x8000000000000000346858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d56893b1b62016d12021-12-21 10:25:48.693root 11241100x8000000000000000346859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278e4313eba736232021-12-21 10:25:48.693root 11241100x8000000000000000346860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a86c10503aeadfba2021-12-21 10:25:48.693root 11241100x8000000000000000346861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b63887d059d6d732021-12-21 10:25:48.694root 11241100x8000000000000000346862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed69c1a74759e9262021-12-21 10:25:48.694root 11241100x8000000000000000346863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da52cfbb047b72a92021-12-21 10:25:48.694root 11241100x8000000000000000346864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225c82d0b560bd042021-12-21 10:25:48.694root 11241100x8000000000000000346865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b81b61b3479666ee2021-12-21 10:25:48.694root 11241100x8000000000000000346866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc9ed0883efe8122021-12-21 10:25:48.694root 11241100x8000000000000000346867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92aca75de15e8a192021-12-21 10:25:48.694root 11241100x8000000000000000346868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54a78e428efacbd2021-12-21 10:25:48.694root 11241100x8000000000000000346869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185aebe0102e585e2021-12-21 10:25:48.695root 11241100x8000000000000000346870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ea96e3d3de82adf2021-12-21 10:25:48.695root 11241100x8000000000000000346871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568da5bf4b3b8e352021-12-21 10:25:48.695root 11241100x8000000000000000346872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1d9ec3caf1db262021-12-21 10:25:48.695root 11241100x8000000000000000346873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2231be0a5ce136f2021-12-21 10:25:48.695root 11241100x8000000000000000346874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01fcf306f8b25cf42021-12-21 10:25:48.695root 11241100x8000000000000000346875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e2bae12ffb8a5f2021-12-21 10:25:48.696root 11241100x8000000000000000346876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df9d7db6149918e2021-12-21 10:25:48.696root 11241100x8000000000000000346877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e107480154c3de12021-12-21 10:25:48.696root 11241100x8000000000000000346878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.060fa6d4e377c4cb2021-12-21 10:25:48.696root 11241100x8000000000000000346879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92eb347a782070212021-12-21 10:25:48.696root 11241100x8000000000000000346880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d26a40faffbcd72021-12-21 10:25:48.697root 11241100x8000000000000000346881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:48.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9f9b6de30578ff2021-12-21 10:25:48.697root 354300x8000000000000000346882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.191{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47086-false10.0.1.12-8000- 11241100x8000000000000000346883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bcad94d2e59b722021-12-21 10:25:49.192root 11241100x8000000000000000346884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f98ea613199c2132021-12-21 10:25:49.193root 11241100x8000000000000000346885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ffef8a231b323a2021-12-21 10:25:49.193root 11241100x8000000000000000346886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477247351412e5092021-12-21 10:25:49.193root 11241100x8000000000000000346887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e34c9dcbe56c3f462021-12-21 10:25:49.193root 11241100x8000000000000000346888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d07c9e2893da5a2021-12-21 10:25:49.193root 11241100x8000000000000000346889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103a7529ba8c11462021-12-21 10:25:49.193root 11241100x8000000000000000346890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2792da4bef6a077d2021-12-21 10:25:49.193root 11241100x8000000000000000346891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1be10787a4b9a32021-12-21 10:25:49.193root 11241100x8000000000000000346892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1299b891a11ab5572021-12-21 10:25:49.193root 11241100x8000000000000000346893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0225527d022c6c2021-12-21 10:25:49.194root 11241100x8000000000000000346894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331219829110697b2021-12-21 10:25:49.194root 11241100x8000000000000000346895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.791d56af0c4ef6102021-12-21 10:25:49.194root 11241100x8000000000000000346896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81841d09cffe70f2021-12-21 10:25:49.194root 11241100x8000000000000000346897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b6ad879fb9fe892021-12-21 10:25:49.194root 11241100x8000000000000000346898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a00022cf42248f52021-12-21 10:25:49.195root 11241100x8000000000000000346899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e441d3db38a0612021-12-21 10:25:49.195root 11241100x8000000000000000346900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e19fc20aece1ac2021-12-21 10:25:49.195root 11241100x8000000000000000346901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab280e083cadbda2021-12-21 10:25:49.195root 11241100x8000000000000000346902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8b18ca78096f26d2021-12-21 10:25:49.195root 11241100x8000000000000000346903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5902cb80886d1372021-12-21 10:25:49.195root 11241100x8000000000000000346904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58af6115ed8bcb9e2021-12-21 10:25:49.195root 11241100x8000000000000000346905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6301646c583365d2021-12-21 10:25:49.195root 11241100x8000000000000000346906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a0ba4b573ff69d2021-12-21 10:25:49.443root 11241100x8000000000000000346907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8cf853b3f9630442021-12-21 10:25:49.443root 11241100x8000000000000000346908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440d56f7cc15aa792021-12-21 10:25:49.443root 11241100x8000000000000000346909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523afe08460126f32021-12-21 10:25:49.443root 11241100x8000000000000000346910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c73a097113a2502021-12-21 10:25:49.443root 11241100x8000000000000000346911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0465e304a0e5a4f72021-12-21 10:25:49.444root 11241100x8000000000000000346912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b419fb6929c7caf2021-12-21 10:25:49.444root 11241100x8000000000000000346913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171ed1d1c23e7bba2021-12-21 10:25:49.444root 11241100x8000000000000000346914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.830dcc0ad00008852021-12-21 10:25:49.444root 11241100x8000000000000000346915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b38edc8d464f792021-12-21 10:25:49.444root 11241100x8000000000000000346916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1c6d4438e06a8c2021-12-21 10:25:49.444root 11241100x8000000000000000346917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a88cd8c157d5372021-12-21 10:25:49.444root 11241100x8000000000000000346918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7ab6bdd9e5cc862021-12-21 10:25:49.444root 11241100x8000000000000000346919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c9b4ee7161c89b2021-12-21 10:25:49.444root 11241100x8000000000000000346920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3cf90e95c262c52021-12-21 10:25:49.444root 11241100x8000000000000000346921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a209eaea98bb2b12021-12-21 10:25:49.444root 11241100x8000000000000000346922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b390d03c8e3e53f2021-12-21 10:25:49.444root 11241100x8000000000000000346923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b330019ea99fda2021-12-21 10:25:49.445root 11241100x8000000000000000346924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf9134fd2d432e32021-12-21 10:25:49.445root 11241100x8000000000000000346925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54a9c093208888452021-12-21 10:25:49.445root 11241100x8000000000000000346926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1f8e5be74bf5822021-12-21 10:25:49.445root 11241100x8000000000000000346927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e729c7c95219dc2021-12-21 10:25:49.445root 11241100x8000000000000000346928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e73c32528d40c72021-12-21 10:25:49.445root 11241100x8000000000000000346929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7772ea70de3f809b2021-12-21 10:25:49.943root 11241100x8000000000000000346930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bc2c0e7ff2e8a92021-12-21 10:25:49.943root 11241100x8000000000000000346931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a5528d5d04939d2021-12-21 10:25:49.943root 11241100x8000000000000000346932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb0964a90d759fa2021-12-21 10:25:49.943root 11241100x8000000000000000346933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7d7afb2f1b7e4b2021-12-21 10:25:49.944root 11241100x8000000000000000346934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979a93e830be4dcb2021-12-21 10:25:49.944root 11241100x8000000000000000346935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebef6306b33bf5672021-12-21 10:25:49.944root 11241100x8000000000000000346936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26053c03bf1f0ef22021-12-21 10:25:49.944root 11241100x8000000000000000346937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb0920e14e097442021-12-21 10:25:49.944root 11241100x8000000000000000346938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d8d91dd057c67412021-12-21 10:25:49.944root 11241100x8000000000000000346939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76951d1b72e252a92021-12-21 10:25:49.944root 11241100x8000000000000000346940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d684725a2957d462021-12-21 10:25:49.944root 11241100x8000000000000000346941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d3257b1278f2722021-12-21 10:25:49.944root 11241100x8000000000000000346942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af72a866d235cb032021-12-21 10:25:49.944root 11241100x8000000000000000346943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24af3db7703467032021-12-21 10:25:49.944root 11241100x8000000000000000346944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48417438325e6202021-12-21 10:25:49.944root 11241100x8000000000000000346945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61446d97ec3000282021-12-21 10:25:49.944root 11241100x8000000000000000346946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16fd0cc68741c6b62021-12-21 10:25:49.944root 11241100x8000000000000000346947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a762ac1983e792b2021-12-21 10:25:49.944root 11241100x8000000000000000346948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748ad6d2be7053ff2021-12-21 10:25:49.945root 11241100x8000000000000000346949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e25c088a23e6de62021-12-21 10:25:49.945root 11241100x8000000000000000346950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa40956d7c1ca4d2021-12-21 10:25:49.945root 11241100x8000000000000000346951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95d43b21275d6032021-12-21 10:25:49.945root 11241100x8000000000000000346952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78fc3ada1844f47c2021-12-21 10:25:50.443root 11241100x8000000000000000346953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4a1b3984bfccc02021-12-21 10:25:50.443root 11241100x8000000000000000346954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77f39e0ef8f1e6a2021-12-21 10:25:50.443root 11241100x8000000000000000346955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872ea520e90665df2021-12-21 10:25:50.443root 11241100x8000000000000000346956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c88e31f151e95472021-12-21 10:25:50.444root 11241100x8000000000000000346957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d0356f998c47382021-12-21 10:25:50.444root 11241100x8000000000000000346958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc3f82cee6d60882021-12-21 10:25:50.444root 11241100x8000000000000000346959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e82a5e310b6f822021-12-21 10:25:50.444root 11241100x8000000000000000346960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203be441d6be8f342021-12-21 10:25:50.445root 11241100x8000000000000000346961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016baa61f321315a2021-12-21 10:25:50.445root 11241100x8000000000000000346962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124db7d5e5d39d052021-12-21 10:25:50.445root 11241100x8000000000000000346963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d3cbb9028b92ff2021-12-21 10:25:50.445root 11241100x8000000000000000346964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e1bcf5ea29477472021-12-21 10:25:50.445root 11241100x8000000000000000346965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d2c33bcd02813b2021-12-21 10:25:50.445root 11241100x8000000000000000346966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bc1ac02121429f2021-12-21 10:25:50.446root 11241100x8000000000000000346967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bd40a77a24e03c2021-12-21 10:25:50.446root 11241100x8000000000000000346968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf69bf51046f761c2021-12-21 10:25:50.446root 11241100x8000000000000000346969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3db20f6968b9582021-12-21 10:25:50.446root 11241100x8000000000000000346970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3fae5d469376302021-12-21 10:25:50.447root 11241100x8000000000000000346971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01fabfd7b78eeb62021-12-21 10:25:50.447root 11241100x8000000000000000346972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6e8605371408192021-12-21 10:25:50.450root 11241100x8000000000000000346973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78846ea803b4ade82021-12-21 10:25:50.450root 11241100x8000000000000000346974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b790dedf6a1ba62021-12-21 10:25:50.450root 11241100x8000000000000000346975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869dac18ada115002021-12-21 10:25:50.943root 11241100x8000000000000000346976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac9a541e17e73ed42021-12-21 10:25:50.943root 11241100x8000000000000000346977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d492b6e4a30608a2021-12-21 10:25:50.943root 11241100x8000000000000000346978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19df540defbcbc762021-12-21 10:25:50.943root 11241100x8000000000000000346979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a7a96b4786cd1c12021-12-21 10:25:50.944root 11241100x8000000000000000346980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b6e574d99245f12021-12-21 10:25:50.944root 11241100x8000000000000000346981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db00d5fd67887742021-12-21 10:25:50.944root 11241100x8000000000000000346982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b671069d45e341e82021-12-21 10:25:50.944root 11241100x8000000000000000346983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4bbaf488bcf1fc2021-12-21 10:25:50.944root 11241100x8000000000000000346984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd680a9e0703b3d2021-12-21 10:25:50.945root 11241100x8000000000000000346985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfdfed966cf0090f2021-12-21 10:25:50.945root 11241100x8000000000000000346986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b392f9c8de3bb672021-12-21 10:25:50.945root 11241100x8000000000000000346987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7045b23721cf7ab2021-12-21 10:25:50.945root 11241100x8000000000000000346988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19986e03ca9d74072021-12-21 10:25:50.945root 11241100x8000000000000000346989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3bbdecf1e6e46072021-12-21 10:25:50.945root 11241100x8000000000000000346990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bb740c8e33b9c422021-12-21 10:25:50.945root 11241100x8000000000000000346991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e220c1a1929a9f2021-12-21 10:25:50.946root 11241100x8000000000000000346992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e53e53840eb4c22021-12-21 10:25:50.946root 11241100x8000000000000000346993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d7690fb6b27d5b2021-12-21 10:25:50.946root 11241100x8000000000000000346994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea93d99dfc2927812021-12-21 10:25:50.947root 11241100x8000000000000000346995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de19be961941117d2021-12-21 10:25:50.947root 11241100x8000000000000000346996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3373e12aa23b46912021-12-21 10:25:50.947root 11241100x8000000000000000346997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b16f0edf2efb792021-12-21 10:25:50.947root 11241100x8000000000000000346998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef540c50148bbd6b2021-12-21 10:25:51.443root 11241100x8000000000000000346999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3aafafeabd4dbaf2021-12-21 10:25:51.443root 11241100x8000000000000000347000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1122cbfa76bcb62021-12-21 10:25:51.443root 11241100x8000000000000000347001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f20221bd5e9b15f2021-12-21 10:25:51.443root 11241100x8000000000000000347002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f7dcfffc5618fd2021-12-21 10:25:51.444root 11241100x8000000000000000347003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1acb4fcc5eee722021-12-21 10:25:51.444root 11241100x8000000000000000347004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74fe5c9f3b2762372021-12-21 10:25:51.444root 11241100x8000000000000000347005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c4d4339ca6b4b62021-12-21 10:25:51.444root 11241100x8000000000000000347006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c94d2dd5d76760e2021-12-21 10:25:51.444root 11241100x8000000000000000347007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d946ab981d2a212021-12-21 10:25:51.444root 11241100x8000000000000000347008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1920030f122e545d2021-12-21 10:25:51.444root 11241100x8000000000000000347009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40c6a2018e724062021-12-21 10:25:51.444root 11241100x8000000000000000347010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47d55fe3785a1ef2021-12-21 10:25:51.444root 11241100x8000000000000000347011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651d137ac3e9fff22021-12-21 10:25:51.444root 11241100x8000000000000000347012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f817fbb031bf03fc2021-12-21 10:25:51.444root 11241100x8000000000000000347013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a5a6b264e5caec2021-12-21 10:25:51.444root 11241100x8000000000000000347014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10547af635715a92021-12-21 10:25:51.444root 11241100x8000000000000000347015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41fc93f3a5fd8ac62021-12-21 10:25:51.444root 11241100x8000000000000000347016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21366df8c5054eec2021-12-21 10:25:51.444root 11241100x8000000000000000347017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154666ae9da91a572021-12-21 10:25:51.445root 11241100x8000000000000000347018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed00faf3de8679402021-12-21 10:25:51.445root 11241100x8000000000000000347019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9010974ce9492d222021-12-21 10:25:51.445root 11241100x8000000000000000347020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4929395288a1a892021-12-21 10:25:51.445root 11241100x8000000000000000347021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbb64dc336672322021-12-21 10:25:51.943root 11241100x8000000000000000347022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20b9ac3e256b2b42021-12-21 10:25:51.943root 11241100x8000000000000000347023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e937a8b35f93b2c2021-12-21 10:25:51.943root 11241100x8000000000000000347024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.456a3b97b3d5691f2021-12-21 10:25:51.943root 11241100x8000000000000000347025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b86aa93f900bbc2021-12-21 10:25:51.944root 11241100x8000000000000000347026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55c40ccac3cf77b2021-12-21 10:25:51.944root 11241100x8000000000000000347027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3904e73449a07fdc2021-12-21 10:25:51.944root 11241100x8000000000000000347028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d5755f00e2343a2021-12-21 10:25:51.944root 11241100x8000000000000000347029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c086642884feacf92021-12-21 10:25:51.944root 11241100x8000000000000000347030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da9a01ca1aea8ff2021-12-21 10:25:51.945root 11241100x8000000000000000347031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c0620a8f364b372021-12-21 10:25:51.945root 11241100x8000000000000000347032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbf8a05fbee38752021-12-21 10:25:51.945root 11241100x8000000000000000347033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a8bb67ffb0f92e2021-12-21 10:25:51.945root 11241100x8000000000000000347034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ed720ee7fc9adf2021-12-21 10:25:51.945root 11241100x8000000000000000347035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de68931cefd0ae1b2021-12-21 10:25:51.945root 11241100x8000000000000000347036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d27fbc632da13b82021-12-21 10:25:51.946root 11241100x8000000000000000347037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02e894cdec3b0772021-12-21 10:25:51.946root 11241100x8000000000000000347038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23be72fe238d5a982021-12-21 10:25:51.946root 11241100x8000000000000000347039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06e3008b8e1564b2021-12-21 10:25:51.946root 11241100x8000000000000000347040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9448012b9889a4fe2021-12-21 10:25:51.946root 11241100x8000000000000000347041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e789767629beb1cb2021-12-21 10:25:51.946root 11241100x8000000000000000347042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd67e6298c18d602021-12-21 10:25:51.947root 11241100x8000000000000000347043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23be13f38581fd442021-12-21 10:25:51.947root 11241100x8000000000000000347044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4285a3573a7918fd2021-12-21 10:25:52.443root 11241100x8000000000000000347045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a35430f3e255fb2021-12-21 10:25:52.443root 11241100x8000000000000000347046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97748d1c1551e07d2021-12-21 10:25:52.444root 11241100x8000000000000000347047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30a42918a1e079a2021-12-21 10:25:52.444root 11241100x8000000000000000347048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f337bcab4b8f85462021-12-21 10:25:52.444root 11241100x8000000000000000347049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d700b87ae3e00b2021-12-21 10:25:52.444root 11241100x8000000000000000347050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12cb1838e9914d3c2021-12-21 10:25:52.444root 11241100x8000000000000000347051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bbdb5c947efe2e2021-12-21 10:25:52.444root 11241100x8000000000000000347052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd870a27f04e7f792021-12-21 10:25:52.445root 11241100x8000000000000000347053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d8968c2133cd302021-12-21 10:25:52.445root 11241100x8000000000000000347054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a469275c0f7a1a2021-12-21 10:25:52.445root 11241100x8000000000000000347055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ad48fb397e9d1f2021-12-21 10:25:52.445root 11241100x8000000000000000347056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805431a1946d999d2021-12-21 10:25:52.445root 11241100x8000000000000000347057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162053ad5c00c7482021-12-21 10:25:52.446root 11241100x8000000000000000347058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c93f26bc1c20932021-12-21 10:25:52.446root 11241100x8000000000000000347059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528ca639d046624b2021-12-21 10:25:52.446root 11241100x8000000000000000347060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34490f9594f54d532021-12-21 10:25:52.446root 11241100x8000000000000000347061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721de10d8bbfd51d2021-12-21 10:25:52.446root 11241100x8000000000000000347062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80220b1a6b335ab72021-12-21 10:25:52.446root 11241100x8000000000000000347063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8923f651c56d1a72021-12-21 10:25:52.446root 11241100x8000000000000000347064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1f035245db9f1a2021-12-21 10:25:52.446root 11241100x8000000000000000347065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4a015d2f26da582021-12-21 10:25:52.446root 11241100x8000000000000000347066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e801361d28ab58f82021-12-21 10:25:52.447root 11241100x8000000000000000347067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be12ec20757aaea2021-12-21 10:25:52.943root 11241100x8000000000000000347068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fdcc4bfc49cd18e2021-12-21 10:25:52.943root 11241100x8000000000000000347069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26feda3cd10ac7242021-12-21 10:25:52.943root 11241100x8000000000000000347070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b99f5927a4180e2021-12-21 10:25:52.943root 11241100x8000000000000000347071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9974f12225adb372021-12-21 10:25:52.944root 11241100x8000000000000000347072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362ead3319edc79c2021-12-21 10:25:52.944root 11241100x8000000000000000347073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8698b592d4b2c9242021-12-21 10:25:52.944root 11241100x8000000000000000347074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4995f9dddcf6a02021-12-21 10:25:52.944root 11241100x8000000000000000347075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c917b5b17e946be52021-12-21 10:25:52.944root 11241100x8000000000000000347076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c309bb1195a92b52021-12-21 10:25:52.945root 11241100x8000000000000000347077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdf410af7e9cbf32021-12-21 10:25:52.945root 11241100x8000000000000000347078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8655a299729df0b2021-12-21 10:25:52.946root 11241100x8000000000000000347079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c972a301dd23852021-12-21 10:25:52.946root 11241100x8000000000000000347080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6f0fe60a446c632021-12-21 10:25:52.946root 11241100x8000000000000000347081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655b1970ea9e0cfe2021-12-21 10:25:52.947root 11241100x8000000000000000347082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31e149f9966d01cc2021-12-21 10:25:52.947root 11241100x8000000000000000347083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2fd488452f7e532021-12-21 10:25:52.947root 11241100x8000000000000000347084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6890bb457ac9cef2021-12-21 10:25:52.947root 11241100x8000000000000000347085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d98f6079659e1232021-12-21 10:25:52.947root 11241100x8000000000000000347086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476411921e9958f92021-12-21 10:25:52.947root 11241100x8000000000000000347087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cfb1f6e1160f2b42021-12-21 10:25:52.947root 11241100x8000000000000000347088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605fe9f2348644d72021-12-21 10:25:52.947root 11241100x8000000000000000347089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588d1fae907fac952021-12-21 10:25:52.948root 11241100x8000000000000000347090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8d6216ef79b7b82021-12-21 10:25:52.948root 11241100x8000000000000000347091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f7881c292537f82021-12-21 10:25:52.948root 11241100x8000000000000000347092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6639dc69c763026a2021-12-21 10:25:52.948root 11241100x8000000000000000347093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16c5c43028361822021-12-21 10:25:52.948root 11241100x8000000000000000347094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f606007138df42932021-12-21 10:25:52.948root 11241100x8000000000000000347095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96c20a3c65c10d92021-12-21 10:25:53.443root 11241100x8000000000000000347096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cc886936f368f072021-12-21 10:25:53.443root 11241100x8000000000000000347097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c687aa9c76d41d32021-12-21 10:25:53.443root 11241100x8000000000000000347098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b031e12ef950a432021-12-21 10:25:53.443root 11241100x8000000000000000347099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.268d610f00ccb5372021-12-21 10:25:53.443root 11241100x8000000000000000347100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786c6e9804d8dcb52021-12-21 10:25:53.444root 11241100x8000000000000000347101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3795fde8bec963ed2021-12-21 10:25:53.444root 11241100x8000000000000000347102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc44e046057a81eb2021-12-21 10:25:53.444root 11241100x8000000000000000347103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63699cc0a11143b2021-12-21 10:25:53.444root 11241100x8000000000000000347104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50cab4ee45237ec12021-12-21 10:25:53.444root 11241100x8000000000000000347105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c43e9ee3cd840d2021-12-21 10:25:53.444root 11241100x8000000000000000347106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a9788751269b472021-12-21 10:25:53.444root 11241100x8000000000000000347107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb3fc5a92a7fd192021-12-21 10:25:53.445root 11241100x8000000000000000347108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bc0c9aaf21f7b92021-12-21 10:25:53.445root 11241100x8000000000000000347109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017aefa66e27432b2021-12-21 10:25:53.445root 11241100x8000000000000000347110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe54d851d6c87cb92021-12-21 10:25:53.445root 11241100x8000000000000000347111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19af592295752922021-12-21 10:25:53.446root 11241100x8000000000000000347112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ff703154718cbe2021-12-21 10:25:53.446root 11241100x8000000000000000347113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a36b35a456f71e02021-12-21 10:25:53.446root 11241100x8000000000000000347114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a3cf12dd96fe372021-12-21 10:25:53.446root 11241100x8000000000000000347115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342a818e6949b0b42021-12-21 10:25:53.446root 11241100x8000000000000000347116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.426e2b4f2ca693892021-12-21 10:25:53.446root 11241100x8000000000000000347117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4a9f1a2adceb702021-12-21 10:25:53.446root 11241100x8000000000000000347118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a05aed967bb7e822021-12-21 10:25:53.943root 11241100x8000000000000000347119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f26c76f5a26f5062021-12-21 10:25:53.943root 11241100x8000000000000000347120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d101709c9d8b26072021-12-21 10:25:53.943root 11241100x8000000000000000347121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b174bc8e6e4bb01b2021-12-21 10:25:53.943root 11241100x8000000000000000347122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd5b70f8de8c0edd2021-12-21 10:25:53.944root 11241100x8000000000000000347123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff6e0419d9112eb2021-12-21 10:25:53.944root 11241100x8000000000000000347124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270560b2a10663a32021-12-21 10:25:53.944root 11241100x8000000000000000347125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4990a46bd1b5f06a2021-12-21 10:25:53.944root 11241100x8000000000000000347126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e035530e7bcaf13d2021-12-21 10:25:53.944root 11241100x8000000000000000347127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28377d2353cddc5c2021-12-21 10:25:53.944root 11241100x8000000000000000347128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56183afe39719a692021-12-21 10:25:53.944root 11241100x8000000000000000347129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a3b765ef349ab02021-12-21 10:25:53.944root 11241100x8000000000000000347130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb32633c82b21bbb2021-12-21 10:25:53.944root 11241100x8000000000000000347131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed426b89486c7772021-12-21 10:25:53.944root 11241100x8000000000000000347132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235d1f81abdec7d22021-12-21 10:25:53.945root 11241100x8000000000000000347133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1a2ac0ebb7e1bb2021-12-21 10:25:53.945root 11241100x8000000000000000347134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394300aa6ed09c162021-12-21 10:25:53.945root 11241100x8000000000000000347135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c3b43ecca3652a2021-12-21 10:25:53.945root 11241100x8000000000000000347136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583c19b2cc8203f82021-12-21 10:25:53.945root 11241100x8000000000000000347137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d8afcdc625bb512021-12-21 10:25:53.945root 11241100x8000000000000000347138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ececa0586aa1d0352021-12-21 10:25:53.945root 11241100x8000000000000000347139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05941a3f7c77076b2021-12-21 10:25:53.945root 11241100x8000000000000000347140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdde77d257a598d82021-12-21 10:25:53.946root 11241100x8000000000000000347141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a816b476c90632e2021-12-21 10:25:54.443root 11241100x8000000000000000347142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abf5c7a9779b8902021-12-21 10:25:54.443root 11241100x8000000000000000347143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0edaf8e432edf6fb2021-12-21 10:25:54.443root 11241100x8000000000000000347144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c7b16cf63985122021-12-21 10:25:54.443root 11241100x8000000000000000347145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a9095a41f5360f2021-12-21 10:25:54.443root 11241100x8000000000000000347146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecd36381d8faf0f2021-12-21 10:25:54.444root 11241100x8000000000000000347147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de02324fa3c3a31b2021-12-21 10:25:54.444root 11241100x8000000000000000347148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b65077f6f5ebd32021-12-21 10:25:54.444root 11241100x8000000000000000347149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266cf54b70569f5a2021-12-21 10:25:54.444root 11241100x8000000000000000347150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141edc6fafa690022021-12-21 10:25:54.444root 11241100x8000000000000000347151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b251fe3be503822021-12-21 10:25:54.444root 11241100x8000000000000000347152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b404f49c7f0f2e832021-12-21 10:25:54.444root 11241100x8000000000000000347153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7feb1c6dcf7405a32021-12-21 10:25:54.444root 11241100x8000000000000000347154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b554001106205d2021-12-21 10:25:54.444root 11241100x8000000000000000347155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0932571fabcec8bd2021-12-21 10:25:54.444root 11241100x8000000000000000347156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bf513a8f5a45d022021-12-21 10:25:54.444root 11241100x8000000000000000347157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4d0aba6283a8442021-12-21 10:25:54.444root 11241100x8000000000000000347158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.458d8f43b13832762021-12-21 10:25:54.445root 11241100x8000000000000000347159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548b7881b8f06a892021-12-21 10:25:54.445root 11241100x8000000000000000347160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418dfb715562b61c2021-12-21 10:25:54.445root 11241100x8000000000000000347161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e9787c1ffe08752021-12-21 10:25:54.445root 11241100x8000000000000000347162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4b86f0ba2d21402021-12-21 10:25:54.445root 11241100x8000000000000000347163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1954b075d7dcad2021-12-21 10:25:54.445root 11241100x8000000000000000347164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18999cdf49f7bb42021-12-21 10:25:54.445root 11241100x8000000000000000347165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e00def1739a4d5b2021-12-21 10:25:54.445root 11241100x8000000000000000347166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989492ce66a62da52021-12-21 10:25:54.445root 11241100x8000000000000000347167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0ec234da100d282021-12-21 10:25:54.445root 11241100x8000000000000000347168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1baa487b6dd66d2021-12-21 10:25:54.943root 11241100x8000000000000000347169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfd73fb50005e3542021-12-21 10:25:54.943root 11241100x8000000000000000347170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20aa8cb36ce0b8652021-12-21 10:25:54.943root 11241100x8000000000000000347171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e80bf128853d0fe52021-12-21 10:25:54.943root 11241100x8000000000000000347172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54c830225213a012021-12-21 10:25:54.943root 11241100x8000000000000000347173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae792f2992aa78772021-12-21 10:25:54.943root 11241100x8000000000000000347174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149498b6e02735d92021-12-21 10:25:54.943root 11241100x8000000000000000347175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6292d6a76d78b4982021-12-21 10:25:54.944root 11241100x8000000000000000347176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff19bb4d8e187472021-12-21 10:25:54.944root 11241100x8000000000000000347177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf39d6c19a22a522021-12-21 10:25:54.944root 11241100x8000000000000000347178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ebc2ba2f7ef28a2021-12-21 10:25:54.944root 11241100x8000000000000000347179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea33d599eb8f7ccf2021-12-21 10:25:54.944root 11241100x8000000000000000347180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093d7f5014b1c2152021-12-21 10:25:54.944root 11241100x8000000000000000347181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caad6e6eef6b1b9c2021-12-21 10:25:54.944root 11241100x8000000000000000347182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806cfe8ce134a7192021-12-21 10:25:54.945root 11241100x8000000000000000347183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f66cf9f33401e012021-12-21 10:25:54.945root 11241100x8000000000000000347184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f51336ad58fa2e02021-12-21 10:25:54.945root 11241100x8000000000000000347185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b501cb7b72c22a062021-12-21 10:25:54.945root 11241100x8000000000000000347186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01846073f06cb472021-12-21 10:25:54.945root 11241100x8000000000000000347187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da924b12a17c5822021-12-21 10:25:54.945root 11241100x8000000000000000347188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ea1516c9c8767e2021-12-21 10:25:54.946root 11241100x8000000000000000347189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87c8ed626dc921a2021-12-21 10:25:54.946root 11241100x8000000000000000347190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a6dc1b65631e812021-12-21 10:25:54.946root 11241100x8000000000000000347191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c8876f0ee7e8c52021-12-21 10:25:54.946root 11241100x8000000000000000347192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0e7c0953774f9a2021-12-21 10:25:54.946root 11241100x8000000000000000347193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.780f2a23b8a8d0fa2021-12-21 10:25:54.946root 354300x8000000000000000347194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.053{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47088-false10.0.1.12-8000- 11241100x8000000000000000347195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a2e740700eda442021-12-21 10:25:55.443root 11241100x8000000000000000347196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8e1a4bdc4c9a872021-12-21 10:25:55.444root 11241100x8000000000000000347197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59bdf47761003fa2021-12-21 10:25:55.444root 11241100x8000000000000000347198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e767b9a898cf0e122021-12-21 10:25:55.444root 11241100x8000000000000000347199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380daa617d1ee4a22021-12-21 10:25:55.444root 11241100x8000000000000000347200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e180cdaf14e917c72021-12-21 10:25:55.444root 11241100x8000000000000000347201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ecc1517e538b9c2021-12-21 10:25:55.445root 11241100x8000000000000000347202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b0585a5391942432021-12-21 10:25:55.445root 11241100x8000000000000000347203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.084a3241f5f071972021-12-21 10:25:55.445root 11241100x8000000000000000347204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1edc7e9e8dd6702021-12-21 10:25:55.445root 11241100x8000000000000000347205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8df9b890f985cd2021-12-21 10:25:55.445root 11241100x8000000000000000347206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3cbaedfd173bc72021-12-21 10:25:55.445root 11241100x8000000000000000347207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64f62a2d51ecaff2021-12-21 10:25:55.445root 11241100x8000000000000000347208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbec6d0d1a01457f2021-12-21 10:25:55.445root 11241100x8000000000000000347209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c45510c1c6cbea2021-12-21 10:25:55.446root 11241100x8000000000000000347210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351fbebbe2742bde2021-12-21 10:25:55.446root 11241100x8000000000000000347211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70e4cec3e02383a2021-12-21 10:25:55.446root 11241100x8000000000000000347212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b70f66ab8d7da02021-12-21 10:25:55.446root 11241100x8000000000000000347213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc12b4f8854213142021-12-21 10:25:55.446root 11241100x8000000000000000347214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3545413051e20ce12021-12-21 10:25:55.446root 11241100x8000000000000000347215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48c0bbd091fe56f2021-12-21 10:25:55.447root 11241100x8000000000000000347216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d58fd85e4ae1942021-12-21 10:25:55.447root 11241100x8000000000000000347217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57dc44194970a052021-12-21 10:25:55.447root 11241100x8000000000000000347218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7582f3b5e0521c762021-12-21 10:25:55.447root 11241100x8000000000000000347219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eef7ea3e6093cc82021-12-21 10:25:55.943root 11241100x8000000000000000347220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7904d74fe14d5c962021-12-21 10:25:55.943root 11241100x8000000000000000347221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a18488944664ab92021-12-21 10:25:55.943root 11241100x8000000000000000347222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108f8bf5673112602021-12-21 10:25:55.944root 11241100x8000000000000000347223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf1f1fa468e04ae2021-12-21 10:25:55.944root 11241100x8000000000000000347224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25587c8873687d032021-12-21 10:25:55.944root 11241100x8000000000000000347225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af92809306617fd72021-12-21 10:25:55.944root 11241100x8000000000000000347226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9be638e77999c492021-12-21 10:25:55.944root 11241100x8000000000000000347227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181a14fc9345c1c22021-12-21 10:25:55.944root 11241100x8000000000000000347228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d16ed3577a97c12021-12-21 10:25:55.944root 11241100x8000000000000000347229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1893b3c8e46f0ead2021-12-21 10:25:55.944root 11241100x8000000000000000347230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0c0160284136e92021-12-21 10:25:55.944root 11241100x8000000000000000347231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93d6ff39d2de8c862021-12-21 10:25:55.944root 11241100x8000000000000000347232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16fa5225605954bd2021-12-21 10:25:55.944root 11241100x8000000000000000347233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4cbef9f68cf093a2021-12-21 10:25:55.945root 11241100x8000000000000000347234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b10c29c8b937b32021-12-21 10:25:55.945root 11241100x8000000000000000347235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6fe7bc5f4d299c22021-12-21 10:25:55.945root 11241100x8000000000000000347236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03b1b450cac39142021-12-21 10:25:55.945root 11241100x8000000000000000347237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f11590db25f4b962021-12-21 10:25:55.945root 11241100x8000000000000000347238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed313816db4120082021-12-21 10:25:55.945root 11241100x8000000000000000347239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fefad841640bb0a2021-12-21 10:25:55.945root 11241100x8000000000000000347240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ecbfb74951f2f9c2021-12-21 10:25:55.945root 11241100x8000000000000000347241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869e42830af586332021-12-21 10:25:55.945root 11241100x8000000000000000347242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b597371ea26acb82021-12-21 10:25:55.946root 11241100x8000000000000000347243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a8bd07935a02052021-12-21 10:25:56.443root 11241100x8000000000000000347244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a8a27ea9f3b3d22021-12-21 10:25:56.443root 11241100x8000000000000000347245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce294d68eb908072021-12-21 10:25:56.443root 11241100x8000000000000000347246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57d1b8ee4fbe9b72021-12-21 10:25:56.444root 11241100x8000000000000000347247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c1b8bc9f3cae4a2021-12-21 10:25:56.444root 11241100x8000000000000000347248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9375f16be95a7a22021-12-21 10:25:56.445root 11241100x8000000000000000347249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9068dff38980a49b2021-12-21 10:25:56.445root 11241100x8000000000000000347250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a1cd77d794f07c2021-12-21 10:25:56.445root 11241100x8000000000000000347251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c42b40a9812b342021-12-21 10:25:56.445root 11241100x8000000000000000347252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce25a957593e0d5c2021-12-21 10:25:56.445root 11241100x8000000000000000347253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549c4ce4eca0a8fb2021-12-21 10:25:56.446root 11241100x8000000000000000347254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42fbf80cc802231d2021-12-21 10:25:56.446root 11241100x8000000000000000347255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04e90c223b02ad02021-12-21 10:25:56.446root 11241100x8000000000000000347256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe575131383d15a2021-12-21 10:25:56.446root 11241100x8000000000000000347257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4250ead80a371362021-12-21 10:25:56.446root 11241100x8000000000000000347258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08254ceb73b80a152021-12-21 10:25:56.447root 11241100x8000000000000000347259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c8b8d1500adf622021-12-21 10:25:56.447root 11241100x8000000000000000347260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caafcb17f015c2322021-12-21 10:25:56.448root 11241100x8000000000000000347261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1352f178d3c56c2021-12-21 10:25:56.448root 11241100x8000000000000000347262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1572c2799235aae32021-12-21 10:25:56.448root 11241100x8000000000000000347263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87eeab75559b05a2021-12-21 10:25:56.449root 11241100x8000000000000000347264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8242566f6661eb232021-12-21 10:25:56.449root 11241100x8000000000000000347265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e6ca857dbda8962021-12-21 10:25:56.449root 11241100x8000000000000000347266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e72d55d232b3f72021-12-21 10:25:56.450root 11241100x8000000000000000347267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0840124a5ce934ea2021-12-21 10:25:56.450root 11241100x8000000000000000347268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b41ad2076d51b52021-12-21 10:25:56.943root 11241100x8000000000000000347269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bdf5340f0eeee512021-12-21 10:25:56.943root 11241100x8000000000000000347270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d246a5bf84e1b8d22021-12-21 10:25:56.943root 11241100x8000000000000000347271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15823d92289f9ac2021-12-21 10:25:56.943root 11241100x8000000000000000347272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fea87268e8a79042021-12-21 10:25:56.943root 11241100x8000000000000000347273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20ac649b0bceea82021-12-21 10:25:56.943root 11241100x8000000000000000347274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e4a9e679a067e12021-12-21 10:25:56.943root 11241100x8000000000000000347275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60d4b325646b7d12021-12-21 10:25:56.943root 11241100x8000000000000000347276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f074f6cba7ec2332021-12-21 10:25:56.943root 11241100x8000000000000000347277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1fd551fec2af592021-12-21 10:25:56.943root 11241100x8000000000000000347278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1a58410b857b0d2021-12-21 10:25:56.943root 11241100x8000000000000000347279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73e4a9b2803433d2021-12-21 10:25:56.944root 11241100x8000000000000000347280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5908b5a4351b5ebb2021-12-21 10:25:56.944root 11241100x8000000000000000347281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90a6027b863efd472021-12-21 10:25:56.944root 11241100x8000000000000000347282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8443f300e0a16832021-12-21 10:25:56.944root 11241100x8000000000000000347283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e7fce5938c6caa2021-12-21 10:25:56.944root 11241100x8000000000000000347284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b68c8a7777154b2021-12-21 10:25:56.944root 11241100x8000000000000000347285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7ab1b8520b752d2021-12-21 10:25:56.945root 11241100x8000000000000000347286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377ac5bad638f7d92021-12-21 10:25:56.945root 11241100x8000000000000000347287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19a33861fd66ac52021-12-21 10:25:56.945root 11241100x8000000000000000347288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27705a541806f70f2021-12-21 10:25:56.945root 11241100x8000000000000000347289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3496a9587c0f8cca2021-12-21 10:25:56.945root 11241100x8000000000000000347290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da56cc126ea98832021-12-21 10:25:56.945root 11241100x8000000000000000347291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f19991942bf82f2021-12-21 10:25:56.945root 11241100x8000000000000000347292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdfe7a4e093e3b492021-12-21 10:25:56.945root 11241100x8000000000000000347293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06b91a911e8505a2021-12-21 10:25:56.945root 11241100x8000000000000000347294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef4b9d3511a50472021-12-21 10:25:56.946root 11241100x8000000000000000347295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8b0486c49f70a92021-12-21 10:25:56.946root 11241100x8000000000000000347296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59073dd9d41672382021-12-21 10:25:56.946root 11241100x8000000000000000347297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ed1d400480926e2021-12-21 10:25:56.946root 11241100x8000000000000000347298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:56.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5564e6e9c71b3a582021-12-21 10:25:56.947root 11241100x8000000000000000347299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db8803e9eafa7452021-12-21 10:25:57.443root 11241100x8000000000000000347300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098b0f9fbf5b06ee2021-12-21 10:25:57.443root 11241100x8000000000000000347301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.809b5fd10fea115e2021-12-21 10:25:57.443root 11241100x8000000000000000347302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca698774c628cb52021-12-21 10:25:57.443root 11241100x8000000000000000347303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2463d4a159d460e92021-12-21 10:25:57.443root 11241100x8000000000000000347304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105449f23f509a8b2021-12-21 10:25:57.443root 11241100x8000000000000000347305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68543d81d783b9832021-12-21 10:25:57.443root 11241100x8000000000000000347306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2621351495e2a002021-12-21 10:25:57.443root 11241100x8000000000000000347307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c70f20546ae3622021-12-21 10:25:57.443root 11241100x8000000000000000347308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa4faca0d5e25fb2021-12-21 10:25:57.444root 11241100x8000000000000000347309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc8208a9ebbc1ab2021-12-21 10:25:57.444root 11241100x8000000000000000347310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d550aa63e7f8d42021-12-21 10:25:57.444root 11241100x8000000000000000347311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161c4534b661ee552021-12-21 10:25:57.444root 11241100x8000000000000000347312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176d858f4b52a1be2021-12-21 10:25:57.444root 11241100x8000000000000000347313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec49b1652d3d7162021-12-21 10:25:57.444root 11241100x8000000000000000347314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14444ed2e60cfc782021-12-21 10:25:57.444root 11241100x8000000000000000347315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2eb755c4f244ba2021-12-21 10:25:57.444root 11241100x8000000000000000347316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e972aa76abe65d2021-12-21 10:25:57.444root 11241100x8000000000000000347317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e907601a075a7092021-12-21 10:25:57.444root 11241100x8000000000000000347318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7737a82b33cd02bf2021-12-21 10:25:57.445root 11241100x8000000000000000347319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b49e3e5df4fd3d72021-12-21 10:25:57.445root 11241100x8000000000000000347320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b0849eb6aff7942021-12-21 10:25:57.445root 11241100x8000000000000000347321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e0da1a14dbd9662021-12-21 10:25:57.445root 11241100x8000000000000000347322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f106b26b99aef0092021-12-21 10:25:57.445root 11241100x8000000000000000347323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46f04766297d04d2021-12-21 10:25:57.445root 11241100x8000000000000000347324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c195eeab829b112021-12-21 10:25:57.445root 11241100x8000000000000000347325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d617e8da96e282e92021-12-21 10:25:57.445root 11241100x8000000000000000347326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b4fe74b00981802021-12-21 10:25:57.445root 11241100x8000000000000000347327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915b8f51aff21c9f2021-12-21 10:25:57.445root 11241100x8000000000000000347328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69112a1b6cf879b12021-12-21 10:25:57.445root 11241100x8000000000000000347329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d407f2958bb9d832021-12-21 10:25:57.446root 11241100x8000000000000000347330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0858ba4f3188eb222021-12-21 10:25:57.446root 11241100x8000000000000000347331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf62bae4a780f3a2021-12-21 10:25:57.446root 11241100x8000000000000000347332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5076b334cc410b312021-12-21 10:25:57.446root 11241100x8000000000000000347333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9ef51cd029f2232021-12-21 10:25:57.446root 11241100x8000000000000000347334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5cac8bbb9b93fc2021-12-21 10:25:57.446root 11241100x8000000000000000347335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02675a7827dcc81c2021-12-21 10:25:57.446root 11241100x8000000000000000347336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9868dec489f096b62021-12-21 10:25:57.446root 11241100x8000000000000000347337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d2bd93622dbed82021-12-21 10:25:57.447root 11241100x8000000000000000347338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86da7158d5fbe4792021-12-21 10:25:57.447root 11241100x8000000000000000347339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac396990003ec4362021-12-21 10:25:57.448root 11241100x8000000000000000347340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368db9b65ce90a7a2021-12-21 10:25:57.448root 11241100x8000000000000000347341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e993de0e6eeb192021-12-21 10:25:57.448root 11241100x8000000000000000347342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd828fcc17d23672021-12-21 10:25:57.943root 11241100x8000000000000000347343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc439f7036b34a512021-12-21 10:25:57.943root 11241100x8000000000000000347344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf27a12d0e170fff2021-12-21 10:25:57.943root 11241100x8000000000000000347345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a0b189cf9692c72021-12-21 10:25:57.943root 11241100x8000000000000000347346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf77418a21def032021-12-21 10:25:57.943root 11241100x8000000000000000347347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcdb81a2798ee5c62021-12-21 10:25:57.943root 11241100x8000000000000000347348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8926f7b7686c9a2021-12-21 10:25:57.943root 11241100x8000000000000000347349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1acf1ef18c5514c72021-12-21 10:25:57.943root 11241100x8000000000000000347350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e51c1d510c5f3b2021-12-21 10:25:57.944root 11241100x8000000000000000347351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb4950443aae4102021-12-21 10:25:57.944root 11241100x8000000000000000347352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c724ca061f988e2021-12-21 10:25:57.944root 11241100x8000000000000000347353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b90d7276ee80f52021-12-21 10:25:57.944root 11241100x8000000000000000347354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4609ed861803fc862021-12-21 10:25:57.944root 11241100x8000000000000000347355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7690d2a929c835b82021-12-21 10:25:57.944root 11241100x8000000000000000347356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4bfb0c78d847a842021-12-21 10:25:57.944root 11241100x8000000000000000347357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfb7fe383ca21e92021-12-21 10:25:57.944root 11241100x8000000000000000347358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb97c896775ae24b2021-12-21 10:25:57.945root 11241100x8000000000000000347359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3ec2866ab2ce9b2021-12-21 10:25:57.945root 11241100x8000000000000000347360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201ff9e61c17b71e2021-12-21 10:25:57.945root 11241100x8000000000000000347361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.effce891d64e55e12021-12-21 10:25:57.945root 11241100x8000000000000000347362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7f3fec1deb0e892021-12-21 10:25:57.946root 11241100x8000000000000000347363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f66273a54208f42021-12-21 10:25:57.946root 11241100x8000000000000000347364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258b5d44d5dd09f02021-12-21 10:25:57.946root 11241100x8000000000000000347365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6ddf402380e8fa2021-12-21 10:25:57.946root 11241100x8000000000000000347366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd676abe11404eb2021-12-21 10:25:57.946root 11241100x8000000000000000347367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4a47b9931a50d02021-12-21 10:25:58.443root 11241100x8000000000000000347368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adf88412147cf4a12021-12-21 10:25:58.443root 11241100x8000000000000000347369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10d21f6b7c83d4702021-12-21 10:25:58.443root 11241100x8000000000000000347370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b063f735904bbb252021-12-21 10:25:58.443root 11241100x8000000000000000347371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281dea1219a122362021-12-21 10:25:58.443root 11241100x8000000000000000347372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431d45240bb3315b2021-12-21 10:25:58.444root 11241100x8000000000000000347373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488f271b211e65992021-12-21 10:25:58.444root 11241100x8000000000000000347374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bcb6c9bbb9973e22021-12-21 10:25:58.444root 11241100x8000000000000000347375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86468d710cef84f2021-12-21 10:25:58.444root 11241100x8000000000000000347376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4173022aab481e62021-12-21 10:25:58.444root 11241100x8000000000000000347377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463b58afdde995402021-12-21 10:25:58.444root 11241100x8000000000000000347378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00223f296c3aa9e2021-12-21 10:25:58.444root 11241100x8000000000000000347379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f782dbaacd2df082021-12-21 10:25:58.444root 11241100x8000000000000000347380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73feb28ee45971fa2021-12-21 10:25:58.444root 11241100x8000000000000000347381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4a1624ffd719822021-12-21 10:25:58.445root 11241100x8000000000000000347382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5902eb6839d9a0c2021-12-21 10:25:58.445root 11241100x8000000000000000347383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a90c04204fc7ba2021-12-21 10:25:58.445root 11241100x8000000000000000347384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e68eaf4b7d50af82021-12-21 10:25:58.445root 11241100x8000000000000000347385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a331b68e7b1ee552021-12-21 10:25:58.445root 11241100x8000000000000000347386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3ab420b25a7b622021-12-21 10:25:58.445root 11241100x8000000000000000347387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca98c3407ff692ef2021-12-21 10:25:58.445root 11241100x8000000000000000347388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bb322be4fb2e082021-12-21 10:25:58.445root 11241100x8000000000000000347389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331b06e441b8c3d62021-12-21 10:25:58.446root 11241100x8000000000000000347390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0827441c5bacf22021-12-21 10:25:58.446root 11241100x8000000000000000347391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f750b6f00e0bfed22021-12-21 10:25:58.446root 11241100x8000000000000000347392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7187e7ec23dd8662021-12-21 10:25:58.944root 11241100x8000000000000000347393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb0132178989f982021-12-21 10:25:58.944root 11241100x8000000000000000347394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acfc75042497be772021-12-21 10:25:58.944root 11241100x8000000000000000347395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9286df721d1b572021-12-21 10:25:58.944root 11241100x8000000000000000347396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865755c3ad5cfd7d2021-12-21 10:25:58.944root 11241100x8000000000000000347397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9696b568b1efe832021-12-21 10:25:58.944root 11241100x8000000000000000347398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c17b38c375001d2021-12-21 10:25:58.944root 11241100x8000000000000000347399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfde5beeb3030c2e2021-12-21 10:25:58.944root 11241100x8000000000000000347400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b2aa2c960bbc652021-12-21 10:25:58.944root 11241100x8000000000000000347401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c008191bd20688d2021-12-21 10:25:58.944root 11241100x8000000000000000347402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493eade39806abd92021-12-21 10:25:58.944root 11241100x8000000000000000347403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e00b25a61bd19372021-12-21 10:25:58.944root 11241100x8000000000000000347404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d9f77ba3e02e0e2021-12-21 10:25:58.944root 11241100x8000000000000000347405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3699e0436e34b4022021-12-21 10:25:58.944root 11241100x8000000000000000347406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c5ddaa5fa09f8932021-12-21 10:25:58.945root 11241100x8000000000000000347407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498764a04a7da94e2021-12-21 10:25:58.945root 11241100x8000000000000000347408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee6ed1ae3cb20562021-12-21 10:25:58.945root 11241100x8000000000000000347409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c614253c9441f8d2021-12-21 10:25:58.945root 11241100x8000000000000000347410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f0ffabecc017342021-12-21 10:25:58.945root 11241100x8000000000000000347411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eff1c0b0377e8652021-12-21 10:25:58.945root 11241100x8000000000000000347412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0407033b99599012021-12-21 10:25:58.945root 11241100x8000000000000000347413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c57222c6c59c372021-12-21 10:25:58.945root 11241100x8000000000000000347414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deade35fcf14cc392021-12-21 10:25:58.945root 11241100x8000000000000000347415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0975230bc3d6b17b2021-12-21 10:25:58.945root 11241100x8000000000000000347416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2ca119bda747032021-12-21 10:25:58.945root 11241100x8000000000000000347417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b033ffc2c365b22021-12-21 10:25:58.945root 11241100x8000000000000000347418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36c6912b4f91e652021-12-21 10:25:58.945root 11241100x8000000000000000347419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c808d913bccecb62021-12-21 10:25:58.945root 11241100x8000000000000000347420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8b83913893646e2021-12-21 10:25:58.945root 11241100x8000000000000000347421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad40b4e741772e962021-12-21 10:25:59.443root 11241100x8000000000000000347422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4604af19f49bac212021-12-21 10:25:59.443root 11241100x8000000000000000347423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0554690f85b29eba2021-12-21 10:25:59.443root 11241100x8000000000000000347424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13862828ec1b95a72021-12-21 10:25:59.444root 11241100x8000000000000000347425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f01648d1ebb8d492021-12-21 10:25:59.444root 11241100x8000000000000000347426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0928eb4b41ef71cb2021-12-21 10:25:59.444root 11241100x8000000000000000347427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706c7925bbc9b2592021-12-21 10:25:59.444root 11241100x8000000000000000347428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6cf2f9fd47e64622021-12-21 10:25:59.444root 11241100x8000000000000000347429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b418e99863573bd2021-12-21 10:25:59.444root 11241100x8000000000000000347430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40bbd71cf9012c1d2021-12-21 10:25:59.445root 11241100x8000000000000000347431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c0a1e5d3c242ea2021-12-21 10:25:59.445root 11241100x8000000000000000347432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57f007696b8194f2021-12-21 10:25:59.445root 11241100x8000000000000000347433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bf19dc38f717202021-12-21 10:25:59.445root 11241100x8000000000000000347434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4219de4a58f2532021-12-21 10:25:59.445root 11241100x8000000000000000347435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c7a44b073e23992021-12-21 10:25:59.445root 11241100x8000000000000000347436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f253dc570476c702021-12-21 10:25:59.446root 11241100x8000000000000000347437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad72bc9e1182a6db2021-12-21 10:25:59.446root 11241100x8000000000000000347438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88c5fb8d123777512021-12-21 10:25:59.446root 11241100x8000000000000000347439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf26c6a49cd7dc6d2021-12-21 10:25:59.446root 11241100x8000000000000000347440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1538a9eeb52c8e2021-12-21 10:25:59.446root 11241100x8000000000000000347441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47172d24a3bb3232021-12-21 10:25:59.446root 11241100x8000000000000000347442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f768151962ffdd2021-12-21 10:25:59.446root 11241100x8000000000000000347443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598be9fc744720612021-12-21 10:25:59.447root 11241100x8000000000000000347444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d0d13819d2bfa42021-12-21 10:25:59.447root 11241100x8000000000000000347445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b42cdba089f8b0a42021-12-21 10:25:59.942root 11241100x8000000000000000347446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15859f2d01b7852e2021-12-21 10:25:59.943root 11241100x8000000000000000347447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b0639da55ac8502021-12-21 10:25:59.943root 11241100x8000000000000000347448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60254fcf10b726172021-12-21 10:25:59.943root 11241100x8000000000000000347449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9b2898b217e16c2021-12-21 10:25:59.943root 11241100x8000000000000000347450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00cdd849ed657a7e2021-12-21 10:25:59.943root 11241100x8000000000000000347451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fbc73210dfa9acf2021-12-21 10:25:59.943root 11241100x8000000000000000347452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f406bd2b4aa67d062021-12-21 10:25:59.944root 11241100x8000000000000000347453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f06f37e4bbe10a52021-12-21 10:25:59.944root 11241100x8000000000000000347454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8eed6befd188b82021-12-21 10:25:59.944root 11241100x8000000000000000347455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a4f3686ac0ff712021-12-21 10:25:59.944root 11241100x8000000000000000347456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7306876427fdc1102021-12-21 10:25:59.944root 11241100x8000000000000000347457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e56e76a10217532021-12-21 10:25:59.944root 11241100x8000000000000000347458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee934de578b14b152021-12-21 10:25:59.944root 11241100x8000000000000000347459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35bb900970acc8202021-12-21 10:25:59.944root 11241100x8000000000000000347460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181f63d5d0454ed82021-12-21 10:25:59.944root 11241100x8000000000000000347461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fff9d72d09733ef72021-12-21 10:25:59.945root 11241100x8000000000000000347462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8232649363404a2021-12-21 10:25:59.945root 11241100x8000000000000000347463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a1259de39336f12021-12-21 10:25:59.945root 11241100x8000000000000000347464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24bf839f977bb7c2021-12-21 10:25:59.945root 11241100x8000000000000000347465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4148dac68b08b52021-12-21 10:25:59.945root 11241100x8000000000000000347466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e318cb619c6cb92021-12-21 10:25:59.945root 11241100x8000000000000000347467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb400631539e3372021-12-21 10:25:59.945root 11241100x8000000000000000347468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ca1e9f18207f462021-12-21 10:25:59.946root 11241100x8000000000000000347469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8ba2136d9faf722021-12-21 10:25:59.946root 11241100x8000000000000000347470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3d13f01c423c4c2021-12-21 10:25:59.946root 11241100x8000000000000000347471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:25:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6eb503e1cdeae442021-12-21 10:25:59.946root 354300x8000000000000000347472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.177{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47090-false10.0.1.12-8000- 11241100x8000000000000000347473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5315930f81850d6e2021-12-21 10:26:00.443root 11241100x8000000000000000347474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b51c5c3d76c09732021-12-21 10:26:00.443root 11241100x8000000000000000347475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2052cb633c5617842021-12-21 10:26:00.443root 11241100x8000000000000000347476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3c0bd11a55edb52021-12-21 10:26:00.443root 11241100x8000000000000000347477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d0040d349966c12021-12-21 10:26:00.444root 11241100x8000000000000000347478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab4940489f93b6f2021-12-21 10:26:00.444root 11241100x8000000000000000347479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98fd2fb9c0837992021-12-21 10:26:00.444root 11241100x8000000000000000347480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2974d17562a7767d2021-12-21 10:26:00.444root 11241100x8000000000000000347481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eae54f831790a162021-12-21 10:26:00.444root 11241100x8000000000000000347482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6f2de8b6e975ff2021-12-21 10:26:00.445root 11241100x8000000000000000347483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c320ad895274adb42021-12-21 10:26:00.445root 11241100x8000000000000000347484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da79b82ce9742e22021-12-21 10:26:00.445root 11241100x8000000000000000347485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9bcecbd806b7032021-12-21 10:26:00.445root 11241100x8000000000000000347486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9324e512e155ab2021-12-21 10:26:00.445root 11241100x8000000000000000347487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f661312f0840db92021-12-21 10:26:00.445root 11241100x8000000000000000347488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2df9042ec14b5c2021-12-21 10:26:00.445root 11241100x8000000000000000347489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c21db38f4c26882021-12-21 10:26:00.446root 11241100x8000000000000000347490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2a0e358edaff5d2021-12-21 10:26:00.446root 11241100x8000000000000000347491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871a7343eed8b5662021-12-21 10:26:00.446root 11241100x8000000000000000347492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e459acad51c5032021-12-21 10:26:00.446root 11241100x8000000000000000347493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4218702b34a918e52021-12-21 10:26:00.446root 11241100x8000000000000000347494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8392725e6c024d2021-12-21 10:26:00.446root 11241100x8000000000000000347495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64db6f098bc5e2d2021-12-21 10:26:00.446root 11241100x8000000000000000347496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb66a956eef46d22021-12-21 10:26:00.447root 11241100x8000000000000000347497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6477edc876a78212021-12-21 10:26:00.447root 11241100x8000000000000000347498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d5decd26f52baf2021-12-21 10:26:00.447root 11241100x8000000000000000347499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a287a3e53faf62a2021-12-21 10:26:00.447root 11241100x8000000000000000347500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534fa1445060ebd82021-12-21 10:26:00.943root 11241100x8000000000000000347501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8dd8a5dfd316f02021-12-21 10:26:00.943root 11241100x8000000000000000347502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a241479cde3b80b02021-12-21 10:26:00.943root 11241100x8000000000000000347503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998b00568c1e00aa2021-12-21 10:26:00.943root 11241100x8000000000000000347504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f10dad1bfe63762021-12-21 10:26:00.943root 11241100x8000000000000000347505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84be79d29789b4bd2021-12-21 10:26:00.944root 11241100x8000000000000000347506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7ca75f7909b5802021-12-21 10:26:00.944root 11241100x8000000000000000347507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0717e3e3351a4a8d2021-12-21 10:26:00.944root 11241100x8000000000000000347508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee07348582461622021-12-21 10:26:00.944root 11241100x8000000000000000347509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.503746ddb8e944a42021-12-21 10:26:00.944root 11241100x8000000000000000347510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa2c15658ec47992021-12-21 10:26:00.944root 11241100x8000000000000000347511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973d0afe1d5638ae2021-12-21 10:26:00.944root 11241100x8000000000000000347512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317de152285e47482021-12-21 10:26:00.944root 11241100x8000000000000000347513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779fd9cd80d51c492021-12-21 10:26:00.945root 11241100x8000000000000000347514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb299e15dc937302021-12-21 10:26:00.945root 11241100x8000000000000000347515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0601c117ae1e10bb2021-12-21 10:26:00.945root 11241100x8000000000000000347516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6a123456e778412021-12-21 10:26:00.945root 11241100x8000000000000000347517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351c575eddccfe182021-12-21 10:26:00.945root 11241100x8000000000000000347518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2921ae880ec6c972021-12-21 10:26:00.945root 11241100x8000000000000000347519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9cc442bf33a7a22021-12-21 10:26:00.945root 11241100x8000000000000000347520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2afe9d04d2d0579d2021-12-21 10:26:00.945root 11241100x8000000000000000347521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94153dff89061fd2021-12-21 10:26:00.945root 11241100x8000000000000000347522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ad5da41b3491752021-12-21 10:26:00.946root 11241100x8000000000000000347523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02f732d7d87c6992021-12-21 10:26:00.946root 11241100x8000000000000000347524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b756da2a1c6d13c2021-12-21 10:26:00.946root 11241100x8000000000000000347525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.608315ac9f2c2c372021-12-21 10:26:00.946root 11241100x8000000000000000347526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382a8ad5fe3c06252021-12-21 10:26:00.946root 11241100x8000000000000000347527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abfb6a910a5374e92021-12-21 10:26:00.946root 11241100x8000000000000000347528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14824b524eaf18fb2021-12-21 10:26:00.946root 11241100x8000000000000000347529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86adf025ae8e87872021-12-21 10:26:00.946root 11241100x8000000000000000347530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fc1210953b3d8c22021-12-21 10:26:00.947root 11241100x8000000000000000347531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcbd585a502a7cf62021-12-21 10:26:01.443root 11241100x8000000000000000347532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbfc3c569ced3e802021-12-21 10:26:01.443root 11241100x8000000000000000347533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1480decf8c5cec6b2021-12-21 10:26:01.443root 11241100x8000000000000000347534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a5b6298b3a3d10a2021-12-21 10:26:01.443root 11241100x8000000000000000347535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f884883a80b1e0812021-12-21 10:26:01.443root 11241100x8000000000000000347536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d69276998cbb8582021-12-21 10:26:01.443root 11241100x8000000000000000347537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e0f773ecafe9982021-12-21 10:26:01.444root 11241100x8000000000000000347538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8791ea99dfd115d2021-12-21 10:26:01.444root 11241100x8000000000000000347539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.226e87eab059e59c2021-12-21 10:26:01.444root 11241100x8000000000000000347540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3663e0f35ea21572021-12-21 10:26:01.444root 11241100x8000000000000000347541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af84042e8aeaa12a2021-12-21 10:26:01.444root 11241100x8000000000000000347542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7e78cfb1645bd12021-12-21 10:26:01.444root 11241100x8000000000000000347543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0199fcb88cdef6942021-12-21 10:26:01.444root 11241100x8000000000000000347544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9846f53d6f7af4152021-12-21 10:26:01.444root 11241100x8000000000000000347545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346780eeeb30932b2021-12-21 10:26:01.444root 11241100x8000000000000000347546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a489974179dd40db2021-12-21 10:26:01.444root 11241100x8000000000000000347547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6b546c7a29ce392021-12-21 10:26:01.445root 11241100x8000000000000000347548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2027fd7a286ce102021-12-21 10:26:01.445root 11241100x8000000000000000347549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2432251f786ff42021-12-21 10:26:01.445root 11241100x8000000000000000347550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97588e7ab1d7134c2021-12-21 10:26:01.445root 11241100x8000000000000000347551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf873ec43392849d2021-12-21 10:26:01.445root 11241100x8000000000000000347552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30c77dccccdc26a2021-12-21 10:26:01.445root 11241100x8000000000000000347553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7766478a8d481d342021-12-21 10:26:01.445root 11241100x8000000000000000347554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967ef1432670ce102021-12-21 10:26:01.446root 11241100x8000000000000000347555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21236c32127d84632021-12-21 10:26:01.446root 11241100x8000000000000000347556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f24216cd0c852e2021-12-21 10:26:01.446root 11241100x8000000000000000347557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1266be55eb0d7cbb2021-12-21 10:26:01.446root 11241100x8000000000000000347558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120e40e5447382132021-12-21 10:26:01.446root 11241100x8000000000000000347559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5868cf3406d1b8822021-12-21 10:26:01.446root 11241100x8000000000000000347560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e73af6483961dc2021-12-21 10:26:01.447root 11241100x8000000000000000347561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b81ff2c27499ed2021-12-21 10:26:01.447root 11241100x8000000000000000347562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330961427f0dd2812021-12-21 10:26:01.447root 11241100x8000000000000000347563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132070e65ddf22eb2021-12-21 10:26:01.943root 11241100x8000000000000000347564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34df0458223219372021-12-21 10:26:01.943root 11241100x8000000000000000347565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2dc3b6c2a5e1a62021-12-21 10:26:01.943root 11241100x8000000000000000347566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8be40d35991074f2021-12-21 10:26:01.943root 11241100x8000000000000000347567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d0e4c93abb96732021-12-21 10:26:01.943root 11241100x8000000000000000347568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56f813d9cb7cda2b2021-12-21 10:26:01.944root 11241100x8000000000000000347569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bb9a717befeebbc2021-12-21 10:26:01.944root 11241100x8000000000000000347570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad19b882f34002ae2021-12-21 10:26:01.944root 11241100x8000000000000000347571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965076d47101cd7b2021-12-21 10:26:01.944root 11241100x8000000000000000347572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590fd344b9a0faf72021-12-21 10:26:01.944root 11241100x8000000000000000347573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496d27dee9ceb5bb2021-12-21 10:26:01.944root 11241100x8000000000000000347574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc28d4ac0f3db1f2021-12-21 10:26:01.944root 11241100x8000000000000000347575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbf85adae3a2b372021-12-21 10:26:01.944root 11241100x8000000000000000347576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3970adc8c8e319c2021-12-21 10:26:01.944root 11241100x8000000000000000347577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.248d721cf1b5cf052021-12-21 10:26:01.944root 11241100x8000000000000000347578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560863b11529dce12021-12-21 10:26:01.944root 11241100x8000000000000000347579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86398e50ef12b022021-12-21 10:26:01.945root 11241100x8000000000000000347580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cfddf59597f77862021-12-21 10:26:01.945root 11241100x8000000000000000347581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85262f202e212fa2021-12-21 10:26:01.945root 11241100x8000000000000000347582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09dcffa45dd4e2f72021-12-21 10:26:01.945root 11241100x8000000000000000347583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83baf01642d01bcc2021-12-21 10:26:01.945root 11241100x8000000000000000347584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5f17f2aedcb9d32021-12-21 10:26:01.945root 11241100x8000000000000000347585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606773142f04fd122021-12-21 10:26:01.945root 11241100x8000000000000000347586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ad6e89fd13c8ac32021-12-21 10:26:01.946root 11241100x8000000000000000347587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b55fc0559b2c952021-12-21 10:26:01.946root 11241100x8000000000000000347588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93d745c875afb002021-12-21 10:26:02.443root 11241100x8000000000000000347589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a85fec8530ef7f2021-12-21 10:26:02.443root 11241100x8000000000000000347590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c10ab93ba275a32021-12-21 10:26:02.443root 11241100x8000000000000000347591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2edd082b003b5d832021-12-21 10:26:02.444root 11241100x8000000000000000347592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f089eda01ce9e4312021-12-21 10:26:02.444root 11241100x8000000000000000347593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5c37de61f5bc1e2021-12-21 10:26:02.444root 11241100x8000000000000000347594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564ee4a5c348e6532021-12-21 10:26:02.444root 11241100x8000000000000000347595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c619ac17bfa30382021-12-21 10:26:02.444root 11241100x8000000000000000347596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb55fb35f17165152021-12-21 10:26:02.444root 11241100x8000000000000000347597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e609bb2324aaabc2021-12-21 10:26:02.444root 11241100x8000000000000000347598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c62c866d870c3552021-12-21 10:26:02.444root 11241100x8000000000000000347599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f73c302b3e9d092021-12-21 10:26:02.445root 11241100x8000000000000000347600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652ed18ab119d0152021-12-21 10:26:02.445root 11241100x8000000000000000347601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3864777353b957e12021-12-21 10:26:02.445root 11241100x8000000000000000347602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41485a7713c662a2021-12-21 10:26:02.445root 11241100x8000000000000000347603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496b84c688ff92562021-12-21 10:26:02.445root 11241100x8000000000000000347604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64dc153ebfbc2c862021-12-21 10:26:02.445root 11241100x8000000000000000347605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7c5932cf31a38f2021-12-21 10:26:02.445root 11241100x8000000000000000347606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a7869d78a9d3a32021-12-21 10:26:02.445root 11241100x8000000000000000347607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb32bc1090854032021-12-21 10:26:02.445root 11241100x8000000000000000347608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dccf6e352106fb02021-12-21 10:26:02.446root 11241100x8000000000000000347609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c454650fa37ea8e32021-12-21 10:26:02.446root 11241100x8000000000000000347610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee88bf46d05fff32021-12-21 10:26:02.446root 11241100x8000000000000000347611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35942eb86bcabe42021-12-21 10:26:02.446root 11241100x8000000000000000347612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d0cdc46afc64a72021-12-21 10:26:02.446root 11241100x8000000000000000347613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a0d94bde51379a2021-12-21 10:26:02.943root 11241100x8000000000000000347614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203233810e89983f2021-12-21 10:26:02.943root 11241100x8000000000000000347615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be79c4b062ab4b2c2021-12-21 10:26:02.943root 11241100x8000000000000000347616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf318c75dd4e085f2021-12-21 10:26:02.944root 11241100x8000000000000000347617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa1b88e471ee5f92021-12-21 10:26:02.944root 11241100x8000000000000000347618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf1799d912629632021-12-21 10:26:02.944root 11241100x8000000000000000347619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65891beb4cd4b482021-12-21 10:26:02.944root 11241100x8000000000000000347620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1cc1dae68d4a7f2021-12-21 10:26:02.945root 11241100x8000000000000000347621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b09298a9944b5c2021-12-21 10:26:02.945root 11241100x8000000000000000347622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966723d66189fed72021-12-21 10:26:02.945root 11241100x8000000000000000347623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186e13e9d98e50ba2021-12-21 10:26:02.945root 11241100x8000000000000000347624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ef0fe3029b4dcf22021-12-21 10:26:02.945root 11241100x8000000000000000347625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89486e5df19246762021-12-21 10:26:02.945root 11241100x8000000000000000347626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3411ed314963e8372021-12-21 10:26:02.945root 11241100x8000000000000000347627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0f6300cc17fb3c2021-12-21 10:26:02.946root 11241100x8000000000000000347628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7df5faf386ec0e2021-12-21 10:26:02.946root 11241100x8000000000000000347629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d4b5aa4b3370bed2021-12-21 10:26:02.946root 11241100x8000000000000000347630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b313415ea560d4f72021-12-21 10:26:02.946root 11241100x8000000000000000347631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1db45e7e9e6c5b2021-12-21 10:26:02.947root 11241100x8000000000000000347632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5555c6880cf99c52021-12-21 10:26:02.947root 11241100x8000000000000000347633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9af71672580ba12021-12-21 10:26:02.947root 11241100x8000000000000000347634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5568331c0107b87d2021-12-21 10:26:02.948root 11241100x8000000000000000347635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef2ba52ba72e6952021-12-21 10:26:02.948root 11241100x8000000000000000347636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd644ea4a9ad6d62021-12-21 10:26:02.949root 11241100x8000000000000000347637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2575256832be922021-12-21 10:26:02.949root 11241100x8000000000000000347638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e64be006da7df12021-12-21 10:26:02.950root 11241100x8000000000000000347639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:02.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df95954dfa87d2232021-12-21 10:26:02.950root 11241100x8000000000000000347640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c4c045f23bcd612021-12-21 10:26:03.443root 11241100x8000000000000000347641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cfbf0a9d3eb4d22021-12-21 10:26:03.443root 11241100x8000000000000000347642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e2d892b2612fc82021-12-21 10:26:03.443root 11241100x8000000000000000347643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a455b2d871a1f8b2021-12-21 10:26:03.444root 11241100x8000000000000000347644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0e6561d9b7b8882021-12-21 10:26:03.444root 11241100x8000000000000000347645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d4a436106640fe2021-12-21 10:26:03.444root 11241100x8000000000000000347646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1c7f6528ed8a4e2021-12-21 10:26:03.444root 11241100x8000000000000000347647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1b8789a67f69282021-12-21 10:26:03.444root 11241100x8000000000000000347648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3049a6f233c5282021-12-21 10:26:03.444root 11241100x8000000000000000347649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81984f1ea0cb9b992021-12-21 10:26:03.444root 11241100x8000000000000000347650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0705abc2ef1a62ac2021-12-21 10:26:03.444root 11241100x8000000000000000347651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20ce67df515b1c82021-12-21 10:26:03.444root 11241100x8000000000000000347652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4e99f0dbe42ff02021-12-21 10:26:03.444root 11241100x8000000000000000347653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb44f02e9d28e702021-12-21 10:26:03.444root 11241100x8000000000000000347654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07babe80b720b80c2021-12-21 10:26:03.445root 11241100x8000000000000000347655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c814d392b09560f02021-12-21 10:26:03.445root 11241100x8000000000000000347656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4fc42d0c8271882021-12-21 10:26:03.445root 11241100x8000000000000000347657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29140e7405f181622021-12-21 10:26:03.445root 11241100x8000000000000000347658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a1f86ea51dc72b2021-12-21 10:26:03.445root 11241100x8000000000000000347659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfaf262fbb3849192021-12-21 10:26:03.445root 11241100x8000000000000000347660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7da16d96dbc85d72021-12-21 10:26:03.446root 11241100x8000000000000000347661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05334f7915d17b612021-12-21 10:26:03.446root 11241100x8000000000000000347662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722b6938706199232021-12-21 10:26:03.446root 11241100x8000000000000000347663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4949ed9e006ffd632021-12-21 10:26:03.446root 11241100x8000000000000000347664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a5c4e07789ed4e2021-12-21 10:26:03.446root 11241100x8000000000000000347665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f39335687174f52021-12-21 10:26:03.943root 11241100x8000000000000000347666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4f73d96f391f722021-12-21 10:26:03.943root 11241100x8000000000000000347667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732695f00ebc06902021-12-21 10:26:03.944root 11241100x8000000000000000347668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2beb0fdb6f77ce22021-12-21 10:26:03.944root 11241100x8000000000000000347669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de61ed9e1e25f5412021-12-21 10:26:03.944root 11241100x8000000000000000347670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae402520a655a022021-12-21 10:26:03.944root 11241100x8000000000000000347671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197e9845d278722d2021-12-21 10:26:03.944root 11241100x8000000000000000347672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb156936b4b036062021-12-21 10:26:03.944root 11241100x8000000000000000347673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2268a38feac7fadd2021-12-21 10:26:03.945root 11241100x8000000000000000347674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcec158535f3041c2021-12-21 10:26:03.945root 11241100x8000000000000000347675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72cec206ad0e4d902021-12-21 10:26:03.945root 11241100x8000000000000000347676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d83cc259cfcf7a2021-12-21 10:26:03.945root 11241100x8000000000000000347677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1814af5752023db2021-12-21 10:26:03.945root 11241100x8000000000000000347678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b260cfbab0229822021-12-21 10:26:03.945root 11241100x8000000000000000347679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db73a8e83aebc662021-12-21 10:26:03.945root 11241100x8000000000000000347680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d431e9f3c04248752021-12-21 10:26:03.946root 11241100x8000000000000000347681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c10ef58740f1672021-12-21 10:26:03.946root 11241100x8000000000000000347682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac90e163427cd9622021-12-21 10:26:03.946root 11241100x8000000000000000347683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996d9fdd30cc97302021-12-21 10:26:03.946root 11241100x8000000000000000347684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deba07b58ed4e89a2021-12-21 10:26:03.946root 11241100x8000000000000000347685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a09727711564c0e2021-12-21 10:26:03.946root 11241100x8000000000000000347686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7971c1a3e33b230b2021-12-21 10:26:03.946root 11241100x8000000000000000347687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39638a3267a8317a2021-12-21 10:26:03.946root 11241100x8000000000000000347688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c555562b58ebe89e2021-12-21 10:26:03.946root 11241100x8000000000000000347689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5e05c5faf8ac5e2021-12-21 10:26:03.946root 11241100x8000000000000000347690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f307e0494c92d8e12021-12-21 10:26:04.443root 11241100x8000000000000000347691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa9831d0563800f2021-12-21 10:26:04.443root 11241100x8000000000000000347692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb0f81f874141f72021-12-21 10:26:04.443root 11241100x8000000000000000347693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907a9fa58bd216312021-12-21 10:26:04.444root 11241100x8000000000000000347694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c5983a962699302021-12-21 10:26:04.444root 11241100x8000000000000000347695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6d3ff881556a442021-12-21 10:26:04.444root 11241100x8000000000000000347696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccbe5c17f304e0b62021-12-21 10:26:04.444root 11241100x8000000000000000347697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b8710a6c015c2c2021-12-21 10:26:04.444root 11241100x8000000000000000347698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9700313fd63b41c62021-12-21 10:26:04.444root 11241100x8000000000000000347699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1980b8b9d64d1562021-12-21 10:26:04.444root 11241100x8000000000000000347700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e942fe62b6dc5cf2021-12-21 10:26:04.445root 11241100x8000000000000000347701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8586e0b9196ac6112021-12-21 10:26:04.445root 11241100x8000000000000000347702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a3c731f2719ee12021-12-21 10:26:04.445root 11241100x8000000000000000347703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e8da5f2d3ab3e182021-12-21 10:26:04.445root 11241100x8000000000000000347704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396784925f5640982021-12-21 10:26:04.445root 11241100x8000000000000000347705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f57082f83368fa2021-12-21 10:26:04.445root 11241100x8000000000000000347706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57197f377a5a4c112021-12-21 10:26:04.445root 11241100x8000000000000000347707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a027544678d758ca2021-12-21 10:26:04.445root 11241100x8000000000000000347708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e7b172d631f7e82021-12-21 10:26:04.445root 11241100x8000000000000000347709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdeeb432f806522d2021-12-21 10:26:04.446root 11241100x8000000000000000347710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d60540f7f09f632021-12-21 10:26:04.446root 11241100x8000000000000000347711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb373c4cee4259e72021-12-21 10:26:04.446root 11241100x8000000000000000347712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46eea9918de0a7c92021-12-21 10:26:04.446root 11241100x8000000000000000347713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbea8315be25f8e62021-12-21 10:26:04.446root 11241100x8000000000000000347714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0891733713f6ae012021-12-21 10:26:04.446root 11241100x8000000000000000347715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b0f8ffce3babe62021-12-21 10:26:04.942root 11241100x8000000000000000347716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7f7d1b30ccbb532021-12-21 10:26:04.943root 11241100x8000000000000000347717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d72952279ee35c2021-12-21 10:26:04.943root 11241100x8000000000000000347718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ce4123e9d8b1372021-12-21 10:26:04.943root 11241100x8000000000000000347719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a643071d769a42c42021-12-21 10:26:04.944root 11241100x8000000000000000347720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e907f9a93a30cdd52021-12-21 10:26:04.944root 11241100x8000000000000000347721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3321741280a7f412021-12-21 10:26:04.944root 11241100x8000000000000000347722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc221c046b51f6be2021-12-21 10:26:04.944root 11241100x8000000000000000347723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3748d5056dfad082021-12-21 10:26:04.944root 11241100x8000000000000000347724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad25d840852c9962021-12-21 10:26:04.944root 11241100x8000000000000000347725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a107d34a852fc852021-12-21 10:26:04.944root 11241100x8000000000000000347726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8468ec79ad6b27b82021-12-21 10:26:04.944root 11241100x8000000000000000347727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329a32be5c73c0ca2021-12-21 10:26:04.944root 11241100x8000000000000000347728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10dd88c523ff2ed72021-12-21 10:26:04.945root 11241100x8000000000000000347729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a622531a858879382021-12-21 10:26:04.945root 11241100x8000000000000000347730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06d96df5bde60912021-12-21 10:26:04.945root 11241100x8000000000000000347731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eade72f2ef24983e2021-12-21 10:26:04.945root 11241100x8000000000000000347732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4307263f72bc78112021-12-21 10:26:04.945root 11241100x8000000000000000347733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09cb5763f3eaff52021-12-21 10:26:04.945root 11241100x8000000000000000347734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b3098871be0fda2021-12-21 10:26:04.945root 11241100x8000000000000000347735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746ef45bb0428ce62021-12-21 10:26:04.946root 11241100x8000000000000000347736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ae2c57894f98f92021-12-21 10:26:04.946root 11241100x8000000000000000347737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e31f889082c7c62021-12-21 10:26:04.946root 11241100x8000000000000000347738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64de4528793ead332021-12-21 10:26:04.946root 11241100x8000000000000000347739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:04.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899ff0bb735659992021-12-21 10:26:04.946root 11241100x8000000000000000347740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c4db6a2c930b6e2021-12-21 10:26:05.443root 11241100x8000000000000000347741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98376a61f77982342021-12-21 10:26:05.443root 11241100x8000000000000000347742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fd74ad515adcff2021-12-21 10:26:05.444root 11241100x8000000000000000347743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.038ec60018bf2f2a2021-12-21 10:26:05.444root 11241100x8000000000000000347744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf025042619f80e52021-12-21 10:26:05.444root 11241100x8000000000000000347745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479daeaa2b969e0f2021-12-21 10:26:05.444root 11241100x8000000000000000347746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab7834f7434c59f2021-12-21 10:26:05.445root 11241100x8000000000000000347747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a826d96572df7c732021-12-21 10:26:05.445root 11241100x8000000000000000347748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be7272ac6fd7ed92021-12-21 10:26:05.445root 11241100x8000000000000000347749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc037df5d05c8a92021-12-21 10:26:05.445root 11241100x8000000000000000347750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a43dbe5ee61eb6b92021-12-21 10:26:05.445root 11241100x8000000000000000347751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523f79afa1d2ed6c2021-12-21 10:26:05.445root 11241100x8000000000000000347752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070aa0bc7093563f2021-12-21 10:26:05.445root 11241100x8000000000000000347753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55af05e9e84851352021-12-21 10:26:05.445root 11241100x8000000000000000347754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7b7a6cb0d4b3642021-12-21 10:26:05.445root 11241100x8000000000000000347755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d1ca80b8939c3a2021-12-21 10:26:05.446root 11241100x8000000000000000347756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4a097eba058e7c2021-12-21 10:26:05.446root 11241100x8000000000000000347757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c78d6ff78213b122021-12-21 10:26:05.446root 11241100x8000000000000000347758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d45d12ea0602832021-12-21 10:26:05.446root 11241100x8000000000000000347759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b38397430f9e1e2021-12-21 10:26:05.446root 11241100x8000000000000000347760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f69bb217526ecf12021-12-21 10:26:05.446root 11241100x8000000000000000347761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a279eb9f8850bba2021-12-21 10:26:05.446root 11241100x8000000000000000347762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcbb76bbec3917612021-12-21 10:26:05.446root 11241100x8000000000000000347763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a5db95fb92d28b2021-12-21 10:26:05.446root 11241100x8000000000000000347764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e11fda88eab8fd2021-12-21 10:26:05.446root 11241100x8000000000000000347765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13cbe99c045c311d2021-12-21 10:26:05.943root 11241100x8000000000000000347766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602182ba8fb04aef2021-12-21 10:26:05.943root 11241100x8000000000000000347767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1ea1db9afffc722021-12-21 10:26:05.943root 11241100x8000000000000000347768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93f34d763a3cce72021-12-21 10:26:05.943root 11241100x8000000000000000347769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c8adc12a52886c2021-12-21 10:26:05.943root 11241100x8000000000000000347770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a5254e5e1f3ba92021-12-21 10:26:05.943root 11241100x8000000000000000347771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854baf5624e8483c2021-12-21 10:26:05.944root 11241100x8000000000000000347772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2650010ff7c9eb4b2021-12-21 10:26:05.944root 11241100x8000000000000000347773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2769a5b48b303d62021-12-21 10:26:05.944root 11241100x8000000000000000347774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57e2579bef2280d2021-12-21 10:26:05.944root 11241100x8000000000000000347775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f33c5be2883383d2021-12-21 10:26:05.944root 11241100x8000000000000000347776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b970667337a091e92021-12-21 10:26:05.944root 11241100x8000000000000000347777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ae2683be52ebe92021-12-21 10:26:05.944root 11241100x8000000000000000347778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807e4dbcdb2496782021-12-21 10:26:05.944root 11241100x8000000000000000347779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dabd6bc30d382192021-12-21 10:26:05.944root 11241100x8000000000000000347780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd87b486514ff4b22021-12-21 10:26:05.944root 11241100x8000000000000000347781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199750718c4962042021-12-21 10:26:05.944root 11241100x8000000000000000347782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00e757e4b77e4732021-12-21 10:26:05.945root 11241100x8000000000000000347783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde0d1715d5a2ea92021-12-21 10:26:05.945root 11241100x8000000000000000347784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3929e0f1101ea3b22021-12-21 10:26:05.945root 11241100x8000000000000000347785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69ae92f64407b782021-12-21 10:26:05.945root 11241100x8000000000000000347786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1feb7c5cc9c8d16d2021-12-21 10:26:05.945root 11241100x8000000000000000347787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2060a78b94b84fe2021-12-21 10:26:05.945root 11241100x8000000000000000347788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a1328b340155d42021-12-21 10:26:05.945root 11241100x8000000000000000347789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b692dfb4ec315c592021-12-21 10:26:05.945root 354300x8000000000000000347790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.123{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47092-false10.0.1.12-8000- 11241100x8000000000000000347791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.349{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:26:06.349root 11241100x8000000000000000347792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e744f62b8baa8e662021-12-21 10:26:06.351root 11241100x8000000000000000347793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6d29770da0981a2021-12-21 10:26:06.351root 11241100x8000000000000000347794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876bc478f45393d82021-12-21 10:26:06.351root 11241100x8000000000000000347795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e541e29d7fa7c42021-12-21 10:26:06.351root 11241100x8000000000000000347796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4cfc4fce01aab52021-12-21 10:26:06.351root 11241100x8000000000000000347797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68120e56b37a906f2021-12-21 10:26:06.351root 11241100x8000000000000000347798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba780666175e1162021-12-21 10:26:06.351root 11241100x8000000000000000347799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5e02a16a1ec1432021-12-21 10:26:06.351root 11241100x8000000000000000347800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de48346ef3457352021-12-21 10:26:06.351root 11241100x8000000000000000347801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480f37d2b7fc6de62021-12-21 10:26:06.351root 11241100x8000000000000000347802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d70d10840abfe72021-12-21 10:26:06.352root 11241100x8000000000000000347803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a8ce5ed3e97b1f2021-12-21 10:26:06.352root 11241100x8000000000000000347804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d1295d189d8f142021-12-21 10:26:06.352root 11241100x8000000000000000347805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcfe3a03bdc369dc2021-12-21 10:26:06.352root 11241100x8000000000000000347806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23249053e36e68022021-12-21 10:26:06.352root 11241100x8000000000000000347807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0e1d9d0678cc632021-12-21 10:26:06.352root 11241100x8000000000000000347808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5a31240ad11c4a2021-12-21 10:26:06.352root 11241100x8000000000000000347809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c185d3137550a922021-12-21 10:26:06.352root 11241100x8000000000000000347810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a4a817f7839abc2021-12-21 10:26:06.352root 11241100x8000000000000000347811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba572977d877d54b2021-12-21 10:26:06.352root 11241100x8000000000000000347812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bcba7270942ed12021-12-21 10:26:06.352root 11241100x8000000000000000347813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9013cf3f7515a3e52021-12-21 10:26:06.353root 11241100x8000000000000000347814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793e7db98b52c61c2021-12-21 10:26:06.353root 11241100x8000000000000000347815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0606ab2b5bbaf92b2021-12-21 10:26:06.353root 11241100x8000000000000000347816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58265c562843958e2021-12-21 10:26:06.353root 11241100x8000000000000000347817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3719342817ba56112021-12-21 10:26:06.353root 11241100x8000000000000000347818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2440e8cf40f46bb2021-12-21 10:26:06.353root 11241100x8000000000000000347819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d132e1b3e99d0b32021-12-21 10:26:06.353root 11241100x8000000000000000347820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45cc4a6fdf24f2a2021-12-21 10:26:06.353root 11241100x8000000000000000347821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c5fb6d748770122021-12-21 10:26:06.353root 11241100x8000000000000000347822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7948d17e4fe649f2021-12-21 10:26:06.353root 11241100x8000000000000000347823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1f9385dcda5910d2021-12-21 10:26:06.354root 11241100x8000000000000000347824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89055675370921952021-12-21 10:26:06.354root 11241100x8000000000000000347825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050c67e9d66c0d492021-12-21 10:26:06.354root 11241100x8000000000000000347826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21499a8b588f17f12021-12-21 10:26:06.354root 11241100x8000000000000000347827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224f8652cd9100092021-12-21 10:26:06.354root 11241100x8000000000000000347828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7205651d0e400a2021-12-21 10:26:06.354root 11241100x8000000000000000347829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13f4efa6c9c79a12021-12-21 10:26:06.354root 11241100x8000000000000000347830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5666d6dea59d3f182021-12-21 10:26:06.354root 11241100x8000000000000000347831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427228f0be126dde2021-12-21 10:26:06.354root 11241100x8000000000000000347832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d81868b780312172021-12-21 10:26:06.354root 11241100x8000000000000000347833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596cba4067bffedc2021-12-21 10:26:06.355root 11241100x8000000000000000347834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e718211c239f1e82021-12-21 10:26:06.355root 11241100x8000000000000000347835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70161c4870ba427d2021-12-21 10:26:06.355root 11241100x8000000000000000347836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60fa0adad23b2a432021-12-21 10:26:06.355root 11241100x8000000000000000347837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a472f83de389bd2021-12-21 10:26:06.355root 11241100x8000000000000000347838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618281f94092d5602021-12-21 10:26:06.355root 11241100x8000000000000000347839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88aff71bf5aeca82021-12-21 10:26:06.356root 11241100x8000000000000000347840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a19af84a0a392cfb2021-12-21 10:26:06.356root 11241100x8000000000000000347841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42546b09d93c3e32021-12-21 10:26:06.356root 11241100x8000000000000000347842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986533fd3cb34e612021-12-21 10:26:06.357root 11241100x8000000000000000347843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6776847338cc73f42021-12-21 10:26:06.357root 11241100x8000000000000000347844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f865df8ef8a9d942021-12-21 10:26:06.357root 11241100x8000000000000000347845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b7c33d21e1c2c872021-12-21 10:26:06.357root 11241100x8000000000000000347846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67fb3b574ca2f912021-12-21 10:26:06.357root 11241100x8000000000000000347847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad266f0a4acaf0282021-12-21 10:26:06.357root 11241100x8000000000000000347848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.358{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4afb496bac2b1a22021-12-21 10:26:06.358root 11241100x8000000000000000347849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.358{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ea447a4dc360cd2021-12-21 10:26:06.358root 11241100x8000000000000000347850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.358{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c302a1f81a8fd5492021-12-21 10:26:06.358root 11241100x8000000000000000347851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.358{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355f76df07c9575c2021-12-21 10:26:06.358root 11241100x8000000000000000347852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.358{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d79e12fbf468562021-12-21 10:26:06.358root 11241100x8000000000000000347853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.358{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe42d161ff3f53d42021-12-21 10:26:06.358root 11241100x8000000000000000347854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bd00d2b5f709bf2021-12-21 10:26:06.693root 11241100x8000000000000000347855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e52fdb3f0e041d32021-12-21 10:26:06.693root 11241100x8000000000000000347856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb80b0b5675ef5c92021-12-21 10:26:06.693root 11241100x8000000000000000347857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f809489b2bee01e2021-12-21 10:26:06.693root 11241100x8000000000000000347858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82d40cfcf67dc212021-12-21 10:26:06.693root 11241100x8000000000000000347859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7dd687d8f71af712021-12-21 10:26:06.693root 11241100x8000000000000000347860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4d51432057e7aa2021-12-21 10:26:06.694root 11241100x8000000000000000347861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da551e96007f6c2d2021-12-21 10:26:06.694root 11241100x8000000000000000347862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65285a2eef15595e2021-12-21 10:26:06.694root 11241100x8000000000000000347863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6708274696489c772021-12-21 10:26:06.694root 11241100x8000000000000000347864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240c597c8297c1522021-12-21 10:26:06.694root 11241100x8000000000000000347865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fb771eb7d262662021-12-21 10:26:06.694root 11241100x8000000000000000347866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7756e6c635798acf2021-12-21 10:26:06.694root 11241100x8000000000000000347867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06eba94c481551262021-12-21 10:26:06.694root 11241100x8000000000000000347868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd04f8096529ad792021-12-21 10:26:06.694root 11241100x8000000000000000347869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae784c3a66f88512021-12-21 10:26:06.694root 11241100x8000000000000000347870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a35299c030f62d62021-12-21 10:26:06.694root 11241100x8000000000000000347871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b9c8f839432cd02021-12-21 10:26:06.695root 11241100x8000000000000000347872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4543920a48909afb2021-12-21 10:26:06.695root 11241100x8000000000000000347873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36c2715be600a5b2021-12-21 10:26:06.695root 11241100x8000000000000000347874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c081d4cf9fd1842021-12-21 10:26:06.695root 11241100x8000000000000000347875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f0c954a5d84f9d2021-12-21 10:26:06.695root 11241100x8000000000000000347876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78d95553f1dfd712021-12-21 10:26:06.695root 11241100x8000000000000000347877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a91cf64e4b91b052021-12-21 10:26:06.695root 11241100x8000000000000000347878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48ffe550f1640df2021-12-21 10:26:06.695root 11241100x8000000000000000347879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629be03c8849b7012021-12-21 10:26:06.695root 11241100x8000000000000000347880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beaf66fef74f079c2021-12-21 10:26:06.695root 11241100x8000000000000000347881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0623dc82c74567d2021-12-21 10:26:06.695root 11241100x8000000000000000347882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1505379b3faedfdb2021-12-21 10:26:06.696root 11241100x8000000000000000347883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353621d061ab54d32021-12-21 10:26:06.696root 11241100x8000000000000000347884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1917b7bb2ab2f3c52021-12-21 10:26:06.696root 11241100x8000000000000000347885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9df472efab8b7452021-12-21 10:26:06.696root 11241100x8000000000000000347886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd3df95a4fb35ea2021-12-21 10:26:06.696root 11241100x8000000000000000347887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd697fda8ae761e52021-12-21 10:26:06.696root 11241100x8000000000000000347888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892cd0cfe0bcd5542021-12-21 10:26:06.696root 11241100x8000000000000000347889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f917b93061542732021-12-21 10:26:06.696root 11241100x8000000000000000347890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0779b513192d5ddc2021-12-21 10:26:06.696root 11241100x8000000000000000347891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d46a13185f8021e2021-12-21 10:26:06.696root 11241100x8000000000000000347892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709a55a72c1cd2e12021-12-21 10:26:06.696root 11241100x8000000000000000347893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843ef7688bf128752021-12-21 10:26:06.696root 11241100x8000000000000000347894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22cc630b93ad32dd2021-12-21 10:26:06.696root 11241100x8000000000000000347895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf5d3496ccbb3f82021-12-21 10:26:06.697root 11241100x8000000000000000347896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626aa33ac8a27ee42021-12-21 10:26:06.697root 11241100x8000000000000000347897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0fb59374405a77a2021-12-21 10:26:06.697root 11241100x8000000000000000347898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34bb6da00fc5beec2021-12-21 10:26:06.697root 11241100x8000000000000000347899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21854816a8ea5d862021-12-21 10:26:06.697root 11241100x8000000000000000347900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c104cd355f0c22e12021-12-21 10:26:06.697root 11241100x8000000000000000347901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d08486e9d062d7b12021-12-21 10:26:06.697root 11241100x8000000000000000347902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ea46aa2991c2ab2021-12-21 10:26:06.697root 11241100x8000000000000000347903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5117ca78e679553f2021-12-21 10:26:06.697root 11241100x8000000000000000347904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0e0866a99a74182021-12-21 10:26:06.697root 11241100x8000000000000000347905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b802b64383800fb2021-12-21 10:26:06.697root 11241100x8000000000000000347906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76bc7174ebbbfcc12021-12-21 10:26:06.697root 11241100x8000000000000000347907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cb96e5d9ca60f3d2021-12-21 10:26:06.698root 11241100x8000000000000000347908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361afd0b3f6e4a942021-12-21 10:26:07.193root 11241100x8000000000000000347909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd24944c5b4a315c2021-12-21 10:26:07.193root 11241100x8000000000000000347910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2b857474860b152021-12-21 10:26:07.194root 11241100x8000000000000000347911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d10ea7de840ea12021-12-21 10:26:07.194root 11241100x8000000000000000347912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b27eeb47cba78322021-12-21 10:26:07.194root 11241100x8000000000000000347913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75874fac4688cbb62021-12-21 10:26:07.194root 11241100x8000000000000000347914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1f93638eb51dbf2021-12-21 10:26:07.194root 11241100x8000000000000000347915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4bc5af842e4d5b2021-12-21 10:26:07.194root 11241100x8000000000000000347916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f631354445b5cb2021-12-21 10:26:07.194root 11241100x8000000000000000347917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63ce3e55a47f51b2021-12-21 10:26:07.194root 11241100x8000000000000000347918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c3df8dacc6745a2021-12-21 10:26:07.194root 11241100x8000000000000000347919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8028af579f49bd412021-12-21 10:26:07.194root 11241100x8000000000000000347920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc8cf01027ea3932021-12-21 10:26:07.194root 11241100x8000000000000000347921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304d81d27d6af8232021-12-21 10:26:07.195root 11241100x8000000000000000347922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e729735211fcca802021-12-21 10:26:07.195root 11241100x8000000000000000347923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5fb720393531aa42021-12-21 10:26:07.195root 11241100x8000000000000000347924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07d8b13230177a02021-12-21 10:26:07.195root 11241100x8000000000000000347925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadd3badfe2c46f92021-12-21 10:26:07.195root 11241100x8000000000000000347926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2fcb7aa9b7016f2021-12-21 10:26:07.195root 11241100x8000000000000000347927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3565c61bc3721e12021-12-21 10:26:07.195root 11241100x8000000000000000347928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209179ccede0ea6e2021-12-21 10:26:07.195root 11241100x8000000000000000347929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d590319846362b92021-12-21 10:26:07.196root 11241100x8000000000000000347930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20614e75f87b9202021-12-21 10:26:07.196root 11241100x8000000000000000347931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28158d966e69ca52021-12-21 10:26:07.196root 11241100x8000000000000000347932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c8f967c4bcc4f52021-12-21 10:26:07.196root 11241100x8000000000000000347933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5efd8dc7cf03b0a72021-12-21 10:26:07.196root 11241100x8000000000000000347934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5819dfb6c84dbf32021-12-21 10:26:07.196root 11241100x8000000000000000347935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375ef41799ebc5ee2021-12-21 10:26:07.693root 11241100x8000000000000000347936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7192aa9d6e27eb742021-12-21 10:26:07.693root 11241100x8000000000000000347937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187ea29333c9d32a2021-12-21 10:26:07.694root 11241100x8000000000000000347938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a3e7dd921929b92021-12-21 10:26:07.694root 11241100x8000000000000000347939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010170130d82aa7a2021-12-21 10:26:07.694root 11241100x8000000000000000347940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20860488964c55932021-12-21 10:26:07.694root 11241100x8000000000000000347941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576675e2c9783e752021-12-21 10:26:07.694root 11241100x8000000000000000347942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4e846944c17e982021-12-21 10:26:07.695root 11241100x8000000000000000347943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae849cbb83cbba42021-12-21 10:26:07.695root 11241100x8000000000000000347944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5f68d8d9dd7b032021-12-21 10:26:07.695root 11241100x8000000000000000347945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2bc0b1b05f85d622021-12-21 10:26:07.695root 11241100x8000000000000000347946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c032d672220af42021-12-21 10:26:07.695root 11241100x8000000000000000347947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27b8dd6479468e32021-12-21 10:26:07.695root 11241100x8000000000000000347948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38700832865fd25f2021-12-21 10:26:07.695root 11241100x8000000000000000347949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79c4aecfe5e4ff62021-12-21 10:26:07.695root 11241100x8000000000000000347950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6cc2f528b7fce0b2021-12-21 10:26:07.695root 11241100x8000000000000000347951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0070a87d2df82be82021-12-21 10:26:07.695root 11241100x8000000000000000347952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99642b08e9b13ed82021-12-21 10:26:07.696root 11241100x8000000000000000347953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09b9353aba1bd6082021-12-21 10:26:07.696root 11241100x8000000000000000347954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63bebdccea1cc5c2021-12-21 10:26:07.696root 11241100x8000000000000000347955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5718bf9c6314a8e72021-12-21 10:26:07.696root 11241100x8000000000000000347956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e3cbafc688a8e422021-12-21 10:26:07.696root 11241100x8000000000000000347957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1874f6906d5da7212021-12-21 10:26:07.696root 11241100x8000000000000000347958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba81a59c2c4da7f2021-12-21 10:26:07.696root 11241100x8000000000000000347959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af4194b61d5771f2021-12-21 10:26:07.696root 11241100x8000000000000000347960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58dddcff2e8aaea42021-12-21 10:26:07.696root 11241100x8000000000000000347961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c176c34d234bd4bb2021-12-21 10:26:07.696root 11241100x8000000000000000347962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a6db7eb63baa862021-12-21 10:26:08.194root 11241100x8000000000000000347963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f91a22ce3d09c182021-12-21 10:26:08.194root 11241100x8000000000000000347964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53d62c32bfac56d2021-12-21 10:26:08.194root 11241100x8000000000000000347965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f43c757a2138ee2021-12-21 10:26:08.194root 11241100x8000000000000000347966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4647a0bda4d7a0aa2021-12-21 10:26:08.194root 11241100x8000000000000000347967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2331a213fd824cf2021-12-21 10:26:08.194root 11241100x8000000000000000347968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8408c68a7f5889712021-12-21 10:26:08.194root 11241100x8000000000000000347969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170e86750a3732a22021-12-21 10:26:08.194root 11241100x8000000000000000347970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0a1024878903f52021-12-21 10:26:08.195root 11241100x8000000000000000347971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657cb644d9ffacbf2021-12-21 10:26:08.195root 11241100x8000000000000000347972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ef7d5f03b55a452021-12-21 10:26:08.195root 11241100x8000000000000000347973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07737d687028e5ce2021-12-21 10:26:08.195root 11241100x8000000000000000347974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7bce9be3826d76f2021-12-21 10:26:08.195root 11241100x8000000000000000347975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad2418970b84bed2021-12-21 10:26:08.195root 11241100x8000000000000000347976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e382fefa83d0a0be2021-12-21 10:26:08.195root 11241100x8000000000000000347977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3426dfca951f09562021-12-21 10:26:08.195root 11241100x8000000000000000347978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc0d97b901ecab02021-12-21 10:26:08.195root 11241100x8000000000000000347979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132abbef128acb9e2021-12-21 10:26:08.195root 11241100x8000000000000000347980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65636a03e450a232021-12-21 10:26:08.195root 11241100x8000000000000000347981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537f981d1f1200632021-12-21 10:26:08.195root 11241100x8000000000000000347982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a402381a82c59ca2021-12-21 10:26:08.195root 11241100x8000000000000000347983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045a25e8d669c2532021-12-21 10:26:08.195root 11241100x8000000000000000347984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad69ddf5521996e2021-12-21 10:26:08.196root 11241100x8000000000000000347985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce1dd5c42fb8cd92021-12-21 10:26:08.196root 11241100x8000000000000000347986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119684c16bfdbcb42021-12-21 10:26:08.196root 11241100x8000000000000000347987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a692be767f6f69cf2021-12-21 10:26:08.196root 11241100x8000000000000000347988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a387104c9ec8162021-12-21 10:26:08.196root 11241100x8000000000000000347989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73cc74820ed074f62021-12-21 10:26:08.693root 11241100x8000000000000000347990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abea8c7e011b2b4d2021-12-21 10:26:08.693root 11241100x8000000000000000347991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f9a4c476fa183a2021-12-21 10:26:08.694root 11241100x8000000000000000347992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c345d8f8b6f122742021-12-21 10:26:08.694root 11241100x8000000000000000347993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12aa2e3020a8a1e32021-12-21 10:26:08.694root 11241100x8000000000000000347994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c744d8c20bd05d2021-12-21 10:26:08.695root 11241100x8000000000000000347995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21c137a85d21d0d2021-12-21 10:26:08.695root 11241100x8000000000000000347996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2613611dacade302021-12-21 10:26:08.695root 11241100x8000000000000000347997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3702921e1a2f2122021-12-21 10:26:08.695root 11241100x8000000000000000347998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2768fe86e44841e42021-12-21 10:26:08.695root 11241100x8000000000000000347999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211576ea1ee12d912021-12-21 10:26:08.695root 11241100x8000000000000000348000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da6103427d23fa652021-12-21 10:26:08.696root 11241100x8000000000000000348001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce82c8d4fb015c72021-12-21 10:26:08.696root 11241100x8000000000000000348002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65866c41cb46edc62021-12-21 10:26:08.696root 11241100x8000000000000000348003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b83fd78350fd1a2021-12-21 10:26:08.696root 11241100x8000000000000000348004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7dd40688b3000e2021-12-21 10:26:08.696root 11241100x8000000000000000348005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db61e8d9b26882c2021-12-21 10:26:08.696root 11241100x8000000000000000348006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313c657b6837986e2021-12-21 10:26:08.696root 11241100x8000000000000000348007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daedbd006f8d83332021-12-21 10:26:08.697root 11241100x8000000000000000348008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c5fc80b6044fc12021-12-21 10:26:08.697root 11241100x8000000000000000348009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8d288dd8068e652021-12-21 10:26:08.697root 11241100x8000000000000000348010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef6e287b07504792021-12-21 10:26:08.697root 11241100x8000000000000000348011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717e4538b24128ca2021-12-21 10:26:08.697root 11241100x8000000000000000348012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883d6fecbdd1e03a2021-12-21 10:26:08.697root 11241100x8000000000000000348013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689c01096ec42b222021-12-21 10:26:08.697root 11241100x8000000000000000348014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3cf76409b6f6f02021-12-21 10:26:08.697root 11241100x8000000000000000348015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58bdf8cfdc826312021-12-21 10:26:08.697root 11241100x8000000000000000348016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b6426af4b964d02021-12-21 10:26:08.698root 11241100x8000000000000000348017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1ad3cad85e86a42021-12-21 10:26:08.698root 11241100x8000000000000000348018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7750338173487bc2021-12-21 10:26:08.698root 11241100x8000000000000000348019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:08.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2396313366d4ba9b2021-12-21 10:26:08.698root 11241100x8000000000000000348020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13d3fb0873204412021-12-21 10:26:09.193root 11241100x8000000000000000348021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9283c6db83f1242a2021-12-21 10:26:09.193root 11241100x8000000000000000348022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc727898de0505e2021-12-21 10:26:09.193root 11241100x8000000000000000348023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0491066c74525f22021-12-21 10:26:09.194root 11241100x8000000000000000348024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2772a593bd9885a52021-12-21 10:26:09.194root 11241100x8000000000000000348025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f3e8048a7568422021-12-21 10:26:09.194root 11241100x8000000000000000348026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab9877bc3d9bf762021-12-21 10:26:09.194root 11241100x8000000000000000348027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50abe535330f04e72021-12-21 10:26:09.194root 11241100x8000000000000000348028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6927f4f2aa747b2021-12-21 10:26:09.194root 11241100x8000000000000000348029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4506695345fbb5aa2021-12-21 10:26:09.194root 11241100x8000000000000000348030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e519cb7cca8d3b82021-12-21 10:26:09.194root 11241100x8000000000000000348031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6fae80b9e5ee9182021-12-21 10:26:09.194root 11241100x8000000000000000348032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9a5ca99764943f2021-12-21 10:26:09.195root 11241100x8000000000000000348033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7292e3af8e4d4d2021-12-21 10:26:09.195root 11241100x8000000000000000348034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c64915982fc313a2021-12-21 10:26:09.195root 11241100x8000000000000000348035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b55991aa0010652021-12-21 10:26:09.195root 11241100x8000000000000000348036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5a6f54836732232021-12-21 10:26:09.195root 11241100x8000000000000000348037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fa9a3830494f4e2021-12-21 10:26:09.195root 11241100x8000000000000000348038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c39e516536c5212021-12-21 10:26:09.195root 11241100x8000000000000000348039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c92f4356e4111f2021-12-21 10:26:09.195root 11241100x8000000000000000348040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c7a6db6eb2d0f02021-12-21 10:26:09.195root 11241100x8000000000000000348041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c78f75d879dbbc22021-12-21 10:26:09.196root 11241100x8000000000000000348042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6df4e5f5fa494e2021-12-21 10:26:09.196root 11241100x8000000000000000348043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30a548fc65c1d652021-12-21 10:26:09.196root 11241100x8000000000000000348044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94c29a0f5e7abee2021-12-21 10:26:09.196root 11241100x8000000000000000348045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b63875635744684f2021-12-21 10:26:09.196root 11241100x8000000000000000348046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b2722e96ba90b82021-12-21 10:26:09.196root 11241100x8000000000000000348047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceeb470e724d83622021-12-21 10:26:09.196root 11241100x8000000000000000348048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a6d3b0e0012a1a2021-12-21 10:26:09.196root 11241100x8000000000000000348049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb9914bacde2bbf2021-12-21 10:26:09.197root 11241100x8000000000000000348050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08bb515a39379312021-12-21 10:26:09.197root 11241100x8000000000000000348051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133b5f6b52db9d712021-12-21 10:26:09.197root 11241100x8000000000000000348052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513580dd2f12b3382021-12-21 10:26:09.197root 11241100x8000000000000000348053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa44c6f012bc7572021-12-21 10:26:09.197root 11241100x8000000000000000348054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421a5f7894c067952021-12-21 10:26:09.197root 11241100x8000000000000000348055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e022761fabe7ab452021-12-21 10:26:09.198root 11241100x8000000000000000348056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a62ea21b49a8b792021-12-21 10:26:09.198root 11241100x8000000000000000348057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87b94d63a91f9502021-12-21 10:26:09.198root 11241100x8000000000000000348058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8dd8447c79266c2021-12-21 10:26:09.198root 11241100x8000000000000000348059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed54d64ae886b1292021-12-21 10:26:09.198root 11241100x8000000000000000348060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c041ab3109ff88a2021-12-21 10:26:09.198root 11241100x8000000000000000348061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2ab542705403e12021-12-21 10:26:09.199root 11241100x8000000000000000348062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81bad58ff85113e2021-12-21 10:26:09.199root 11241100x8000000000000000348063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4ab5d803c72e2c2021-12-21 10:26:09.199root 11241100x8000000000000000348064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bbe38987778b0062021-12-21 10:26:09.199root 11241100x8000000000000000348065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfd8c67cc96ad6c2021-12-21 10:26:09.199root 11241100x8000000000000000348066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2220cdb3ceb8abe82021-12-21 10:26:09.200root 11241100x8000000000000000348067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e392d99c0d874ba82021-12-21 10:26:09.200root 11241100x8000000000000000348068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5a84c10c77a27d2021-12-21 10:26:09.200root 11241100x8000000000000000348069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d4640fb1f6fec32021-12-21 10:26:09.200root 11241100x8000000000000000348070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c8723a1f350b5d02021-12-21 10:26:09.200root 11241100x8000000000000000348071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06477ffbe5290ef92021-12-21 10:26:09.201root 11241100x8000000000000000348072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535d36ad4770ef702021-12-21 10:26:09.201root 11241100x8000000000000000348073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d942452875f4dee12021-12-21 10:26:09.201root 11241100x8000000000000000348074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d97134cdc488d72021-12-21 10:26:09.201root 11241100x8000000000000000348075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f650b4963c770ef2021-12-21 10:26:09.201root 11241100x8000000000000000348076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8128de070c9ed9d52021-12-21 10:26:09.201root 11241100x8000000000000000348077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9beb482786bc8ef2021-12-21 10:26:09.201root 11241100x8000000000000000348078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00dc9c4ac7b856892021-12-21 10:26:09.201root 11241100x8000000000000000348079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a1523261f7402a2021-12-21 10:26:09.201root 11241100x8000000000000000348080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b9e26aa56f30fe2021-12-21 10:26:09.201root 11241100x8000000000000000348081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76a00972ffb8d332021-12-21 10:26:09.202root 11241100x8000000000000000348082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2dbfc116e2837d62021-12-21 10:26:09.202root 11241100x8000000000000000348083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d87e82211f60122021-12-21 10:26:09.202root 11241100x8000000000000000348084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ce6188bfcc282c2021-12-21 10:26:09.202root 11241100x8000000000000000348085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f9d11c50fe2d2b2021-12-21 10:26:09.202root 11241100x8000000000000000348086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81417f0de867617a2021-12-21 10:26:09.202root 11241100x8000000000000000348087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348347aae458f6722021-12-21 10:26:09.202root 11241100x8000000000000000348088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08e3674926710742021-12-21 10:26:09.202root 11241100x8000000000000000348089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a4b62fd00cc1b12021-12-21 10:26:09.203root 11241100x8000000000000000348090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a553b0f55d28a0892021-12-21 10:26:09.203root 11241100x8000000000000000348091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f2a7f159285d212021-12-21 10:26:09.203root 11241100x8000000000000000348092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0601f1d60770fc802021-12-21 10:26:09.203root 23542300x8000000000000000348093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.349{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000348094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be121e67add268d42021-12-21 10:26:09.693root 11241100x8000000000000000348095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4560770afc97893a2021-12-21 10:26:09.693root 11241100x8000000000000000348096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307603504b1538672021-12-21 10:26:09.693root 11241100x8000000000000000348097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a969a2d69e62383d2021-12-21 10:26:09.694root 11241100x8000000000000000348098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d4d63d7de564562021-12-21 10:26:09.694root 11241100x8000000000000000348099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac0e655331457a02021-12-21 10:26:09.694root 11241100x8000000000000000348100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c7509f5cd2a8a32021-12-21 10:26:09.694root 11241100x8000000000000000348101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eddaf9711ed2f3ec2021-12-21 10:26:09.694root 11241100x8000000000000000348102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac04c9d69fde661e2021-12-21 10:26:09.694root 11241100x8000000000000000348103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132b669626810b3b2021-12-21 10:26:09.694root 11241100x8000000000000000348104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3774ee81a11b0a652021-12-21 10:26:09.694root 11241100x8000000000000000348105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728c268aee21cec22021-12-21 10:26:09.694root 11241100x8000000000000000348106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72dc7b60630d41292021-12-21 10:26:09.694root 11241100x8000000000000000348107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd36c2ece3a650b2021-12-21 10:26:09.694root 11241100x8000000000000000348108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5aa8f8f8e9d78e2021-12-21 10:26:09.694root 11241100x8000000000000000348109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8aeef26c7361f332021-12-21 10:26:09.694root 11241100x8000000000000000348110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd672edd45374612021-12-21 10:26:09.695root 11241100x8000000000000000348111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c274657d91ec4ed02021-12-21 10:26:09.695root 11241100x8000000000000000348112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a70e4e22e5885b2021-12-21 10:26:09.695root 11241100x8000000000000000348113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4175201a03b54d8b2021-12-21 10:26:09.695root 11241100x8000000000000000348114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657ce2c7c0078c3e2021-12-21 10:26:09.695root 11241100x8000000000000000348115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232e74f0c505dc972021-12-21 10:26:09.695root 11241100x8000000000000000348116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1e51ddf979e1ee2021-12-21 10:26:09.695root 11241100x8000000000000000348117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38979662cf65d2d92021-12-21 10:26:09.695root 11241100x8000000000000000348118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f6f611d98cf8972021-12-21 10:26:09.698root 11241100x8000000000000000348119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d627df88869b262021-12-21 10:26:09.698root 11241100x8000000000000000348120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8f0bf1792966ba2021-12-21 10:26:09.698root 11241100x8000000000000000348121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10e33c4485e07602021-12-21 10:26:09.698root 11241100x8000000000000000348122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c29e14f2420de642021-12-21 10:26:10.193root 11241100x8000000000000000348123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9bfdabd6817bbc2021-12-21 10:26:10.193root 11241100x8000000000000000348124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6a03a45a410da82021-12-21 10:26:10.193root 11241100x8000000000000000348125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6613a62b898b572021-12-21 10:26:10.193root 11241100x8000000000000000348126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aceaf12d38985e622021-12-21 10:26:10.194root 11241100x8000000000000000348127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059afd5c3ef0008c2021-12-21 10:26:10.194root 11241100x8000000000000000348128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62221c0b05dcc0a2021-12-21 10:26:10.194root 11241100x8000000000000000348129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ef361239736bd92021-12-21 10:26:10.194root 11241100x8000000000000000348130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc111682a826e9f42021-12-21 10:26:10.194root 11241100x8000000000000000348131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66a8c8ad113d50d2021-12-21 10:26:10.194root 11241100x8000000000000000348132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac637f887a4c82d82021-12-21 10:26:10.195root 11241100x8000000000000000348133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1691caa668f882d52021-12-21 10:26:10.195root 11241100x8000000000000000348134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c7af36a5ae5f542021-12-21 10:26:10.195root 11241100x8000000000000000348135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2fa2d1a0b3bebd82021-12-21 10:26:10.195root 11241100x8000000000000000348136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a0c83078befa602021-12-21 10:26:10.195root 11241100x8000000000000000348137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3419f4686de01f2021-12-21 10:26:10.195root 11241100x8000000000000000348138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f514583e6906f4422021-12-21 10:26:10.195root 11241100x8000000000000000348139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3526e6cead4479d2021-12-21 10:26:10.196root 11241100x8000000000000000348140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b574af8a1b441c82021-12-21 10:26:10.196root 11241100x8000000000000000348141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c430db5a66cfd9a2021-12-21 10:26:10.196root 11241100x8000000000000000348142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b83b4795ee03932021-12-21 10:26:10.196root 11241100x8000000000000000348143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9c2cf652fc142b2021-12-21 10:26:10.196root 11241100x8000000000000000348144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fdaa34e9b8a62ba2021-12-21 10:26:10.196root 11241100x8000000000000000348145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c66124e455f466a2021-12-21 10:26:10.196root 11241100x8000000000000000348146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54efe98e1e2472a32021-12-21 10:26:10.196root 11241100x8000000000000000348147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf07b2e6ad03f87c2021-12-21 10:26:10.196root 11241100x8000000000000000348148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52db7d50acb4c4d42021-12-21 10:26:10.196root 11241100x8000000000000000348149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69353915b10fcc22021-12-21 10:26:10.197root 11241100x8000000000000000348150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22dec3c3173f06172021-12-21 10:26:10.197root 11241100x8000000000000000348151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf25be040f252842021-12-21 10:26:10.197root 11241100x8000000000000000348152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d376da007d42762021-12-21 10:26:10.197root 11241100x8000000000000000348153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc65100278cab4e2021-12-21 10:26:10.197root 11241100x8000000000000000348154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d922f41fdab179cf2021-12-21 10:26:10.197root 11241100x8000000000000000348155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57573c05c348b1f2021-12-21 10:26:10.197root 11241100x8000000000000000348156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1cf6629244383f2021-12-21 10:26:10.197root 11241100x8000000000000000348157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36aeb7837653fbe2021-12-21 10:26:10.197root 11241100x8000000000000000348158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554066962bf1d35d2021-12-21 10:26:10.197root 11241100x8000000000000000348159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1803a0c5dae07c092021-12-21 10:26:10.693root 11241100x8000000000000000348160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923ab202e3e29dc32021-12-21 10:26:10.693root 11241100x8000000000000000348161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ab19fef797552b2021-12-21 10:26:10.694root 11241100x8000000000000000348162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba85d66a9eb5d042021-12-21 10:26:10.694root 11241100x8000000000000000348163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407bef7f3ec933d12021-12-21 10:26:10.694root 11241100x8000000000000000348164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0db71d2e3d152e2021-12-21 10:26:10.695root 11241100x8000000000000000348165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2bb443413345e02021-12-21 10:26:10.695root 11241100x8000000000000000348166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8c3278dc69d0842021-12-21 10:26:10.695root 11241100x8000000000000000348167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c583837229d6a1d2021-12-21 10:26:10.695root 11241100x8000000000000000348168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6586dae9330a402021-12-21 10:26:10.695root 11241100x8000000000000000348169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f67991cac61908f2021-12-21 10:26:10.695root 11241100x8000000000000000348170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2943a98206d54a52021-12-21 10:26:10.696root 11241100x8000000000000000348171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652e7a2eabe1a2342021-12-21 10:26:10.696root 11241100x8000000000000000348172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431e042cdd47539c2021-12-21 10:26:10.696root 11241100x8000000000000000348173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb6cdc682d3ddcb2021-12-21 10:26:10.696root 11241100x8000000000000000348174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986ad1392cb5a6c12021-12-21 10:26:10.696root 11241100x8000000000000000348175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968ca121a318afdd2021-12-21 10:26:10.696root 11241100x8000000000000000348176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ccad616c4c10442021-12-21 10:26:10.696root 11241100x8000000000000000348177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447c91d6e8763b9e2021-12-21 10:26:10.696root 11241100x8000000000000000348178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5964b490b39e1a2021-12-21 10:26:10.696root 11241100x8000000000000000348179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e6ead820e2ed26d2021-12-21 10:26:10.697root 11241100x8000000000000000348180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f90a9955058339d2021-12-21 10:26:10.697root 11241100x8000000000000000348181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a451723951f5442021-12-21 10:26:10.697root 11241100x8000000000000000348182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44853410cc5e9272021-12-21 10:26:10.697root 11241100x8000000000000000348183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64113afdddb5fe512021-12-21 10:26:10.697root 11241100x8000000000000000348184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03fcd43c46ee7abb2021-12-21 10:26:10.697root 11241100x8000000000000000348185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57a38e73c68cdfd2021-12-21 10:26:10.697root 11241100x8000000000000000348186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502f160a22e8cafc2021-12-21 10:26:10.697root 11241100x8000000000000000348187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b3febbdf100aef2021-12-21 10:26:10.697root 11241100x8000000000000000348188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f43bd34a44e07102021-12-21 10:26:10.697root 11241100x8000000000000000348189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34a213483bc577c2021-12-21 10:26:11.193root 11241100x8000000000000000348190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1e60f7b36344a92021-12-21 10:26:11.193root 11241100x8000000000000000348191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6baea2ebb3f6e42021-12-21 10:26:11.193root 11241100x8000000000000000348192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b200e538c74cc92021-12-21 10:26:11.193root 11241100x8000000000000000348193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d8aea004ed253e2021-12-21 10:26:11.193root 11241100x8000000000000000348194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190a69b45ab4206d2021-12-21 10:26:11.194root 11241100x8000000000000000348195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f11bbfeb2c0bfa2021-12-21 10:26:11.194root 11241100x8000000000000000348196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8bb9ee406d384fa2021-12-21 10:26:11.194root 11241100x8000000000000000348197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae0aad7b08b0ae42021-12-21 10:26:11.195root 11241100x8000000000000000348198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2be84f518d8d052021-12-21 10:26:11.195root 11241100x8000000000000000348199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139dad7b34db86e92021-12-21 10:26:11.196root 11241100x8000000000000000348200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cadbf34c84fd30272021-12-21 10:26:11.197root 11241100x8000000000000000348201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a9ad43d481436a2021-12-21 10:26:11.198root 11241100x8000000000000000348202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2551b0201c70deaa2021-12-21 10:26:11.198root 11241100x8000000000000000348203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd014692ec8a2ee2021-12-21 10:26:11.198root 11241100x8000000000000000348204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f583d498674d6d4e2021-12-21 10:26:11.198root 11241100x8000000000000000348205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a16abb5a1145872021-12-21 10:26:11.198root 11241100x8000000000000000348206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4559c674ff4649d92021-12-21 10:26:11.198root 11241100x8000000000000000348207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e0d595a37dea8e2021-12-21 10:26:11.198root 11241100x8000000000000000348208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.401ac4f21b4366142021-12-21 10:26:11.198root 11241100x8000000000000000348209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140c70489e7494872021-12-21 10:26:11.198root 11241100x8000000000000000348210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a6724ec480ac152021-12-21 10:26:11.198root 11241100x8000000000000000348211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db748a82aed534f12021-12-21 10:26:11.198root 11241100x8000000000000000348212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5cc8fea5c2f5b02021-12-21 10:26:11.198root 11241100x8000000000000000348213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31fd1bbf440857932021-12-21 10:26:11.198root 11241100x8000000000000000348214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31257f2975c03e152021-12-21 10:26:11.198root 11241100x8000000000000000348215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce73bfc68da83d62021-12-21 10:26:11.198root 11241100x8000000000000000348216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0227e411798219822021-12-21 10:26:11.198root 11241100x8000000000000000348217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e269d75c2e818ad32021-12-21 10:26:11.199root 11241100x8000000000000000348218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aaa4222addad1ad2021-12-21 10:26:11.199root 11241100x8000000000000000348219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f810f744c2c630f22021-12-21 10:26:11.199root 11241100x8000000000000000348220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239e3ee3aa75f47b2021-12-21 10:26:11.199root 11241100x8000000000000000348221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3d854074f5d84e2021-12-21 10:26:11.199root 11241100x8000000000000000348222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9aeab46bf9e0afa2021-12-21 10:26:11.199root 11241100x8000000000000000348223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f1d8039f82d7552021-12-21 10:26:11.199root 354300x8000000000000000348224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.248{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47094-false10.0.1.12-8000- 11241100x8000000000000000348225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6159a429b1d6772021-12-21 10:26:11.693root 11241100x8000000000000000348226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d125e1eacfed3822021-12-21 10:26:11.693root 11241100x8000000000000000348227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6af1b36b8cffd42021-12-21 10:26:11.693root 11241100x8000000000000000348228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69044d163170b4f82021-12-21 10:26:11.693root 11241100x8000000000000000348229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6c0e9001869ef82021-12-21 10:26:11.693root 11241100x8000000000000000348230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba964f1b8042b5b2021-12-21 10:26:11.693root 11241100x8000000000000000348231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e791d66638c0233e2021-12-21 10:26:11.693root 11241100x8000000000000000348232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78161a9966797f012021-12-21 10:26:11.694root 11241100x8000000000000000348233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b681e56a16b33d62021-12-21 10:26:11.694root 11241100x8000000000000000348234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31ad7e16d8bca7f2021-12-21 10:26:11.694root 11241100x8000000000000000348235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4a87cd946cc9fd2021-12-21 10:26:11.694root 11241100x8000000000000000348236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ff4c6d9eceeaf22021-12-21 10:26:11.694root 11241100x8000000000000000348237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75a8d33ce2fe1c42021-12-21 10:26:11.694root 11241100x8000000000000000348238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b9d9d92249a3db2021-12-21 10:26:11.694root 11241100x8000000000000000348239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfee35c13b12d802021-12-21 10:26:11.695root 11241100x8000000000000000348240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c880b62d1a3be0692021-12-21 10:26:11.695root 11241100x8000000000000000348241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d578837302521eec2021-12-21 10:26:11.695root 11241100x8000000000000000348242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c406785c27b80dd02021-12-21 10:26:11.695root 11241100x8000000000000000348243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf0c9e9cb6ca5a42021-12-21 10:26:11.695root 11241100x8000000000000000348244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1278d29f7a97afba2021-12-21 10:26:11.695root 11241100x8000000000000000348245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d6e94a03799c372021-12-21 10:26:11.695root 11241100x8000000000000000348246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d264e2065dcab9d02021-12-21 10:26:11.696root 11241100x8000000000000000348247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc39f2e3289698b2021-12-21 10:26:11.696root 11241100x8000000000000000348248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a8379ee184b7cc2021-12-21 10:26:11.696root 11241100x8000000000000000348249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3314cec1a8ac68722021-12-21 10:26:11.696root 11241100x8000000000000000348250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35605671d0c57ea2021-12-21 10:26:11.697root 11241100x8000000000000000348251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e71b1aa2f1227e2021-12-21 10:26:11.697root 11241100x8000000000000000348252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee744dbe03a13422021-12-21 10:26:11.697root 11241100x8000000000000000348253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad690a8ff2961f72021-12-21 10:26:11.697root 11241100x8000000000000000348254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd43383f1360c5a32021-12-21 10:26:11.698root 11241100x8000000000000000348255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7862124d2eff61fc2021-12-21 10:26:11.698root 11241100x8000000000000000348256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0041a06d6b38fcdd2021-12-21 10:26:11.698root 11241100x8000000000000000348257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833a64c1f144e0152021-12-21 10:26:11.699root 11241100x8000000000000000348258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b887d132ae95b22e2021-12-21 10:26:11.699root 11241100x8000000000000000348259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b878626142eed5fe2021-12-21 10:26:11.699root 11241100x8000000000000000348260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4db8280506a1812021-12-21 10:26:11.699root 11241100x8000000000000000348261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b93d615aaae2912021-12-21 10:26:11.700root 11241100x8000000000000000348262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cce6ded68925d442021-12-21 10:26:11.700root 11241100x8000000000000000348263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fdeb35ed98d42492021-12-21 10:26:11.701root 11241100x8000000000000000348264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d53cf72b681c7032021-12-21 10:26:11.701root 11241100x8000000000000000348265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb99f5fb6cde7ee82021-12-21 10:26:11.702root 11241100x8000000000000000348266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235b1299f2d15aec2021-12-21 10:26:11.702root 11241100x8000000000000000348267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907e141f7cd3e8c22021-12-21 10:26:11.702root 11241100x8000000000000000348268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5798b40d0b3e54252021-12-21 10:26:11.703root 11241100x8000000000000000348269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96eab76587a79db32021-12-21 10:26:11.703root 11241100x8000000000000000348270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5ea8a16d838c752021-12-21 10:26:11.703root 11241100x8000000000000000348271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe77fbe0e1527ef2021-12-21 10:26:11.704root 11241100x8000000000000000348272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2d8d4ab4047f942021-12-21 10:26:11.704root 11241100x8000000000000000348273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:11.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62e19c22bb5ee272021-12-21 10:26:11.704root 11241100x8000000000000000348274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b071b774a2cba862021-12-21 10:26:12.193root 11241100x8000000000000000348275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092e44b569392d432021-12-21 10:26:12.193root 11241100x8000000000000000348276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2af63540be93b02021-12-21 10:26:12.194root 11241100x8000000000000000348277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c77f55163d23312021-12-21 10:26:12.194root 11241100x8000000000000000348278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.189a2857b0c06a4b2021-12-21 10:26:12.194root 11241100x8000000000000000348279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1daa721ce125a8382021-12-21 10:26:12.194root 11241100x8000000000000000348280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590c76725664a5cc2021-12-21 10:26:12.194root 11241100x8000000000000000348281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc62bc6ea1c071c12021-12-21 10:26:12.195root 11241100x8000000000000000348282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3d9c10aa64bb1d2021-12-21 10:26:12.195root 11241100x8000000000000000348283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6ee325f97439ea2021-12-21 10:26:12.195root 11241100x8000000000000000348284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b6d442ba4bf9fc2021-12-21 10:26:12.195root 11241100x8000000000000000348285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4d9440ac26ff682021-12-21 10:26:12.195root 11241100x8000000000000000348286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e4b8b294bc49162021-12-21 10:26:12.195root 11241100x8000000000000000348287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2506f38613b8528b2021-12-21 10:26:12.196root 11241100x8000000000000000348288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0721f15d9ffa8d2021-12-21 10:26:12.196root 11241100x8000000000000000348289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c99545824e8676a2021-12-21 10:26:12.196root 11241100x8000000000000000348290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b51091bd2585cdb2021-12-21 10:26:12.196root 11241100x8000000000000000348291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db31761da9f9d9c2021-12-21 10:26:12.197root 11241100x8000000000000000348292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bed138fc98f57072021-12-21 10:26:12.197root 11241100x8000000000000000348293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef8694db7f5134c2021-12-21 10:26:12.197root 11241100x8000000000000000348294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15b040fcf4c38bb2021-12-21 10:26:12.197root 11241100x8000000000000000348295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99afa6c2a3ea71042021-12-21 10:26:12.197root 11241100x8000000000000000348296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a76d5fcc3a638772021-12-21 10:26:12.197root 11241100x8000000000000000348297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb1e1c7c0b3e6c32021-12-21 10:26:12.197root 11241100x8000000000000000348298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3040595b211140a82021-12-21 10:26:12.198root 11241100x8000000000000000348299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc0f3a71f35a25f2021-12-21 10:26:12.198root 11241100x8000000000000000348300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3c3d54534df89d2021-12-21 10:26:12.198root 11241100x8000000000000000348301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8a726d803b03ba2021-12-21 10:26:12.198root 11241100x8000000000000000348302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75792dd2032047b2021-12-21 10:26:12.198root 11241100x8000000000000000348303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00582d723f389232021-12-21 10:26:12.199root 11241100x8000000000000000348304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2afef3d02ce08c072021-12-21 10:26:12.199root 11241100x8000000000000000348305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eff56a89633d00d2021-12-21 10:26:12.199root 11241100x8000000000000000348306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e7ce18017b10522021-12-21 10:26:12.693root 11241100x8000000000000000348307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5ab4d7559059192021-12-21 10:26:12.693root 11241100x8000000000000000348308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e782ee61ee9d57902021-12-21 10:26:12.693root 11241100x8000000000000000348309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207ce0137a3648e42021-12-21 10:26:12.693root 11241100x8000000000000000348310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c55f902d2fd4ba82021-12-21 10:26:12.694root 11241100x8000000000000000348311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c7ca57ec6233e52021-12-21 10:26:12.694root 11241100x8000000000000000348312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba25911d8c15d53d2021-12-21 10:26:12.694root 11241100x8000000000000000348313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b9eb260592ed992021-12-21 10:26:12.694root 11241100x8000000000000000348314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752e406ecdca3c482021-12-21 10:26:12.695root 11241100x8000000000000000348315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a378379d6cc9d6162021-12-21 10:26:12.695root 11241100x8000000000000000348316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86141b2664774292021-12-21 10:26:12.695root 11241100x8000000000000000348317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ddbcdba936a6daa2021-12-21 10:26:12.696root 11241100x8000000000000000348318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b03515c1c2cabf2021-12-21 10:26:12.696root 11241100x8000000000000000348319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb30f88024035892021-12-21 10:26:12.696root 11241100x8000000000000000348320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ad92700db7a6e52021-12-21 10:26:12.696root 11241100x8000000000000000348321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ed4a7b7157c7f92021-12-21 10:26:12.696root 11241100x8000000000000000348322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b164a1ddea730ad2021-12-21 10:26:12.696root 11241100x8000000000000000348323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d281d40c68af85c82021-12-21 10:26:12.697root 11241100x8000000000000000348324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d430dc7e6e053282021-12-21 10:26:12.697root 11241100x8000000000000000348325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5865a9d79ab711702021-12-21 10:26:12.697root 11241100x8000000000000000348326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be86beacea20a41c2021-12-21 10:26:12.697root 11241100x8000000000000000348327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0fa6f229ad812e82021-12-21 10:26:12.697root 11241100x8000000000000000348328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b50400a436e0f6b2021-12-21 10:26:12.697root 11241100x8000000000000000348329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2737de8c0a81012021-12-21 10:26:12.698root 11241100x8000000000000000348330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54445567f7cf3eb62021-12-21 10:26:12.698root 11241100x8000000000000000348331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ec8986be25fcf42021-12-21 10:26:12.698root 11241100x8000000000000000348332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4a120ca20f3a022021-12-21 10:26:12.698root 11241100x8000000000000000348333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a712c5efa0c06af62021-12-21 10:26:12.698root 11241100x8000000000000000348334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611c8f0582167f022021-12-21 10:26:12.698root 11241100x8000000000000000348335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7660bddeb98c8aa52021-12-21 10:26:12.698root 11241100x8000000000000000348336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dede7b89bf630b902021-12-21 10:26:12.698root 11241100x8000000000000000348337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9caa7b59e7a6f3462021-12-21 10:26:12.698root 11241100x8000000000000000348338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caee829689b13fe72021-12-21 10:26:12.699root 11241100x8000000000000000348339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7dcc780e43a828a2021-12-21 10:26:12.699root 11241100x8000000000000000348340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f293d67d01bd36d2021-12-21 10:26:12.699root 11241100x8000000000000000348341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:12.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3122120c6fcf46122021-12-21 10:26:12.699root 11241100x8000000000000000348342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc48303abf80ba12021-12-21 10:26:13.193root 11241100x8000000000000000348343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07acebc82482e9342021-12-21 10:26:13.193root 11241100x8000000000000000348344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b3cc746f8c6f462021-12-21 10:26:13.194root 11241100x8000000000000000348345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f58a7d6ecb11e8b2021-12-21 10:26:13.194root 11241100x8000000000000000348346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e84d21c80953742021-12-21 10:26:13.194root 11241100x8000000000000000348347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ba34408e69d8b82021-12-21 10:26:13.194root 11241100x8000000000000000348348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5e34e84db9b6332021-12-21 10:26:13.195root 11241100x8000000000000000348349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee46158c8a1b6522021-12-21 10:26:13.195root 11241100x8000000000000000348350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35617f8453f0378b2021-12-21 10:26:13.195root 11241100x8000000000000000348351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333b485ce50d57392021-12-21 10:26:13.196root 11241100x8000000000000000348352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c764d003b76c012021-12-21 10:26:13.196root 11241100x8000000000000000348353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c357fedfb0601f592021-12-21 10:26:13.196root 11241100x8000000000000000348354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a168a8fa0709962021-12-21 10:26:13.196root 11241100x8000000000000000348355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0db15862bc0e0002021-12-21 10:26:13.196root 11241100x8000000000000000348356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25363eeaf633e4892021-12-21 10:26:13.197root 11241100x8000000000000000348357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8294e84b7422dfc62021-12-21 10:26:13.197root 11241100x8000000000000000348358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f1c8d40ee6444f2021-12-21 10:26:13.197root 11241100x8000000000000000348359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08a42607bfc4cbb2021-12-21 10:26:13.197root 11241100x8000000000000000348360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23df8b8890d425d2021-12-21 10:26:13.197root 11241100x8000000000000000348361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae001d8bd957ab12021-12-21 10:26:13.198root 11241100x8000000000000000348362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da161b30d1d51cf2021-12-21 10:26:13.198root 11241100x8000000000000000348363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ca8e209395dd052021-12-21 10:26:13.198root 11241100x8000000000000000348364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b2e85f2d3590972021-12-21 10:26:13.198root 11241100x8000000000000000348365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75771cdd0b12ae82021-12-21 10:26:13.199root 11241100x8000000000000000348366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a90b681dc10ef3a2021-12-21 10:26:13.199root 11241100x8000000000000000348367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b0758dec96ebaac2021-12-21 10:26:13.199root 11241100x8000000000000000348368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21963bf4ff0ec6252021-12-21 10:26:13.199root 11241100x8000000000000000348369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25fd111b3cd7ce772021-12-21 10:26:13.199root 11241100x8000000000000000348370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df511a063020ab4d2021-12-21 10:26:13.199root 11241100x8000000000000000348371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773d1f54f160c0b82021-12-21 10:26:13.199root 11241100x8000000000000000348372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f808e7a253dfa202021-12-21 10:26:13.200root 11241100x8000000000000000348373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51bbf7af772faf3e2021-12-21 10:26:13.200root 11241100x8000000000000000348374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1234b5b401422b2021-12-21 10:26:13.200root 11241100x8000000000000000348375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecc405d3f334d8f2021-12-21 10:26:13.693root 11241100x8000000000000000348376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3f1fdab707527b2021-12-21 10:26:13.693root 11241100x8000000000000000348377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ca38ec6cc8948c2021-12-21 10:26:13.694root 11241100x8000000000000000348378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4885fe6629cbbcbf2021-12-21 10:26:13.694root 11241100x8000000000000000348379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df606836fde52a112021-12-21 10:26:13.694root 11241100x8000000000000000348380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6aa0427af21f522021-12-21 10:26:13.694root 11241100x8000000000000000348381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2242ddf7dca0551a2021-12-21 10:26:13.694root 11241100x8000000000000000348382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b4aa9240e6ef792021-12-21 10:26:13.694root 11241100x8000000000000000348383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f600ba9b50fe5f2021-12-21 10:26:13.695root 11241100x8000000000000000348384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e875f50c9c2e74962021-12-21 10:26:13.695root 11241100x8000000000000000348385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4beee43b9bc3a72021-12-21 10:26:13.695root 11241100x8000000000000000348386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463d46b205ac72d02021-12-21 10:26:13.696root 11241100x8000000000000000348387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b2326c1505aa8a2021-12-21 10:26:13.696root 11241100x8000000000000000348388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90a4ed0ec0376582021-12-21 10:26:13.696root 11241100x8000000000000000348389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef14352a38722da62021-12-21 10:26:13.696root 11241100x8000000000000000348390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4baefd58d25169c2021-12-21 10:26:13.697root 11241100x8000000000000000348391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ca7b7389b13fd02021-12-21 10:26:13.697root 11241100x8000000000000000348392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe47a7e3474078152021-12-21 10:26:13.697root 11241100x8000000000000000348393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ddb73b82b72c4a2021-12-21 10:26:13.698root 11241100x8000000000000000348394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad991ba621a9fab32021-12-21 10:26:13.698root 11241100x8000000000000000348395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.442d8eb5ab6b1c032021-12-21 10:26:13.698root 11241100x8000000000000000348396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c739ae99650855612021-12-21 10:26:13.699root 11241100x8000000000000000348397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2289496f021bf872021-12-21 10:26:13.699root 11241100x8000000000000000348398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5540ca697e74f2e2021-12-21 10:26:13.700root 11241100x8000000000000000348399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403f5cab13fd70bd2021-12-21 10:26:13.700root 11241100x8000000000000000348400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b93257b68a404e672021-12-21 10:26:13.700root 11241100x8000000000000000348401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55dc347c39c29f52021-12-21 10:26:13.705root 11241100x8000000000000000348402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51c4aceab784dc22021-12-21 10:26:13.706root 11241100x8000000000000000348403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b567931791849332021-12-21 10:26:13.706root 11241100x8000000000000000348404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14eeb705f90ac032021-12-21 10:26:13.706root 11241100x8000000000000000348405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:13.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea611104245b4ec2021-12-21 10:26:13.706root 11241100x8000000000000000348406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230288d9a89ec8e92021-12-21 10:26:14.193root 11241100x8000000000000000348407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b09e3682d89f992021-12-21 10:26:14.193root 11241100x8000000000000000348408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad0c029025915222021-12-21 10:26:14.193root 11241100x8000000000000000348409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98233be7d1f679d42021-12-21 10:26:14.193root 11241100x8000000000000000348410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd78b24886fd6c2b2021-12-21 10:26:14.194root 11241100x8000000000000000348411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976e902093cd42262021-12-21 10:26:14.194root 11241100x8000000000000000348412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa8e77f1c87d7362021-12-21 10:26:14.194root 11241100x8000000000000000348413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ae0db27782e0a82021-12-21 10:26:14.194root 11241100x8000000000000000348414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0072ccccea973cc42021-12-21 10:26:14.194root 11241100x8000000000000000348415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372f27167bd0754c2021-12-21 10:26:14.194root 11241100x8000000000000000348416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11f635274f3856e2021-12-21 10:26:14.195root 11241100x8000000000000000348417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d5a5257b9c105c2021-12-21 10:26:14.195root 11241100x8000000000000000348418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f59601eb2913032021-12-21 10:26:14.195root 11241100x8000000000000000348419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8c85330015353a2021-12-21 10:26:14.195root 11241100x8000000000000000348420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbfc0d3516c865a52021-12-21 10:26:14.196root 11241100x8000000000000000348421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0220ca587b528cd22021-12-21 10:26:14.196root 11241100x8000000000000000348422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e8d6655e100b012021-12-21 10:26:14.196root 11241100x8000000000000000348423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad2a0d7c0d42be42021-12-21 10:26:14.196root 11241100x8000000000000000348424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8deb84c90b6a652021-12-21 10:26:14.196root 11241100x8000000000000000348425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bbf311c7b719fed2021-12-21 10:26:14.197root 11241100x8000000000000000348426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee272cd982900c152021-12-21 10:26:14.197root 11241100x8000000000000000348427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de702057fd249442021-12-21 10:26:14.197root 11241100x8000000000000000348428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da583e06b9079882021-12-21 10:26:14.197root 11241100x8000000000000000348429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8b1c5355f3f5b02021-12-21 10:26:14.197root 11241100x8000000000000000348430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3892443e44f5593c2021-12-21 10:26:14.197root 11241100x8000000000000000348431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffeacf70e231a4012021-12-21 10:26:14.198root 11241100x8000000000000000348432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dabcf5fe440260492021-12-21 10:26:14.198root 11241100x8000000000000000348433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b09b3793cd8b592021-12-21 10:26:14.198root 11241100x8000000000000000348434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba55084be4e18cf62021-12-21 10:26:14.198root 11241100x8000000000000000348435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cdec66ca16e31152021-12-21 10:26:14.198root 11241100x8000000000000000348436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd33ea19518313552021-12-21 10:26:14.198root 11241100x8000000000000000348437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a0570a2ac1c2432021-12-21 10:26:14.198root 11241100x8000000000000000348438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70458cb8183aad692021-12-21 10:26:14.198root 11241100x8000000000000000348439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1cc18fa9edacd9b2021-12-21 10:26:14.198root 11241100x8000000000000000348440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ab4d089c12aedae2021-12-21 10:26:14.198root 11241100x8000000000000000348441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c229432bf77ae82021-12-21 10:26:14.694root 11241100x8000000000000000348442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3fbc99e100b86c2021-12-21 10:26:14.694root 11241100x8000000000000000348443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9369a6b696c5a5bf2021-12-21 10:26:14.695root 11241100x8000000000000000348444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df275c6befc80b172021-12-21 10:26:14.695root 11241100x8000000000000000348445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a31448ae18a4a1e2021-12-21 10:26:14.696root 11241100x8000000000000000348446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b7cdb30be6523d2021-12-21 10:26:14.696root 11241100x8000000000000000348447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5fda2c165938372021-12-21 10:26:14.696root 11241100x8000000000000000348448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed71962ee86595422021-12-21 10:26:14.696root 11241100x8000000000000000348449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1a430b5970b00e2021-12-21 10:26:14.696root 11241100x8000000000000000348450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8936620d9940065b2021-12-21 10:26:14.696root 11241100x8000000000000000348451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f221ada377bc5c22021-12-21 10:26:14.696root 11241100x8000000000000000348452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f16e09544766912021-12-21 10:26:14.696root 11241100x8000000000000000348453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be118b5d176637b2021-12-21 10:26:14.697root 11241100x8000000000000000348454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8dab696ad521092021-12-21 10:26:14.697root 11241100x8000000000000000348455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a8fc0098d60192a2021-12-21 10:26:14.697root 11241100x8000000000000000348456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54582dcc67ecd8a22021-12-21 10:26:14.697root 11241100x8000000000000000348457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.576a4fc109e94add2021-12-21 10:26:14.697root 11241100x8000000000000000348458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414460ffd13430502021-12-21 10:26:14.697root 11241100x8000000000000000348459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae467a636a11e162021-12-21 10:26:14.697root 11241100x8000000000000000348460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c569f531290a0402021-12-21 10:26:14.697root 11241100x8000000000000000348461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9ccdc62d43827e2021-12-21 10:26:14.698root 11241100x8000000000000000348462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837834b8651a666a2021-12-21 10:26:14.698root 11241100x8000000000000000348463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb46ca5b15b1be752021-12-21 10:26:14.698root 11241100x8000000000000000348464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6df477bf77f546b2021-12-21 10:26:14.698root 11241100x8000000000000000348465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658ed92b65ca77522021-12-21 10:26:14.698root 11241100x8000000000000000348466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d0dc2328a014862021-12-21 10:26:14.698root 11241100x8000000000000000348467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ffed1231e3d15d2021-12-21 10:26:14.698root 11241100x8000000000000000348468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468e6e4cdcaa14ce2021-12-21 10:26:14.698root 11241100x8000000000000000348469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:14.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0331c0c4f027a662021-12-21 10:26:14.698root 154100x8000000000000000348470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.060{ec2b6afe-abc7-61c1-68d4-a72c0b560000}5695/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 11241100x8000000000000000348471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.062{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96736b054d4a6d7e2021-12-21 10:26:15.062root 11241100x8000000000000000348472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.062{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a64e4b1b759585b2021-12-21 10:26:15.062root 11241100x8000000000000000348473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.063{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5d8109c5baf4422021-12-21 10:26:15.063root 11241100x8000000000000000348474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.063{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8487b9891439082021-12-21 10:26:15.063root 11241100x8000000000000000348475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.063{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20994a7ae6c215a2021-12-21 10:26:15.063root 11241100x8000000000000000348476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.063{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc2abef4cc4b66d2021-12-21 10:26:15.063root 11241100x8000000000000000348477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.063{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014a40c9592b44302021-12-21 10:26:15.063root 11241100x8000000000000000348478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.063{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a7bcf4553a70dd2021-12-21 10:26:15.063root 11241100x8000000000000000348479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.063{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8861c3f71ca15d772021-12-21 10:26:15.063root 11241100x8000000000000000348480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.064{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d36e590574a6be142021-12-21 10:26:15.064root 11241100x8000000000000000348481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.064{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95ab6e7c84461e62021-12-21 10:26:15.064root 11241100x8000000000000000348482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.064{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39b9b8fb03cfe6c2021-12-21 10:26:15.064root 11241100x8000000000000000348483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.064{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3781ef168f8d5a2021-12-21 10:26:15.064root 11241100x8000000000000000348484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.064{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96fcd7038872bda2021-12-21 10:26:15.064root 11241100x8000000000000000348485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.064{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f7752f9c52a4a42021-12-21 10:26:15.064root 11241100x8000000000000000348486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.064{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda26afa9bd32e812021-12-21 10:26:15.064root 11241100x8000000000000000348487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.064{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f2925f586971dff2021-12-21 10:26:15.064root 11241100x8000000000000000348488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.064{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf98ddf27f025532021-12-21 10:26:15.064root 11241100x8000000000000000348489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.064{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679fd5e272fcd6f32021-12-21 10:26:15.064root 11241100x8000000000000000348490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.064{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8127526c8fd513242021-12-21 10:26:15.064root 11241100x8000000000000000348491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.064{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a572f06a6cfdd5252021-12-21 10:26:15.064root 11241100x8000000000000000348492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.064{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6839746b090c072021-12-21 10:26:15.064root 11241100x8000000000000000348493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.065{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3424de8a59c1032021-12-21 10:26:15.065root 11241100x8000000000000000348494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.065{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9fc3abfa6c5f342021-12-21 10:26:15.065root 11241100x8000000000000000348495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.065{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0fc2d3aad90a5d32021-12-21 10:26:15.065root 11241100x8000000000000000348496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.065{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78704a8a64bf98b92021-12-21 10:26:15.065root 11241100x8000000000000000348497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.065{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04632710a06d68a2021-12-21 10:26:15.065root 11241100x8000000000000000348498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.065{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eaa0f81ef1806db2021-12-21 10:26:15.065root 11241100x8000000000000000348499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.065{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5ffefd88c2b7ac2021-12-21 10:26:15.065root 11241100x8000000000000000348500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.065{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e810cdb87dc1682021-12-21 10:26:15.065root 11241100x8000000000000000348501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.066{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c61ee8cd76164b32021-12-21 10:26:15.066root 11241100x8000000000000000348502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.066{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0979fe400936e492021-12-21 10:26:15.066root 534500x8000000000000000348503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.076{ec2b6afe-abc7-61c1-68d4-a72c0b560000}5695/bin/psroot 11241100x8000000000000000348504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abafcf79fe97e1112021-12-21 10:26:15.443root 11241100x8000000000000000348505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05f920511b859692021-12-21 10:26:15.443root 11241100x8000000000000000348506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f1c673202003492021-12-21 10:26:15.443root 11241100x8000000000000000348507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227ff97243640be32021-12-21 10:26:15.444root 11241100x8000000000000000348508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27179ea05d37fff2021-12-21 10:26:15.444root 11241100x8000000000000000348509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e6b317ef0ab0792021-12-21 10:26:15.444root 11241100x8000000000000000348510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7143eb62dbc38d22021-12-21 10:26:15.444root 11241100x8000000000000000348511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d51ee77cf76cc42021-12-21 10:26:15.444root 11241100x8000000000000000348512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae1519ec898acfe2021-12-21 10:26:15.444root 11241100x8000000000000000348513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0f3430b3bc7c182021-12-21 10:26:15.444root 11241100x8000000000000000348514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b9ef9d258315c62021-12-21 10:26:15.444root 11241100x8000000000000000348515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321a4bf44b73a6b62021-12-21 10:26:15.444root 11241100x8000000000000000348516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b012c1cf886c8c72021-12-21 10:26:15.444root 11241100x8000000000000000348517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c893e752a841367b2021-12-21 10:26:15.445root 11241100x8000000000000000348518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c45134ba86e0702021-12-21 10:26:15.445root 11241100x8000000000000000348519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4541f7b23c2aea4b2021-12-21 10:26:15.445root 11241100x8000000000000000348520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace9ee60636008d82021-12-21 10:26:15.445root 11241100x8000000000000000348521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d90e6b22eeb67c42021-12-21 10:26:15.445root 11241100x8000000000000000348522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866715dfef7503d82021-12-21 10:26:15.445root 11241100x8000000000000000348523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2aa4fd8e59ec4612021-12-21 10:26:15.445root 11241100x8000000000000000348524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228f3e1f3beff01b2021-12-21 10:26:15.445root 11241100x8000000000000000348525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a50967cb690449f2021-12-21 10:26:15.445root 11241100x8000000000000000348526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895819375c44e5822021-12-21 10:26:15.445root 11241100x8000000000000000348527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce49cb481fa4ab42021-12-21 10:26:15.446root 11241100x8000000000000000348528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3932a445e27a432021-12-21 10:26:15.446root 11241100x8000000000000000348529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059936997ace8b632021-12-21 10:26:15.446root 11241100x8000000000000000348530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22f8e08a7143a672021-12-21 10:26:15.446root 11241100x8000000000000000348531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ab498adc0b33ba2021-12-21 10:26:15.446root 11241100x8000000000000000348532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347bbb7e35ad314b2021-12-21 10:26:15.446root 11241100x8000000000000000348533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09ef687bbced0b302021-12-21 10:26:15.446root 11241100x8000000000000000348534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa5b364b20028f62021-12-21 10:26:15.446root 11241100x8000000000000000348535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4842d6b5608cc602021-12-21 10:26:15.943root 11241100x8000000000000000348536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c043b1ed9be38d2021-12-21 10:26:15.943root 11241100x8000000000000000348537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5960bfc6e38dd1df2021-12-21 10:26:15.944root 11241100x8000000000000000348538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d96521a2cea7942021-12-21 10:26:15.944root 11241100x8000000000000000348539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.357cedb26d6ccc302021-12-21 10:26:15.944root 11241100x8000000000000000348540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed54603cdb74e782021-12-21 10:26:15.944root 11241100x8000000000000000348541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7c1b740230d2662021-12-21 10:26:15.944root 11241100x8000000000000000348542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ccddc673f1f7d32021-12-21 10:26:15.944root 11241100x8000000000000000348543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022f8d53ac6472112021-12-21 10:26:15.944root 11241100x8000000000000000348544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30a5a704bdc26072021-12-21 10:26:15.948root 11241100x8000000000000000348545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06fe3ff54a64f8692021-12-21 10:26:15.948root 11241100x8000000000000000348546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047bc226eacd376a2021-12-21 10:26:15.948root 11241100x8000000000000000348547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c49d5227247b5e2021-12-21 10:26:15.948root 11241100x8000000000000000348548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160797c5239b34942021-12-21 10:26:15.948root 11241100x8000000000000000348549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47586d74ebf3eda2021-12-21 10:26:15.948root 11241100x8000000000000000348550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c47fe8f7aa5ab52021-12-21 10:26:15.948root 11241100x8000000000000000348551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5194d3435e7fd022021-12-21 10:26:15.949root 11241100x8000000000000000348552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6f105dc6c62c632021-12-21 10:26:15.949root 11241100x8000000000000000348553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb715962b311edab2021-12-21 10:26:15.949root 11241100x8000000000000000348554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b851b5cf177c0e52021-12-21 10:26:15.949root 11241100x8000000000000000348555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36762b939d94c55f2021-12-21 10:26:15.949root 11241100x8000000000000000348556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3887898210929c292021-12-21 10:26:15.949root 11241100x8000000000000000348557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b317a3e6b20361052021-12-21 10:26:15.949root 11241100x8000000000000000348558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b7fd70cb5ea87e2021-12-21 10:26:15.949root 11241100x8000000000000000348559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507908e278f6a2da2021-12-21 10:26:15.949root 11241100x8000000000000000348560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3155031d037e790d2021-12-21 10:26:15.949root 11241100x8000000000000000348561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f53091fb3d5b992021-12-21 10:26:15.950root 11241100x8000000000000000348562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624abc369ee75f742021-12-21 10:26:15.950root 11241100x8000000000000000348563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64d07467da8cd602021-12-21 10:26:15.950root 11241100x8000000000000000348564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b28646e1249e1e892021-12-21 10:26:15.950root 11241100x8000000000000000348565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:15.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e2cd01a2c938802021-12-21 10:26:15.950root 11241100x8000000000000000348566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3208d20b615ed932021-12-21 10:26:16.443root 11241100x8000000000000000348567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc01d4f2f50f743f2021-12-21 10:26:16.443root 11241100x8000000000000000348568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16552c5ed4b49d32021-12-21 10:26:16.443root 11241100x8000000000000000348569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127c4f01f36489b82021-12-21 10:26:16.444root 11241100x8000000000000000348570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5947fa15ab4aae322021-12-21 10:26:16.444root 11241100x8000000000000000348571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.932c87b0054d50152021-12-21 10:26:16.444root 11241100x8000000000000000348572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314c7ec32239a9832021-12-21 10:26:16.445root 11241100x8000000000000000348573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead10b4e946e9eca2021-12-21 10:26:16.445root 11241100x8000000000000000348574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3033044a8a71e82021-12-21 10:26:16.445root 11241100x8000000000000000348575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01eef715bcfffc3c2021-12-21 10:26:16.445root 11241100x8000000000000000348576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6823e2068443ade2021-12-21 10:26:16.447root 11241100x8000000000000000348577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e5b9c79c26c98b2021-12-21 10:26:16.447root 11241100x8000000000000000348578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b402d94b821c6d62021-12-21 10:26:16.447root 11241100x8000000000000000348579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b92e818e4244ef2021-12-21 10:26:16.447root 11241100x8000000000000000348580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa778ea2844082e2021-12-21 10:26:16.447root 11241100x8000000000000000348581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b80b559c9efcac2021-12-21 10:26:16.448root 11241100x8000000000000000348582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84af7c99054782f92021-12-21 10:26:16.448root 11241100x8000000000000000348583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6884d3b7f35af1f32021-12-21 10:26:16.448root 11241100x8000000000000000348584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e45e67f1f5cbdb2021-12-21 10:26:16.448root 11241100x8000000000000000348585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6a043a3aa80b2d2021-12-21 10:26:16.448root 11241100x8000000000000000348586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b21fa3b2c2757b52021-12-21 10:26:16.448root 11241100x8000000000000000348587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d3f7620fdee1c12021-12-21 10:26:16.448root 11241100x8000000000000000348588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2860c2553d049adf2021-12-21 10:26:16.449root 11241100x8000000000000000348589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b92d20010e4c972021-12-21 10:26:16.449root 11241100x8000000000000000348590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb11ef4e24b5e1d2021-12-21 10:26:16.449root 11241100x8000000000000000348591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa4df4a6c15fe43e2021-12-21 10:26:16.449root 11241100x8000000000000000348592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbd1e2a9b39e2512021-12-21 10:26:16.450root 11241100x8000000000000000348593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11dd92e55a2d96052021-12-21 10:26:16.450root 11241100x8000000000000000348594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8cdc9c9130b0342021-12-21 10:26:16.450root 11241100x8000000000000000348595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5deb3c398e2a95e52021-12-21 10:26:16.451root 11241100x8000000000000000348596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9410a65dbaf3ba692021-12-21 10:26:16.451root 11241100x8000000000000000348597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a861bbe7cf513e8d2021-12-21 10:26:16.451root 11241100x8000000000000000348598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24757d71533304162021-12-21 10:26:16.451root 11241100x8000000000000000348599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e1afed31e06e102021-12-21 10:26:16.452root 11241100x8000000000000000348600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99666ba5db36f6c82021-12-21 10:26:16.452root 11241100x8000000000000000348601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5c0e66fda203bc2021-12-21 10:26:16.453root 11241100x8000000000000000348602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ffdbd6e58af8a42021-12-21 10:26:16.943root 11241100x8000000000000000348603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06936a89341e9d912021-12-21 10:26:16.943root 11241100x8000000000000000348604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbefb6b089f34f8f2021-12-21 10:26:16.943root 11241100x8000000000000000348605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0174c31c99e5abf32021-12-21 10:26:16.943root 11241100x8000000000000000348606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06fc659213aeadaa2021-12-21 10:26:16.943root 11241100x8000000000000000348607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d545b34fca6a792021-12-21 10:26:16.943root 11241100x8000000000000000348608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2fdcb8216f14a72021-12-21 10:26:16.944root 11241100x8000000000000000348609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328fde798d4b2f762021-12-21 10:26:16.944root 11241100x8000000000000000348610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2615188464b86122021-12-21 10:26:16.944root 11241100x8000000000000000348611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e884a6343d2b6f2021-12-21 10:26:16.945root 11241100x8000000000000000348612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa253aaeacf395bd2021-12-21 10:26:16.945root 11241100x8000000000000000348613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148930d958fd8d1a2021-12-21 10:26:16.945root 11241100x8000000000000000348614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f34380c48f2cd4d2021-12-21 10:26:16.946root 11241100x8000000000000000348615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6985098fa011093b2021-12-21 10:26:16.946root 11241100x8000000000000000348616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca3ebee8b0a36532021-12-21 10:26:16.946root 11241100x8000000000000000348617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd9625b4549a9dc2021-12-21 10:26:16.948root 11241100x8000000000000000348618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1adf7b0f7bdef3532021-12-21 10:26:16.948root 11241100x8000000000000000348619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1612656a883a7082021-12-21 10:26:16.949root 11241100x8000000000000000348620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a2e828e43348b62021-12-21 10:26:16.949root 11241100x8000000000000000348621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dbf1c0b97500aa82021-12-21 10:26:16.949root 11241100x8000000000000000348622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7540cce380a065d32021-12-21 10:26:16.950root 11241100x8000000000000000348623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e51f02c76d03252021-12-21 10:26:16.950root 11241100x8000000000000000348624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9159b390ab116b72021-12-21 10:26:16.950root 11241100x8000000000000000348625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7222ad1cef45311c2021-12-21 10:26:16.951root 11241100x8000000000000000348626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80890ba34c8d46a2021-12-21 10:26:16.951root 11241100x8000000000000000348627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f086ca18844faf2021-12-21 10:26:16.951root 11241100x8000000000000000348628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7024bf4b055b88962021-12-21 10:26:16.952root 11241100x8000000000000000348629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea5e6062e56691f2021-12-21 10:26:16.952root 11241100x8000000000000000348630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10925d5ed5a404082021-12-21 10:26:16.952root 11241100x8000000000000000348631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9f7bdc4c7b7a842021-12-21 10:26:16.953root 11241100x8000000000000000348632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0aa0f27b9fd65832021-12-21 10:26:16.953root 11241100x8000000000000000348633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3261231171345a8d2021-12-21 10:26:16.953root 11241100x8000000000000000348634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554347b057fe23292021-12-21 10:26:16.953root 11241100x8000000000000000348635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bdfb159b8bc4a02021-12-21 10:26:16.953root 11241100x8000000000000000348636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f61bcbd1f0bab02021-12-21 10:26:16.954root 11241100x8000000000000000348637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f4f9adf4317baf2021-12-21 10:26:16.954root 11241100x8000000000000000348638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d609c318a0b992672021-12-21 10:26:16.954root 11241100x8000000000000000348639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13b5ff5238f47652021-12-21 10:26:16.954root 11241100x8000000000000000348640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf3ac74a63e4fef2021-12-21 10:26:16.954root 11241100x8000000000000000348641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c61beccdc3d7c0e2021-12-21 10:26:16.954root 11241100x8000000000000000348642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:16.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aff727d87b3126e82021-12-21 10:26:16.955root 354300x8000000000000000348643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.195{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47096-false10.0.1.12-8000- 11241100x8000000000000000348644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5de95b25bde9282021-12-21 10:26:17.196root 11241100x8000000000000000348645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558067a4eb0c28382021-12-21 10:26:17.196root 11241100x8000000000000000348646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527acdd8db0d56962021-12-21 10:26:17.196root 11241100x8000000000000000348647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1743fedc4f975aba2021-12-21 10:26:17.196root 11241100x8000000000000000348648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.702fd60a15cc5bcc2021-12-21 10:26:17.196root 11241100x8000000000000000348649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab1bea4fa31d32f2021-12-21 10:26:17.197root 11241100x8000000000000000348650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803438e4ec54cd2e2021-12-21 10:26:17.197root 11241100x8000000000000000348651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d605afa32128792021-12-21 10:26:17.197root 11241100x8000000000000000348652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac2ff2f0c77a75f2021-12-21 10:26:17.197root 11241100x8000000000000000348653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d9f900a13c06692021-12-21 10:26:17.197root 11241100x8000000000000000348654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90f92594ec001ec2021-12-21 10:26:17.197root 11241100x8000000000000000348655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863214cba8e6df9f2021-12-21 10:26:17.197root 11241100x8000000000000000348656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7bd1561d1ebfee42021-12-21 10:26:17.197root 11241100x8000000000000000348657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68e1ce3933ad1b02021-12-21 10:26:17.197root 11241100x8000000000000000348658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e117cd949a4cc2892021-12-21 10:26:17.197root 11241100x8000000000000000348659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3cb783b3a3196d2021-12-21 10:26:17.197root 11241100x8000000000000000348660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f868ddd0f19bf0ed2021-12-21 10:26:17.197root 11241100x8000000000000000348661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c68445b6cef37892021-12-21 10:26:17.198root 11241100x8000000000000000348662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4632cdb6cca281f2021-12-21 10:26:17.198root 11241100x8000000000000000348663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.406961f614d871df2021-12-21 10:26:17.198root 11241100x8000000000000000348664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be00eb1aa89668bf2021-12-21 10:26:17.198root 11241100x8000000000000000348665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f8e97e2b8de1212021-12-21 10:26:17.198root 11241100x8000000000000000348666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0088d65b805500f52021-12-21 10:26:17.198root 11241100x8000000000000000348667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa1adecdb657fa502021-12-21 10:26:17.198root 11241100x8000000000000000348668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1665f82f1c5ab22021-12-21 10:26:17.198root 11241100x8000000000000000348669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5bdea00e979f95f2021-12-21 10:26:17.198root 11241100x8000000000000000348670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ada8fb7aebfcede2021-12-21 10:26:17.198root 11241100x8000000000000000348671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb679aa8e2b43ae72021-12-21 10:26:17.199root 11241100x8000000000000000348672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18ab1913fdcfdea2021-12-21 10:26:17.199root 11241100x8000000000000000348673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93c718d82b46ed42021-12-21 10:26:17.199root 11241100x8000000000000000348674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472cdffdda5a3a2e2021-12-21 10:26:17.199root 11241100x8000000000000000348675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d3b20868bf331d2021-12-21 10:26:17.199root 11241100x8000000000000000348676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3299044f4268d212021-12-21 10:26:17.199root 11241100x8000000000000000348677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c5f4bc08c028872021-12-21 10:26:17.199root 11241100x8000000000000000348678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23db3f07d210fc322021-12-21 10:26:17.199root 11241100x8000000000000000348679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1dd27a44a5db2c2021-12-21 10:26:17.199root 11241100x8000000000000000348680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7ed65ca3f404262021-12-21 10:26:17.199root 11241100x8000000000000000348681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420a45ab9d162beb2021-12-21 10:26:17.200root 11241100x8000000000000000348682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e8c8cb7720a9da2021-12-21 10:26:17.200root 11241100x8000000000000000348683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ebdfa5d56e8b5e2021-12-21 10:26:17.200root 11241100x8000000000000000348684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f7f150ef51e36f2021-12-21 10:26:17.200root 11241100x8000000000000000348685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0620ed936ac38f2021-12-21 10:26:17.200root 11241100x8000000000000000348686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1683f2cd064d9c2021-12-21 10:26:17.200root 11241100x8000000000000000348687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c40d68718b1e0f2021-12-21 10:26:17.200root 11241100x8000000000000000348688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80acb1c40925e97a2021-12-21 10:26:17.200root 11241100x8000000000000000348689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.359bb7a3e71eaf722021-12-21 10:26:17.200root 11241100x8000000000000000348690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b9487c989c32c22021-12-21 10:26:17.200root 11241100x8000000000000000348691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1643ce6db5f15a22021-12-21 10:26:17.200root 11241100x8000000000000000348692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659c2fe0caef59032021-12-21 10:26:17.201root 11241100x8000000000000000348693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3df653e8e118332021-12-21 10:26:17.201root 11241100x8000000000000000348694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79b2f4d6bad377622021-12-21 10:26:17.201root 11241100x8000000000000000348695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe955a2de81d1b02021-12-21 10:26:17.201root 11241100x8000000000000000348696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad4ec4b40509d662021-12-21 10:26:17.201root 11241100x8000000000000000348697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001314cd17186f202021-12-21 10:26:17.201root 11241100x8000000000000000348698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85faee716e207002021-12-21 10:26:17.201root 11241100x8000000000000000348699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb77a638d46ccd52021-12-21 10:26:17.201root 11241100x8000000000000000348700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e176ab1691ead8442021-12-21 10:26:17.201root 11241100x8000000000000000348701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7297d9a519e739232021-12-21 10:26:17.201root 11241100x8000000000000000348702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6a5ef9913ffe4e2021-12-21 10:26:17.201root 11241100x8000000000000000348703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a62539dc5208ef42021-12-21 10:26:17.202root 11241100x8000000000000000348704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166bdb6784b545d22021-12-21 10:26:17.202root 11241100x8000000000000000348705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc044ae8786e892b2021-12-21 10:26:17.202root 11241100x8000000000000000348706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c4c24a1a7b02672021-12-21 10:26:17.202root 11241100x8000000000000000348707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a4e1259773fd522021-12-21 10:26:17.202root 11241100x8000000000000000348708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7033694ca0e78cf2021-12-21 10:26:17.202root 11241100x8000000000000000348709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074fb4f23a63b1d32021-12-21 10:26:17.202root 11241100x8000000000000000348710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832e765fff94a8052021-12-21 10:26:17.202root 11241100x8000000000000000348711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f389f49e274d5ea2021-12-21 10:26:17.202root 11241100x8000000000000000348712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41edb4271ee647ee2021-12-21 10:26:17.202root 11241100x8000000000000000348713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7be945e7b0fbc5d2021-12-21 10:26:17.202root 11241100x8000000000000000348714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46bb6040d76771f2021-12-21 10:26:17.202root 11241100x8000000000000000348715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfec0fe2e1556f12021-12-21 10:26:17.203root 11241100x8000000000000000348716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13abf85be8e78ffb2021-12-21 10:26:17.203root 11241100x8000000000000000348717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b886b744eb45392021-12-21 10:26:17.203root 11241100x8000000000000000348718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07034cbc5b9cd0c2021-12-21 10:26:17.203root 11241100x8000000000000000348719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac84eced77094c62021-12-21 10:26:17.203root 11241100x8000000000000000348720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49187418134b01d2021-12-21 10:26:17.203root 11241100x8000000000000000348721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e277fb2ddb2b43482021-12-21 10:26:17.203root 11241100x8000000000000000348722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02532b16eb7e1c3f2021-12-21 10:26:17.203root 11241100x8000000000000000348723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d309f41e1ee6082021-12-21 10:26:17.203root 11241100x8000000000000000348724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b66c628b8dc9612021-12-21 10:26:17.204root 11241100x8000000000000000348725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592247c8a171ae892021-12-21 10:26:17.204root 11241100x8000000000000000348726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b077ab24a0991cd2021-12-21 10:26:17.204root 11241100x8000000000000000348727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb373502b040f8d2021-12-21 10:26:17.204root 11241100x8000000000000000348728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.320536c3373d820a2021-12-21 10:26:17.204root 11241100x8000000000000000348729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ed6b673e787d242021-12-21 10:26:17.204root 11241100x8000000000000000348730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365cd5631149658d2021-12-21 10:26:17.204root 11241100x8000000000000000348731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad730e910ce985a92021-12-21 10:26:17.204root 11241100x8000000000000000348732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dba5a546a4b98c62021-12-21 10:26:17.204root 11241100x8000000000000000348733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17b6c8726c8d9ba82021-12-21 10:26:17.205root 11241100x8000000000000000348734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d376b698342f79862021-12-21 10:26:17.205root 11241100x8000000000000000348735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79477d671e6e884b2021-12-21 10:26:17.693root 11241100x8000000000000000348736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463245d491200e4e2021-12-21 10:26:17.693root 11241100x8000000000000000348737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ebba4674d191c52021-12-21 10:26:17.693root 11241100x8000000000000000348738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafef2aa992338892021-12-21 10:26:17.694root 11241100x8000000000000000348739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a3c810eeb121f12021-12-21 10:26:17.694root 11241100x8000000000000000348740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212206706891aa2e2021-12-21 10:26:17.694root 11241100x8000000000000000348741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb211cd3204301452021-12-21 10:26:17.694root 11241100x8000000000000000348742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab68f926221024e2021-12-21 10:26:17.694root 11241100x8000000000000000348743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627ea7a4c2b8efc22021-12-21 10:26:17.695root 11241100x8000000000000000348744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907603c12933b8b52021-12-21 10:26:17.695root 11241100x8000000000000000348745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afacd101ecdb41142021-12-21 10:26:17.695root 11241100x8000000000000000348746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128a95d7358a23472021-12-21 10:26:17.695root 11241100x8000000000000000348747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3e6d2e2263be332021-12-21 10:26:17.695root 11241100x8000000000000000348748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a780dda58cadb072021-12-21 10:26:17.695root 11241100x8000000000000000348749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0684767650ae564b2021-12-21 10:26:17.696root 11241100x8000000000000000348750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304a4fb2bb373f312021-12-21 10:26:17.696root 11241100x8000000000000000348751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967f7790614d05212021-12-21 10:26:17.696root 11241100x8000000000000000348752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b400eaeacc72ff2021-12-21 10:26:17.696root 11241100x8000000000000000348753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b546fb282189f01b2021-12-21 10:26:17.696root 11241100x8000000000000000348754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e22e8ffdfff08432021-12-21 10:26:17.696root 11241100x8000000000000000348755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201d5c97be1bee822021-12-21 10:26:17.697root 11241100x8000000000000000348756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a036055a1cc90d82021-12-21 10:26:17.697root 11241100x8000000000000000348757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cac50b76edac0be2021-12-21 10:26:17.697root 11241100x8000000000000000348758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369fdc6a47f38d1a2021-12-21 10:26:17.697root 11241100x8000000000000000348759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a3761f462207d82021-12-21 10:26:17.697root 11241100x8000000000000000348760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce8c9cf1c8c19b02021-12-21 10:26:17.697root 11241100x8000000000000000348761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aac78fa6d119b552021-12-21 10:26:17.697root 11241100x8000000000000000348762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f4330bb4a3cf6e2021-12-21 10:26:17.698root 11241100x8000000000000000348763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61cc94787f6f1ee62021-12-21 10:26:17.698root 11241100x8000000000000000348764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11838320f2a21db82021-12-21 10:26:17.698root 11241100x8000000000000000348765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceaac65857fc138a2021-12-21 10:26:17.698root 11241100x8000000000000000348766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61b05e8d06cdf202021-12-21 10:26:17.698root 11241100x8000000000000000348767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d196e4b5cf9393d12021-12-21 10:26:17.698root 11241100x8000000000000000348768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16312031abc429ca2021-12-21 10:26:17.699root 11241100x8000000000000000348769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcb6716379410972021-12-21 10:26:17.699root 11241100x8000000000000000348770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1103e7617bfb5a82021-12-21 10:26:17.699root 11241100x8000000000000000348771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c99c2569237d882021-12-21 10:26:17.699root 11241100x8000000000000000348772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39635bcb7404956e2021-12-21 10:26:17.699root 11241100x8000000000000000348773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c57212aac9e18c3c2021-12-21 10:26:17.699root 11241100x8000000000000000348774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b224d5311a9f41a32021-12-21 10:26:17.699root 11241100x8000000000000000348775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f64d7ded05c9d8012021-12-21 10:26:17.700root 11241100x8000000000000000348776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335d0a276c4626f52021-12-21 10:26:17.700root 11241100x8000000000000000348777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:17.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c07e092a60960e42021-12-21 10:26:17.700root 11241100x8000000000000000348778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe11b58daf7152222021-12-21 10:26:18.193root 11241100x8000000000000000348779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f2a2cef84c8f7d2021-12-21 10:26:18.193root 11241100x8000000000000000348780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a098a746b19118b62021-12-21 10:26:18.194root 11241100x8000000000000000348781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0beea32b386f05ae2021-12-21 10:26:18.194root 11241100x8000000000000000348782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07cb5402e8e0ec7d2021-12-21 10:26:18.194root 11241100x8000000000000000348783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f55c80d7a7c4bed2021-12-21 10:26:18.194root 11241100x8000000000000000348784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0598a22353826d2021-12-21 10:26:18.194root 11241100x8000000000000000348785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb004e33fa24de42021-12-21 10:26:18.194root 11241100x8000000000000000348786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89ee33f3739ed4622021-12-21 10:26:18.194root 11241100x8000000000000000348787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5594f943aedcf52021-12-21 10:26:18.194root 11241100x8000000000000000348788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85cdfc1eb0ca33982021-12-21 10:26:18.195root 11241100x8000000000000000348789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50915d7c6a0babd2021-12-21 10:26:18.195root 11241100x8000000000000000348790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374573d1e4a5b4122021-12-21 10:26:18.195root 11241100x8000000000000000348791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da30006be1e3d0fc2021-12-21 10:26:18.195root 11241100x8000000000000000348792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9faaa5f7d3a2d4f2021-12-21 10:26:18.195root 11241100x8000000000000000348793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b30dad66a7d29c2021-12-21 10:26:18.195root 11241100x8000000000000000348794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d36600b9849f3e32021-12-21 10:26:18.195root 11241100x8000000000000000348795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7c45e1bec825a42021-12-21 10:26:18.195root 11241100x8000000000000000348796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89b0fed4d63f6512021-12-21 10:26:18.195root 11241100x8000000000000000348797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443bdaab0eb1568f2021-12-21 10:26:18.195root 11241100x8000000000000000348798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9e4ddd0b7831bf2021-12-21 10:26:18.195root 11241100x8000000000000000348799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050092af77c93e942021-12-21 10:26:18.195root 11241100x8000000000000000348800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6abd673732f3ed6c2021-12-21 10:26:18.195root 11241100x8000000000000000348801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b49469f2c7940e2021-12-21 10:26:18.196root 11241100x8000000000000000348802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e6e0e7081d8a172021-12-21 10:26:18.196root 11241100x8000000000000000348803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6038e8acf2bb0c5e2021-12-21 10:26:18.196root 11241100x8000000000000000348804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de607a933238b5302021-12-21 10:26:18.196root 11241100x8000000000000000348805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26e5adacd7102912021-12-21 10:26:18.196root 11241100x8000000000000000348806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbef58eb790736362021-12-21 10:26:18.196root 11241100x8000000000000000348807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c074baba44381e612021-12-21 10:26:18.196root 11241100x8000000000000000348808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f200e15af99bf0a2021-12-21 10:26:18.196root 11241100x8000000000000000348809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7466109d5a8832362021-12-21 10:26:18.196root 11241100x8000000000000000348810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441f0b04190360ba2021-12-21 10:26:18.693root 11241100x8000000000000000348811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45e806b6acdfe762021-12-21 10:26:18.693root 11241100x8000000000000000348812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40ca49fa8c0ca242021-12-21 10:26:18.693root 11241100x8000000000000000348813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6bacda3bf9d92e2021-12-21 10:26:18.693root 11241100x8000000000000000348814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e00cc6b537a44ef2021-12-21 10:26:18.693root 11241100x8000000000000000348815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc3c238ff3f92632021-12-21 10:26:18.694root 11241100x8000000000000000348816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2af50bbc78b99332021-12-21 10:26:18.694root 11241100x8000000000000000348817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebac1b68019d6f2d2021-12-21 10:26:18.694root 11241100x8000000000000000348818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fdec062731672c2021-12-21 10:26:18.694root 11241100x8000000000000000348819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa182421a639a5d2021-12-21 10:26:18.695root 11241100x8000000000000000348820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b948a79b8055b6a32021-12-21 10:26:18.695root 11241100x8000000000000000348821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c32efebe9ddedfe2021-12-21 10:26:18.695root 11241100x8000000000000000348822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b29989e527a49782021-12-21 10:26:18.695root 11241100x8000000000000000348823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8e5df09938d0a12021-12-21 10:26:18.695root 11241100x8000000000000000348824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9300ecaeb5d5e3aa2021-12-21 10:26:18.695root 11241100x8000000000000000348825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f413269c007ed9882021-12-21 10:26:18.695root 11241100x8000000000000000348826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f11c92736f4fc312021-12-21 10:26:18.696root 11241100x8000000000000000348827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fdb4f12819df1bf2021-12-21 10:26:18.696root 11241100x8000000000000000348828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5566b234a77c4b72021-12-21 10:26:18.696root 11241100x8000000000000000348829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a581d492e4dce9f52021-12-21 10:26:18.696root 11241100x8000000000000000348830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecca004475787b082021-12-21 10:26:18.696root 11241100x8000000000000000348831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c34f6469db4ae4c2021-12-21 10:26:18.696root 11241100x8000000000000000348832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0451622d7397e2342021-12-21 10:26:18.696root 11241100x8000000000000000348833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804fb6044aeeb2eb2021-12-21 10:26:18.696root 11241100x8000000000000000348834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ea0fd134df586f2021-12-21 10:26:18.696root 11241100x8000000000000000348835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590d1324ea5f9f752021-12-21 10:26:18.696root 11241100x8000000000000000348836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1e20c1d0e046ed2021-12-21 10:26:18.696root 11241100x8000000000000000348837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506fab21921e46612021-12-21 10:26:18.696root 11241100x8000000000000000348838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aae6888764178f02021-12-21 10:26:18.696root 11241100x8000000000000000348839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc4a58f10db6e542021-12-21 10:26:18.697root 11241100x8000000000000000348840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3be5bec6ea5ca92021-12-21 10:26:18.697root 11241100x8000000000000000348841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a700e695e1ada7462021-12-21 10:26:18.697root 11241100x8000000000000000348842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271cad7a186b3dfd2021-12-21 10:26:18.697root 11241100x8000000000000000348843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3879157809405ced2021-12-21 10:26:18.697root 11241100x8000000000000000348844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e65b8467c0dcaf2021-12-21 10:26:18.697root 11241100x8000000000000000348845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0388576b2b5e69f2021-12-21 10:26:18.697root 11241100x8000000000000000348846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffbb7c12b3e6e9442021-12-21 10:26:18.697root 11241100x8000000000000000348847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71be96ce06bd04f02021-12-21 10:26:18.697root 11241100x8000000000000000348848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde952be6c2cacf82021-12-21 10:26:18.697root 11241100x8000000000000000348849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148fa4cd8c15ae772021-12-21 10:26:18.697root 11241100x8000000000000000348850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64363c063b620c772021-12-21 10:26:18.697root 11241100x8000000000000000348851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:18.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efe42a48e62fcaf2021-12-21 10:26:18.697root 11241100x8000000000000000348852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290c8c75b323c2b72021-12-21 10:26:19.193root 11241100x8000000000000000348853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9769908ae075b532021-12-21 10:26:19.194root 11241100x8000000000000000348854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20368cd6028b67a92021-12-21 10:26:19.194root 11241100x8000000000000000348855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058122501b2e13fd2021-12-21 10:26:19.194root 11241100x8000000000000000348856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2eea3f5846aa2c2021-12-21 10:26:19.194root 11241100x8000000000000000348857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0428138f4f84a62021-12-21 10:26:19.194root 11241100x8000000000000000348858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ea2764ecd66c462021-12-21 10:26:19.195root 11241100x8000000000000000348859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50f7660f125b05c2021-12-21 10:26:19.195root 11241100x8000000000000000348860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0324a8a17db5e602021-12-21 10:26:19.195root 11241100x8000000000000000348861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3cb13ff064e3f872021-12-21 10:26:19.195root 11241100x8000000000000000348862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9631a36b09a8ec292021-12-21 10:26:19.195root 11241100x8000000000000000348863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23d4a7974ab807e72021-12-21 10:26:19.196root 11241100x8000000000000000348864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f14ee3acc5111f2021-12-21 10:26:19.196root 11241100x8000000000000000348865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31fd63a8242330f2021-12-21 10:26:19.196root 11241100x8000000000000000348866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564a2b0b7cdcee7b2021-12-21 10:26:19.196root 11241100x8000000000000000348867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a0778cee99dc8e2021-12-21 10:26:19.196root 11241100x8000000000000000348868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a67bb673bf912772021-12-21 10:26:19.197root 11241100x8000000000000000348869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7b4e26b6d844c32021-12-21 10:26:19.197root 11241100x8000000000000000348870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d3cd7dc2ba4822b2021-12-21 10:26:19.197root 11241100x8000000000000000348871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44203c79a751d4532021-12-21 10:26:19.197root 11241100x8000000000000000348872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd24e045f6fc79572021-12-21 10:26:19.197root 11241100x8000000000000000348873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a757ebd9331ad84b2021-12-21 10:26:19.197root 11241100x8000000000000000348874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308d2c67b88ff7a72021-12-21 10:26:19.197root 11241100x8000000000000000348875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7479b762cad5b082021-12-21 10:26:19.197root 11241100x8000000000000000348876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28645f3205a6173e2021-12-21 10:26:19.197root 11241100x8000000000000000348877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33475b5353442f3c2021-12-21 10:26:19.197root 11241100x8000000000000000348878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bfd397a93290e602021-12-21 10:26:19.197root 11241100x8000000000000000348879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f540da26f3c0f9292021-12-21 10:26:19.198root 11241100x8000000000000000348880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6548b103e277903f2021-12-21 10:26:19.198root 11241100x8000000000000000348881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e7c403e2a26cf652021-12-21 10:26:19.198root 11241100x8000000000000000348882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1be5a1eab2a52942021-12-21 10:26:19.198root 11241100x8000000000000000348883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755e74649f0b79b02021-12-21 10:26:19.198root 11241100x8000000000000000348884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846aa825239e29342021-12-21 10:26:19.693root 11241100x8000000000000000348885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a183c7d97972272f2021-12-21 10:26:19.693root 11241100x8000000000000000348886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f0304654d480f02021-12-21 10:26:19.693root 11241100x8000000000000000348887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7409dcc09c2ea232021-12-21 10:26:19.693root 11241100x8000000000000000348888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4531602b3c68d132021-12-21 10:26:19.693root 11241100x8000000000000000348889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc35d84c3effc6f22021-12-21 10:26:19.693root 11241100x8000000000000000348890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0ed4928f83b6562021-12-21 10:26:19.693root 11241100x8000000000000000348891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1918259eed8f0fde2021-12-21 10:26:19.694root 11241100x8000000000000000348892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912a7a4e8dbc5e1d2021-12-21 10:26:19.694root 11241100x8000000000000000348893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d856c03a711865722021-12-21 10:26:19.694root 11241100x8000000000000000348894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2786130acaa9a0822021-12-21 10:26:19.694root 11241100x8000000000000000348895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e161c1c5e5f223d02021-12-21 10:26:19.694root 11241100x8000000000000000348896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41d11d3abed194a2021-12-21 10:26:19.694root 11241100x8000000000000000348897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1093c10679e11472021-12-21 10:26:19.694root 11241100x8000000000000000348898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d448a0efc9c2492e2021-12-21 10:26:19.695root 11241100x8000000000000000348899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1f7e5fe0cf0d8d2021-12-21 10:26:19.695root 11241100x8000000000000000348900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3fcc55eaeadcea2021-12-21 10:26:19.695root 11241100x8000000000000000348901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77107355e83fdc62021-12-21 10:26:19.696root 11241100x8000000000000000348902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d972bef0cdcd1b32021-12-21 10:26:19.696root 11241100x8000000000000000348903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688678fbf15121992021-12-21 10:26:19.696root 11241100x8000000000000000348904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2da2305996c3a22021-12-21 10:26:19.696root 11241100x8000000000000000348905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f43eba64528c1102021-12-21 10:26:19.696root 11241100x8000000000000000348906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8a0110d7d60ec02021-12-21 10:26:19.697root 11241100x8000000000000000348907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcc6bcd59a5fcfb2021-12-21 10:26:19.697root 11241100x8000000000000000348908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9406ace0ebf2cfd12021-12-21 10:26:19.697root 11241100x8000000000000000348909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d0ccfe50b7a4732021-12-21 10:26:19.697root 11241100x8000000000000000348910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574fc85c84d517a82021-12-21 10:26:19.697root 11241100x8000000000000000348911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ae749cd5fa40ed2021-12-21 10:26:19.698root 11241100x8000000000000000348912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8406f7ca4caa5882021-12-21 10:26:19.698root 11241100x8000000000000000348913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e502b4d2394a377b2021-12-21 10:26:19.698root 11241100x8000000000000000348914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4587a1c9cffae5ae2021-12-21 10:26:19.698root 11241100x8000000000000000348915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94fe24be9d9c963d2021-12-21 10:26:19.698root 11241100x8000000000000000348916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b46b61b2a3d75b2021-12-21 10:26:19.699root 11241100x8000000000000000348917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73935f81b3b9b21e2021-12-21 10:26:19.699root 11241100x8000000000000000348918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca48a3069c641dd2021-12-21 10:26:19.699root 11241100x8000000000000000348919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea8ddb61821c66f2021-12-21 10:26:19.699root 11241100x8000000000000000348920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f29c7defd7bc599b2021-12-21 10:26:19.700root 11241100x8000000000000000348921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca702980c4223822021-12-21 10:26:19.700root 11241100x8000000000000000348922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8397e5d683ac8cbf2021-12-21 10:26:19.700root 11241100x8000000000000000348923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa8774e2ae176e82021-12-21 10:26:19.700root 11241100x8000000000000000348924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515d6eaac186e9752021-12-21 10:26:19.700root 11241100x8000000000000000348925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dcbde2f06d5a1132021-12-21 10:26:19.700root 11241100x8000000000000000348926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f8fe9c52f152852021-12-21 10:26:19.700root 11241100x8000000000000000348927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8087519d51c82d42021-12-21 10:26:19.701root 11241100x8000000000000000348928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f94b565fe881492021-12-21 10:26:19.701root 11241100x8000000000000000348929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8fcfca7abb811b2021-12-21 10:26:19.701root 11241100x8000000000000000348930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:19.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f53f20b5a6ef6d42021-12-21 10:26:19.701root 11241100x8000000000000000348931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968c524824365c692021-12-21 10:26:20.193root 11241100x8000000000000000348932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f980653a5267d7a2021-12-21 10:26:20.193root 11241100x8000000000000000348933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974439fa3d0164552021-12-21 10:26:20.193root 11241100x8000000000000000348934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa964d7eecc7bb602021-12-21 10:26:20.193root 11241100x8000000000000000348935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ea9ad731a19da52021-12-21 10:26:20.193root 11241100x8000000000000000348936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481ccbf2e3caa65d2021-12-21 10:26:20.193root 11241100x8000000000000000348937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325ff56c17d63b862021-12-21 10:26:20.194root 11241100x8000000000000000348938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3532bc2b59d4938c2021-12-21 10:26:20.194root 11241100x8000000000000000348939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fcaaa5a36c7e35c2021-12-21 10:26:20.194root 11241100x8000000000000000348940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eaa667d6809fdd02021-12-21 10:26:20.194root 11241100x8000000000000000348941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4949d379d1053c082021-12-21 10:26:20.194root 11241100x8000000000000000348942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf08740e853f53262021-12-21 10:26:20.194root 11241100x8000000000000000348943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2bf4463117ae09b2021-12-21 10:26:20.195root 11241100x8000000000000000348944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78c3e1ab09db7d12021-12-21 10:26:20.195root 11241100x8000000000000000348945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e98da4e47faefd472021-12-21 10:26:20.195root 11241100x8000000000000000348946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf1b48ed6234fd52021-12-21 10:26:20.196root 11241100x8000000000000000348947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bab67efbb1a4692021-12-21 10:26:20.196root 11241100x8000000000000000348948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e288242e0ba7244e2021-12-21 10:26:20.196root 11241100x8000000000000000348949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac02f1ace9d27662021-12-21 10:26:20.196root 11241100x8000000000000000348950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd8895c418abbc22021-12-21 10:26:20.196root 11241100x8000000000000000348951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9143367d95e8d7072021-12-21 10:26:20.197root 11241100x8000000000000000348952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7207a7b1cdae6a6a2021-12-21 10:26:20.197root 11241100x8000000000000000348953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37112c60ac99e3852021-12-21 10:26:20.197root 11241100x8000000000000000348954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a85a9617ab908e02021-12-21 10:26:20.197root 11241100x8000000000000000348955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b51c8913df4c032021-12-21 10:26:20.197root 11241100x8000000000000000348956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02539658841e693c2021-12-21 10:26:20.197root 11241100x8000000000000000348957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.311caadd67555acb2021-12-21 10:26:20.198root 11241100x8000000000000000348958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b3d86206d535972021-12-21 10:26:20.198root 11241100x8000000000000000348959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d58d71d688f2b72021-12-21 10:26:20.198root 11241100x8000000000000000348960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0dc3929a44ddb22021-12-21 10:26:20.198root 11241100x8000000000000000348961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e551181028c6382021-12-21 10:26:20.198root 11241100x8000000000000000348962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3e334fe864b8882021-12-21 10:26:20.199root 11241100x8000000000000000348963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f2f273bc4f1daf2021-12-21 10:26:20.199root 11241100x8000000000000000348964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77aa8ce4cc3817792021-12-21 10:26:20.199root 11241100x8000000000000000348965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ad756703ca055e2021-12-21 10:26:20.199root 11241100x8000000000000000348966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf999afbf1e7ca562021-12-21 10:26:20.199root 11241100x8000000000000000348967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e214abafd4294c1f2021-12-21 10:26:20.200root 11241100x8000000000000000348968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.469f6c411a019a0d2021-12-21 10:26:20.200root 11241100x8000000000000000348969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deef6c75118770d12021-12-21 10:26:20.200root 11241100x8000000000000000348970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73e7ebe858825c92021-12-21 10:26:20.200root 11241100x8000000000000000348971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdd30894551d11c2021-12-21 10:26:20.200root 11241100x8000000000000000348972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6fe54b4c1665a242021-12-21 10:26:20.200root 11241100x8000000000000000348973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c46e0b75f61ef682021-12-21 10:26:20.200root 11241100x8000000000000000348974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62263524cfb102d22021-12-21 10:26:20.201root 11241100x8000000000000000348975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.babdf06e33386c672021-12-21 10:26:20.201root 11241100x8000000000000000348976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb47239e5e8636a12021-12-21 10:26:20.201root 11241100x8000000000000000348977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d01d03e85f7ed242021-12-21 10:26:20.201root 11241100x8000000000000000348978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d617c386c0e8c20e2021-12-21 10:26:20.201root 11241100x8000000000000000348979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd7654e7dc995562021-12-21 10:26:20.693root 11241100x8000000000000000348980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2673d3c1cc1e2c02021-12-21 10:26:20.693root 11241100x8000000000000000348981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b8646e80f9b4aa2021-12-21 10:26:20.693root 11241100x8000000000000000348982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a27b42c0382cf42021-12-21 10:26:20.693root 11241100x8000000000000000348983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413a1b38d49ab5b72021-12-21 10:26:20.694root 11241100x8000000000000000348984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac9f571ca310fb42021-12-21 10:26:20.694root 11241100x8000000000000000348985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73490e79adf7a9c52021-12-21 10:26:20.694root 11241100x8000000000000000348986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c9b279f318e5822021-12-21 10:26:20.694root 11241100x8000000000000000348987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcadad37f550f6732021-12-21 10:26:20.694root 11241100x8000000000000000348988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d159fdd24253e8b52021-12-21 10:26:20.695root 11241100x8000000000000000348989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81bc89f9a79114f82021-12-21 10:26:20.695root 11241100x8000000000000000348990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681ab10422d6bd8c2021-12-21 10:26:20.695root 11241100x8000000000000000348991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750f2a7eec4f53922021-12-21 10:26:20.696root 11241100x8000000000000000348992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537b470555d20e352021-12-21 10:26:20.696root 11241100x8000000000000000348993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f20cf9e3d3e220b2021-12-21 10:26:20.696root 11241100x8000000000000000348994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac93f9bc2313abd2021-12-21 10:26:20.696root 11241100x8000000000000000348995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ad85d556582e0a2021-12-21 10:26:20.697root 11241100x8000000000000000348996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4340b9f162c4242f2021-12-21 10:26:20.697root 11241100x8000000000000000348997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ea5bd1a54db49d2021-12-21 10:26:20.697root 11241100x8000000000000000348998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2f7cb711b6da1e2021-12-21 10:26:20.697root 11241100x8000000000000000348999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1248204edd907d6e2021-12-21 10:26:20.697root 11241100x8000000000000000349000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09b2b02483e12462021-12-21 10:26:20.698root 11241100x8000000000000000349001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf0274bd83095fbb2021-12-21 10:26:20.698root 11241100x8000000000000000349002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc14020f69168952021-12-21 10:26:20.698root 11241100x8000000000000000349003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d8afecbd9502952021-12-21 10:26:20.698root 11241100x8000000000000000349004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f11c12676a35f92021-12-21 10:26:20.698root 11241100x8000000000000000349005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c610ed56d297fd992021-12-21 10:26:20.698root 11241100x8000000000000000349006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f675fab8eea839922021-12-21 10:26:20.700root 11241100x8000000000000000349007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413bd0d0697b03ef2021-12-21 10:26:20.700root 11241100x8000000000000000349008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa68f93e58e3b1af2021-12-21 10:26:20.701root 11241100x8000000000000000349009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35fc0137f71114922021-12-21 10:26:20.701root 11241100x8000000000000000349010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d3ce8963c34d662021-12-21 10:26:20.701root 11241100x8000000000000000349011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25bfb985253bb02d2021-12-21 10:26:20.701root 11241100x8000000000000000349012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574251d0157909892021-12-21 10:26:20.702root 11241100x8000000000000000349013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d35c9decc4bcb42021-12-21 10:26:20.702root 11241100x8000000000000000349014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4308a783b1efb2dd2021-12-21 10:26:20.702root 11241100x8000000000000000349015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d713b4efcac7592c2021-12-21 10:26:20.702root 11241100x8000000000000000349016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c613284db4557e02021-12-21 10:26:20.703root 11241100x8000000000000000349017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b6b1f739d503cf2021-12-21 10:26:20.703root 11241100x8000000000000000349018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23384f6b10712eb2021-12-21 10:26:20.704root 11241100x8000000000000000349019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da566831b53602ab2021-12-21 10:26:20.704root 11241100x8000000000000000349020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:20.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7666503d6717d9c22021-12-21 10:26:20.704root 11241100x8000000000000000349021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078fb4174c301c042021-12-21 10:26:21.193root 11241100x8000000000000000349022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb72e25f83f7be32021-12-21 10:26:21.193root 11241100x8000000000000000349023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde82d1353acca352021-12-21 10:26:21.193root 11241100x8000000000000000349024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb0eea62515f8192021-12-21 10:26:21.194root 11241100x8000000000000000349025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b05fe2d760aa35b2021-12-21 10:26:21.194root 11241100x8000000000000000349026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019a35e2c6a59d1e2021-12-21 10:26:21.194root 11241100x8000000000000000349027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c066b05cc498161c2021-12-21 10:26:21.194root 11241100x8000000000000000349028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdb189a58f9d25cc2021-12-21 10:26:21.194root 11241100x8000000000000000349029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf99f4aafde401422021-12-21 10:26:21.195root 11241100x8000000000000000349030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402ad6bdae232cee2021-12-21 10:26:21.195root 11241100x8000000000000000349031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd711c80debf0c222021-12-21 10:26:21.195root 11241100x8000000000000000349032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187485de869924f62021-12-21 10:26:21.195root 11241100x8000000000000000349033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2842ef20e2164aa2021-12-21 10:26:21.195root 11241100x8000000000000000349034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e880161f649c232021-12-21 10:26:21.196root 11241100x8000000000000000349035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e48a902255f05892021-12-21 10:26:21.196root 11241100x8000000000000000349036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bdd663fe667d1772021-12-21 10:26:21.196root 11241100x8000000000000000349037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed5859af3a2aab32021-12-21 10:26:21.196root 11241100x8000000000000000349038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83bfc8269bd3ccc82021-12-21 10:26:21.196root 11241100x8000000000000000349039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8bdf3f882461d4a2021-12-21 10:26:21.197root 11241100x8000000000000000349040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c4e09149dfd2b52021-12-21 10:26:21.197root 11241100x8000000000000000349041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b64e435ab6afe72021-12-21 10:26:21.197root 11241100x8000000000000000349042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42dafc84503537d82021-12-21 10:26:21.197root 11241100x8000000000000000349043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea343ab38727f25f2021-12-21 10:26:21.197root 11241100x8000000000000000349044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc958d8df39019e82021-12-21 10:26:21.197root 11241100x8000000000000000349045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5a1035e864b8832021-12-21 10:26:21.197root 11241100x8000000000000000349046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d5f9403c02aff02021-12-21 10:26:21.198root 11241100x8000000000000000349047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a63f474be7c8aa2021-12-21 10:26:21.198root 11241100x8000000000000000349048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43077658649094982021-12-21 10:26:21.198root 11241100x8000000000000000349049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d9c7f90075bd602021-12-21 10:26:21.198root 11241100x8000000000000000349050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56570e9c2f55c89c2021-12-21 10:26:21.198root 11241100x8000000000000000349051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d33514bf5e77742021-12-21 10:26:21.198root 11241100x8000000000000000349052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2254ebd9ba04a62d2021-12-21 10:26:21.199root 11241100x8000000000000000349053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5063b71cacb6882021-12-21 10:26:21.199root 11241100x8000000000000000349054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e246541af6b43a412021-12-21 10:26:21.199root 11241100x8000000000000000349055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fd6867b00958d42021-12-21 10:26:21.199root 11241100x8000000000000000349056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92c35958fbdda3d2021-12-21 10:26:21.199root 11241100x8000000000000000349057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9764e7714fa6ea772021-12-21 10:26:21.199root 11241100x8000000000000000349058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362975b7ac6d9c9c2021-12-21 10:26:21.199root 11241100x8000000000000000349059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6cfa94b2ec2b452021-12-21 10:26:21.200root 11241100x8000000000000000349060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89122a82951671e02021-12-21 10:26:21.201root 11241100x8000000000000000349061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ebb106875090292021-12-21 10:26:21.201root 11241100x8000000000000000349062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76701755416094cf2021-12-21 10:26:21.693root 11241100x8000000000000000349063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c66c02093672ff2021-12-21 10:26:21.693root 11241100x8000000000000000349064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ec5ed1cad6a7432021-12-21 10:26:21.693root 11241100x8000000000000000349065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9ff8b44525badc2021-12-21 10:26:21.693root 11241100x8000000000000000349066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a7349199ccf0c82021-12-21 10:26:21.693root 11241100x8000000000000000349067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dbbaa1e6f00ce312021-12-21 10:26:21.694root 11241100x8000000000000000349068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec161e2c72a935f2021-12-21 10:26:21.694root 11241100x8000000000000000349069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7475d40666bd9c232021-12-21 10:26:21.694root 11241100x8000000000000000349070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d313dafb6c86750f2021-12-21 10:26:21.694root 11241100x8000000000000000349071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79ede8e026b917d52021-12-21 10:26:21.694root 11241100x8000000000000000349072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e27fc5016daa9d2021-12-21 10:26:21.694root 11241100x8000000000000000349073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ea57c8c6ade7d82021-12-21 10:26:21.694root 11241100x8000000000000000349074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83528a28f5c2ac1d2021-12-21 10:26:21.694root 11241100x8000000000000000349075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0338d1708993032021-12-21 10:26:21.695root 11241100x8000000000000000349076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00596239e87119262021-12-21 10:26:21.695root 11241100x8000000000000000349077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ea9f817003de2b2021-12-21 10:26:21.695root 11241100x8000000000000000349078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507aade82b5833fb2021-12-21 10:26:21.695root 11241100x8000000000000000349079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2773cf2f48ee65582021-12-21 10:26:21.696root 11241100x8000000000000000349080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f76ae012afff112021-12-21 10:26:21.696root 11241100x8000000000000000349081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e46becfca497a402021-12-21 10:26:21.696root 11241100x8000000000000000349082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebfa85a1eb6d6eb72021-12-21 10:26:21.696root 11241100x8000000000000000349083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bcede83fe29d2d32021-12-21 10:26:21.696root 11241100x8000000000000000349084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8be592c0e6f06872021-12-21 10:26:21.697root 11241100x8000000000000000349085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ba4fea419806ab2021-12-21 10:26:21.697root 11241100x8000000000000000349086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a5896147bb49f32021-12-21 10:26:21.697root 11241100x8000000000000000349087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e190ccf181300e2021-12-21 10:26:21.697root 11241100x8000000000000000349088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2924c866100beb3d2021-12-21 10:26:21.697root 11241100x8000000000000000349089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1e6596f58ed9ed2021-12-21 10:26:21.697root 11241100x8000000000000000349090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece08b255683f3962021-12-21 10:26:21.698root 11241100x8000000000000000349091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa1719c3b5de8752021-12-21 10:26:21.698root 11241100x8000000000000000349092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39563e501be605b42021-12-21 10:26:21.699root 11241100x8000000000000000349093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76cca08e06456ee92021-12-21 10:26:21.699root 11241100x8000000000000000349094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c16356249c9a7322021-12-21 10:26:21.699root 11241100x8000000000000000349095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743d08660c2a3bb62021-12-21 10:26:21.699root 11241100x8000000000000000349096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6586cf328fe33a2021-12-21 10:26:21.699root 11241100x8000000000000000349097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6862b20a86dc24ce2021-12-21 10:26:21.700root 11241100x8000000000000000349098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034fbf8f4634d3ca2021-12-21 10:26:21.700root 11241100x8000000000000000349099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dffb76c485c69892021-12-21 10:26:21.700root 11241100x8000000000000000349100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ca5b6c230ee2762021-12-21 10:26:21.700root 11241100x8000000000000000349101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e3fb4f8a1768972021-12-21 10:26:21.700root 11241100x8000000000000000349102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00caa61061370bc82021-12-21 10:26:21.701root 11241100x8000000000000000349103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac281fe8562800a22021-12-21 10:26:21.701root 11241100x8000000000000000349104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8f428a1ab1378c2021-12-21 10:26:21.701root 11241100x8000000000000000349105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1af2016e78041a2021-12-21 10:26:21.702root 11241100x8000000000000000349106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0532fb5dc0ec01432021-12-21 10:26:21.702root 11241100x8000000000000000349107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9910a7ba19d0c6f2021-12-21 10:26:21.702root 11241100x8000000000000000349108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a3c3862914d34e2021-12-21 10:26:21.702root 11241100x8000000000000000349109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5c6f0cb3cd11dd2021-12-21 10:26:21.702root 11241100x8000000000000000349110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:21.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59346f3af5bd52c2021-12-21 10:26:21.702root 11241100x8000000000000000349111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9582974c8100ba362021-12-21 10:26:22.193root 11241100x8000000000000000349112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f72dfdac42f974102021-12-21 10:26:22.193root 11241100x8000000000000000349113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818c1894244984522021-12-21 10:26:22.193root 11241100x8000000000000000349114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c21f0e283c6ae02021-12-21 10:26:22.194root 11241100x8000000000000000349115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdafc63da50def712021-12-21 10:26:22.194root 11241100x8000000000000000349116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd31128910660cfe2021-12-21 10:26:22.194root 11241100x8000000000000000349117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c001bc352f39e1b82021-12-21 10:26:22.194root 11241100x8000000000000000349118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ad9f5fa310dbba2021-12-21 10:26:22.195root 11241100x8000000000000000349119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d5d7bad61094572021-12-21 10:26:22.195root 11241100x8000000000000000349120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef34aad7f661bdad2021-12-21 10:26:22.195root 11241100x8000000000000000349121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21cde24d7370942c2021-12-21 10:26:22.196root 11241100x8000000000000000349122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18dac2bd69f35e92021-12-21 10:26:22.196root 11241100x8000000000000000349123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f43e81a44328452021-12-21 10:26:22.196root 11241100x8000000000000000349124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8afda085189b23b42021-12-21 10:26:22.196root 11241100x8000000000000000349125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f6f94a8b4753b242021-12-21 10:26:22.196root 11241100x8000000000000000349126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9dd7f560bfb9ecd2021-12-21 10:26:22.197root 11241100x8000000000000000349127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45e368a38e3d0db2021-12-21 10:26:22.197root 11241100x8000000000000000349128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40e1b3a286c03eb2021-12-21 10:26:22.197root 11241100x8000000000000000349129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14795c76ca2b3bd2021-12-21 10:26:22.197root 11241100x8000000000000000349130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f5ae11afe0505d2021-12-21 10:26:22.197root 11241100x8000000000000000349131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732b386b92ecff692021-12-21 10:26:22.197root 11241100x8000000000000000349132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc841615293ffca2021-12-21 10:26:22.198root 11241100x8000000000000000349133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410bb6e796d50a5d2021-12-21 10:26:22.198root 11241100x8000000000000000349134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463a5ace709246b22021-12-21 10:26:22.198root 11241100x8000000000000000349135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8c73ec9f93865a2021-12-21 10:26:22.198root 11241100x8000000000000000349136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.375aba947da2cb772021-12-21 10:26:22.198root 11241100x8000000000000000349137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b47a9617f23ac42021-12-21 10:26:22.198root 11241100x8000000000000000349138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef82e935d72e74ed2021-12-21 10:26:22.198root 11241100x8000000000000000349139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9690728848998882021-12-21 10:26:22.198root 11241100x8000000000000000349140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a1da18b7ce7ed22021-12-21 10:26:22.199root 11241100x8000000000000000349141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54cb9b220617bbd2021-12-21 10:26:22.199root 11241100x8000000000000000349142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45dbd0f414672cec2021-12-21 10:26:22.199root 11241100x8000000000000000349143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd5394a26bfb2202021-12-21 10:26:22.199root 11241100x8000000000000000349144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad046080d881e2d2021-12-21 10:26:22.199root 11241100x8000000000000000349145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d443b08241d526fa2021-12-21 10:26:22.199root 11241100x8000000000000000349146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d02365e151548c92021-12-21 10:26:22.199root 11241100x8000000000000000349147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9fd546f070010542021-12-21 10:26:22.693root 11241100x8000000000000000349148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35db829174a74ba2021-12-21 10:26:22.694root 11241100x8000000000000000349149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05eec21f6c7c21442021-12-21 10:26:22.694root 11241100x8000000000000000349150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e21e53b8f9a43c4e2021-12-21 10:26:22.694root 11241100x8000000000000000349151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c6820802568f6c2021-12-21 10:26:22.694root 11241100x8000000000000000349152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08da91ffabe0949b2021-12-21 10:26:22.694root 11241100x8000000000000000349153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b101c66b5c238ed22021-12-21 10:26:22.694root 11241100x8000000000000000349154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aaeacfa5ec487102021-12-21 10:26:22.694root 11241100x8000000000000000349155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97fa677056ff5f322021-12-21 10:26:22.694root 11241100x8000000000000000349156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9471e23f6c1993a2021-12-21 10:26:22.694root 11241100x8000000000000000349157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c87521c3b624392021-12-21 10:26:22.695root 11241100x8000000000000000349158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e9606cf65a1aa12021-12-21 10:26:22.695root 11241100x8000000000000000349159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212a9de2293529982021-12-21 10:26:22.695root 11241100x8000000000000000349160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c568ff07cb477d2021-12-21 10:26:22.695root 11241100x8000000000000000349161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a744460314589902021-12-21 10:26:22.695root 11241100x8000000000000000349162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e0cef00527a3ea2021-12-21 10:26:22.695root 11241100x8000000000000000349163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2022f9e4c27c562021-12-21 10:26:22.695root 11241100x8000000000000000349164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697418a8eb0f65ed2021-12-21 10:26:22.695root 11241100x8000000000000000349165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91c3a22e5fec36c2021-12-21 10:26:22.695root 11241100x8000000000000000349166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81640e5dd940755c2021-12-21 10:26:22.695root 11241100x8000000000000000349167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe592aaad54f0f32021-12-21 10:26:22.696root 11241100x8000000000000000349168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03cde7bc9bd036392021-12-21 10:26:22.696root 11241100x8000000000000000349169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ed94eafeb9d9e82021-12-21 10:26:22.696root 11241100x8000000000000000349170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f703e56fa39c2632021-12-21 10:26:22.696root 11241100x8000000000000000349171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9654c96f179ae59d2021-12-21 10:26:22.696root 11241100x8000000000000000349172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3d818fcac5138e2021-12-21 10:26:22.696root 11241100x8000000000000000349173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c8cf0e4dc7b2842021-12-21 10:26:22.696root 11241100x8000000000000000349174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e8f99a67c8896a2021-12-21 10:26:22.696root 11241100x8000000000000000349175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f93e3c96999bb5f2021-12-21 10:26:22.696root 11241100x8000000000000000349176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88d0104d4db519f2021-12-21 10:26:22.697root 11241100x8000000000000000349177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6acb109eda18bc812021-12-21 10:26:22.697root 11241100x8000000000000000349178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd1b2d2e0dcf8452021-12-21 10:26:22.697root 11241100x8000000000000000349179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:22.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6723f843ec5bd5a2021-12-21 10:26:22.697root 354300x8000000000000000349180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.170{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47098-false10.0.1.12-8000- 11241100x8000000000000000349181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.171{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29b08b005263f502021-12-21 10:26:23.171root 11241100x8000000000000000349182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.171{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a7856d07f64e872021-12-21 10:26:23.171root 11241100x8000000000000000349183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.171{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963c0a757c917c932021-12-21 10:26:23.171root 11241100x8000000000000000349184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.171{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0649fbc1db2563942021-12-21 10:26:23.171root 11241100x8000000000000000349185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.171{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dfbe2dfb2bbc2f22021-12-21 10:26:23.171root 11241100x8000000000000000349186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.171{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1f73d95444d6fdd2021-12-21 10:26:23.171root 11241100x8000000000000000349187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.171{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ad29fc39aabda92021-12-21 10:26:23.171root 11241100x8000000000000000349188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.171{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def8d62a74feb0b62021-12-21 10:26:23.171root 11241100x8000000000000000349189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.172{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6699d034eaafc4302021-12-21 10:26:23.172root 11241100x8000000000000000349190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.172{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3134506d066569572021-12-21 10:26:23.172root 11241100x8000000000000000349191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.172{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77caa43578b61e8a2021-12-21 10:26:23.172root 11241100x8000000000000000349192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.172{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cbe901578b673a2021-12-21 10:26:23.172root 11241100x8000000000000000349193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.172{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6abedfca335a2632021-12-21 10:26:23.172root 11241100x8000000000000000349194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.172{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750e76835b9cf3122021-12-21 10:26:23.172root 11241100x8000000000000000349195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.172{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8fbb0fa70e26882021-12-21 10:26:23.172root 11241100x8000000000000000349196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.172{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65563223f8b4eac92021-12-21 10:26:23.172root 11241100x8000000000000000349197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.172{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aae17232dc585272021-12-21 10:26:23.172root 11241100x8000000000000000349198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.172{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e39f94998653ca2021-12-21 10:26:23.172root 11241100x8000000000000000349199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.173{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4d5485cbb295352021-12-21 10:26:23.173root 11241100x8000000000000000349200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.175{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865b75ebc7749b7d2021-12-21 10:26:23.175root 11241100x8000000000000000349201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.175{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71144ce520943a42021-12-21 10:26:23.175root 11241100x8000000000000000349202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.175{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fc6ec3582899ef2021-12-21 10:26:23.175root 11241100x8000000000000000349203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.176{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ef0edb69f62ea72021-12-21 10:26:23.176root 11241100x8000000000000000349204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.176{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a51d6c08ee182662021-12-21 10:26:23.176root 11241100x8000000000000000349205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.176{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5455d4c58c30a8f22021-12-21 10:26:23.176root 11241100x8000000000000000349206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.177{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8409341354cda6a22021-12-21 10:26:23.177root 11241100x8000000000000000349207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.177{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5f18ba3fc1dbd72021-12-21 10:26:23.177root 11241100x8000000000000000349208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.177{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445e1a3359d3b9ec2021-12-21 10:26:23.177root 11241100x8000000000000000349209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.178{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38035dccdf8f90ad2021-12-21 10:26:23.178root 11241100x8000000000000000349210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.178{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba8ce387179a6fb2021-12-21 10:26:23.178root 11241100x8000000000000000349211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.178{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e255af920ef8aa2021-12-21 10:26:23.178root 11241100x8000000000000000349212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.178{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf24b1a923304962021-12-21 10:26:23.178root 11241100x8000000000000000349213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.178{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c9dded0c1436d42021-12-21 10:26:23.178root 11241100x8000000000000000349214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.179{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f537bafe3fb07c72021-12-21 10:26:23.179root 11241100x8000000000000000349215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.179{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c67b44497a7ca82021-12-21 10:26:23.179root 11241100x8000000000000000349216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.179{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c3bff60e9ce5a82021-12-21 10:26:23.179root 11241100x8000000000000000349217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.179{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff76b8f2ae28e3852021-12-21 10:26:23.179root 11241100x8000000000000000349218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.180{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c17ce5d6c1e96622021-12-21 10:26:23.180root 11241100x8000000000000000349219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.180{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f64c013f5ac4792021-12-21 10:26:23.180root 11241100x8000000000000000349220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.180{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b7d511221dfe232021-12-21 10:26:23.180root 11241100x8000000000000000349221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.180{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79811e6a5b2199c12021-12-21 10:26:23.180root 11241100x8000000000000000349222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.180{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7530f7b4891c072021-12-21 10:26:23.180root 11241100x8000000000000000349223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.181{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03411dddcb0bdd332021-12-21 10:26:23.181root 11241100x8000000000000000349224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.181{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b2a6605c967f0f2021-12-21 10:26:23.181root 11241100x8000000000000000349225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.181{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d6d60e9dd969ed2021-12-21 10:26:23.181root 11241100x8000000000000000349226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.181{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c45980b011747a2021-12-21 10:26:23.181root 11241100x8000000000000000349227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.181{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd28470cd47718582021-12-21 10:26:23.181root 11241100x8000000000000000349228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.181{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed29c9df8964458c2021-12-21 10:26:23.181root 11241100x8000000000000000349229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.182{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80109146b396bcf12021-12-21 10:26:23.182root 11241100x8000000000000000349230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.182{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc2c9b8347c56262021-12-21 10:26:23.182root 11241100x8000000000000000349231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.182{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b689e2a4c06283642021-12-21 10:26:23.182root 11241100x8000000000000000349232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.182{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3518612f4d51de6b2021-12-21 10:26:23.182root 11241100x8000000000000000349233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.182{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.885e5ff0e7d48c622021-12-21 10:26:23.182root 11241100x8000000000000000349234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.182{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55d72a1d209dfe52021-12-21 10:26:23.182root 11241100x8000000000000000349235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.182{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c0790540984b312021-12-21 10:26:23.182root 11241100x8000000000000000349236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.182{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72dbb23af8e83d182021-12-21 10:26:23.182root 11241100x8000000000000000349237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.182{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d23c7c212824cfc2021-12-21 10:26:23.182root 11241100x8000000000000000349238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.182{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.badd88e49a7c823d2021-12-21 10:26:23.182root 11241100x8000000000000000349239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.182{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4f3aff8ff7a69a2021-12-21 10:26:23.182root 11241100x8000000000000000349240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c64a0e3ebb33382021-12-21 10:26:23.183root 11241100x8000000000000000349241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7fd6b9a94b54a52021-12-21 10:26:23.443root 11241100x8000000000000000349242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6817132bf5e4f7c52021-12-21 10:26:23.443root 11241100x8000000000000000349243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e476bf342403aba42021-12-21 10:26:23.443root 11241100x8000000000000000349244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4109dc4b8a77a5072021-12-21 10:26:23.443root 11241100x8000000000000000349245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36049b84ed58bbc32021-12-21 10:26:23.443root 11241100x8000000000000000349246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c55338138723e42021-12-21 10:26:23.443root 11241100x8000000000000000349247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9d6e823296e5692021-12-21 10:26:23.443root 11241100x8000000000000000349248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871adfd02313b1cb2021-12-21 10:26:23.443root 11241100x8000000000000000349249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa22fadbcdf846ba2021-12-21 10:26:23.443root 11241100x8000000000000000349250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4008e489f3586f12021-12-21 10:26:23.443root 11241100x8000000000000000349251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d0a6fcba41f01f2021-12-21 10:26:23.444root 11241100x8000000000000000349252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f04f099325db2b2021-12-21 10:26:23.444root 11241100x8000000000000000349253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4bc7dd4ae4567a2021-12-21 10:26:23.444root 11241100x8000000000000000349254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5275035489949ed82021-12-21 10:26:23.444root 11241100x8000000000000000349255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9bf94cfdbfe3a32021-12-21 10:26:23.444root 11241100x8000000000000000349256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda67f1c8db10eeb2021-12-21 10:26:23.444root 11241100x8000000000000000349257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2671926a1869f8cb2021-12-21 10:26:23.444root 11241100x8000000000000000349258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b075a575ddd34a2021-12-21 10:26:23.444root 11241100x8000000000000000349259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc6057047df55332021-12-21 10:26:23.445root 11241100x8000000000000000349260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7f1d3ce25439ca2021-12-21 10:26:23.445root 11241100x8000000000000000349261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ddd195e313a80782021-12-21 10:26:23.445root 11241100x8000000000000000349262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87d47c761f576302021-12-21 10:26:23.445root 11241100x8000000000000000349263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2a496cf3d62adb2021-12-21 10:26:23.445root 11241100x8000000000000000349264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ccf7a6f7d827e872021-12-21 10:26:23.446root 11241100x8000000000000000349265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9274236d04411e2021-12-21 10:26:23.446root 11241100x8000000000000000349266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da8a8f58a18287422021-12-21 10:26:23.446root 11241100x8000000000000000349267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4e20ef853ba6502021-12-21 10:26:23.446root 11241100x8000000000000000349268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c560b86968968042021-12-21 10:26:23.447root 11241100x8000000000000000349269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef55b44fc291b1322021-12-21 10:26:23.447root 11241100x8000000000000000349270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935a15972fb43d862021-12-21 10:26:23.447root 11241100x8000000000000000349271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f90cdc77b6b802c2021-12-21 10:26:23.448root 11241100x8000000000000000349272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68f445a76494ca22021-12-21 10:26:23.448root 11241100x8000000000000000349273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a1ee1057436b5f2021-12-21 10:26:23.448root 11241100x8000000000000000349274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06da258cb4244172021-12-21 10:26:23.448root 11241100x8000000000000000349275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be73aed058aa87e32021-12-21 10:26:23.448root 11241100x8000000000000000349276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a86809fa9c41db2021-12-21 10:26:23.449root 11241100x8000000000000000349277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22cf31c3e8faee32021-12-21 10:26:23.449root 11241100x8000000000000000349278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275aa3f4394583a12021-12-21 10:26:23.449root 11241100x8000000000000000349279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8457f489b3e028dd2021-12-21 10:26:23.449root 11241100x8000000000000000349280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc4dedeef0320ca2021-12-21 10:26:23.449root 11241100x8000000000000000349281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4951d7369ca01d2021-12-21 10:26:23.450root 11241100x8000000000000000349282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4f24a9c8bd25472021-12-21 10:26:23.450root 11241100x8000000000000000349283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a9033dabeef8662021-12-21 10:26:23.450root 11241100x8000000000000000349284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4f305492ed461a2021-12-21 10:26:23.451root 11241100x8000000000000000349285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba77d8aa35f371a82021-12-21 10:26:23.451root 11241100x8000000000000000349286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a10637fbb0fced2021-12-21 10:26:23.451root 11241100x8000000000000000349287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092f2af79e4cce8e2021-12-21 10:26:23.452root 11241100x8000000000000000349288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b358bf769bbfdd2021-12-21 10:26:23.452root 11241100x8000000000000000349289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00786c826eba696f2021-12-21 10:26:23.452root 11241100x8000000000000000349290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443dd9f8242145f92021-12-21 10:26:23.452root 11241100x8000000000000000349291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5be32358164f002021-12-21 10:26:23.452root 11241100x8000000000000000349292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dedccb97326f4d22021-12-21 10:26:23.453root 11241100x8000000000000000349293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe24698e7edcda82021-12-21 10:26:23.453root 11241100x8000000000000000349294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f9bc0704fdb1f92021-12-21 10:26:23.453root 11241100x8000000000000000349295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24c619a997fd5e342021-12-21 10:26:23.453root 11241100x8000000000000000349296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c6ef52ebe6fb422021-12-21 10:26:23.454root 11241100x8000000000000000349297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d182593cbd81882021-12-21 10:26:23.454root 11241100x8000000000000000349298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4acc6bce8edd94a2021-12-21 10:26:23.454root 11241100x8000000000000000349299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c899023035096032021-12-21 10:26:23.454root 11241100x8000000000000000349300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62430e18d33e47692021-12-21 10:26:23.454root 11241100x8000000000000000349301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6ee4f02a3fc0f62021-12-21 10:26:23.455root 11241100x8000000000000000349302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf7ed01613d127f2021-12-21 10:26:23.943root 11241100x8000000000000000349303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2a8a5871d60ed12021-12-21 10:26:23.943root 11241100x8000000000000000349304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de90db1c062a68b2021-12-21 10:26:23.943root 11241100x8000000000000000349305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c68f8c0392ac2a772021-12-21 10:26:23.943root 11241100x8000000000000000349306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.714601b8b3861c1f2021-12-21 10:26:23.944root 11241100x8000000000000000349307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c531b449c586eab2021-12-21 10:26:23.944root 11241100x8000000000000000349308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb2bf7a74ca83872021-12-21 10:26:23.944root 11241100x8000000000000000349309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2013f3be1ee0d5b2021-12-21 10:26:23.944root 11241100x8000000000000000349310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b927a3e1176b402d2021-12-21 10:26:23.944root 11241100x8000000000000000349311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c7f0db6b12b2382021-12-21 10:26:23.944root 11241100x8000000000000000349312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7397488c78e7db2021-12-21 10:26:23.944root 11241100x8000000000000000349313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0717bb37c8aebd232021-12-21 10:26:23.944root 11241100x8000000000000000349314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896e54548626c54a2021-12-21 10:26:23.945root 11241100x8000000000000000349315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94509bdb40e2cfa12021-12-21 10:26:23.945root 11241100x8000000000000000349316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94fdb84012bcb2222021-12-21 10:26:23.945root 11241100x8000000000000000349317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea9aee02a5f5b0c2021-12-21 10:26:23.945root 11241100x8000000000000000349318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0d63d597bd185d2021-12-21 10:26:23.945root 11241100x8000000000000000349319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074116e44172aaea2021-12-21 10:26:23.945root 11241100x8000000000000000349320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2f8b8a0775be312021-12-21 10:26:23.945root 11241100x8000000000000000349321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cd8cff9086d6db2021-12-21 10:26:23.945root 11241100x8000000000000000349322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077f968b58a1eff82021-12-21 10:26:23.945root 11241100x8000000000000000349323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258f9de46db0ef332021-12-21 10:26:23.946root 11241100x8000000000000000349324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b84d0d1b4213b02021-12-21 10:26:23.946root 11241100x8000000000000000349325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b506e86feda29162021-12-21 10:26:23.946root 11241100x8000000000000000349326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df1379c833c616e2021-12-21 10:26:23.946root 11241100x8000000000000000349327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4707083fa115bf72021-12-21 10:26:23.946root 11241100x8000000000000000349328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e20452e24d844cdd2021-12-21 10:26:23.946root 11241100x8000000000000000349329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e530b1919ccee7432021-12-21 10:26:23.946root 11241100x8000000000000000349330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c98ad3966bee4d912021-12-21 10:26:23.946root 11241100x8000000000000000349331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b38c412b2eec53802021-12-21 10:26:23.947root 11241100x8000000000000000349332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee789b3069300012021-12-21 10:26:23.947root 11241100x8000000000000000349333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9293ef1dbe5995be2021-12-21 10:26:23.947root 11241100x8000000000000000349334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac98fc103275c8212021-12-21 10:26:23.948root 11241100x8000000000000000349335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544bb868e60354a52021-12-21 10:26:23.948root 11241100x8000000000000000349336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067823de214a83ec2021-12-21 10:26:23.948root 11241100x8000000000000000349337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7fe49bbd5b54fd22021-12-21 10:26:24.443root 11241100x8000000000000000349338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e635a65258febb12021-12-21 10:26:24.443root 11241100x8000000000000000349339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb46e68160e51722021-12-21 10:26:24.443root 11241100x8000000000000000349340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b01b646f20e946d2021-12-21 10:26:24.443root 11241100x8000000000000000349341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635d2b5c823bc9e12021-12-21 10:26:24.443root 11241100x8000000000000000349342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20801486d5b382492021-12-21 10:26:24.443root 11241100x8000000000000000349343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf246c693e28b1b2021-12-21 10:26:24.443root 11241100x8000000000000000349344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34284279f726f0a92021-12-21 10:26:24.444root 11241100x8000000000000000349345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851d4edf2ce868652021-12-21 10:26:24.444root 11241100x8000000000000000349346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831a86f432a76c0a2021-12-21 10:26:24.444root 11241100x8000000000000000349347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6319e53652b9792021-12-21 10:26:24.444root 11241100x8000000000000000349348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7068c5767d9130c22021-12-21 10:26:24.444root 11241100x8000000000000000349349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb19275ac695f1a2021-12-21 10:26:24.444root 11241100x8000000000000000349350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42af45289f7624272021-12-21 10:26:24.444root 11241100x8000000000000000349351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89e6dde505772c72021-12-21 10:26:24.444root 11241100x8000000000000000349352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7346a4ab68530c602021-12-21 10:26:24.444root 11241100x8000000000000000349353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e52b9181955b4cb2021-12-21 10:26:24.444root 11241100x8000000000000000349354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d45ca16824af9112021-12-21 10:26:24.444root 11241100x8000000000000000349355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d909c6091cf0cdd82021-12-21 10:26:24.445root 11241100x8000000000000000349356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccac017beb358f082021-12-21 10:26:24.445root 11241100x8000000000000000349357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c1bcfac50100252021-12-21 10:26:24.445root 11241100x8000000000000000349358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee450ad53aebf802021-12-21 10:26:24.445root 11241100x8000000000000000349359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8006afcda2bb82c2021-12-21 10:26:24.445root 11241100x8000000000000000349360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1dd5c9b85df4222021-12-21 10:26:24.445root 11241100x8000000000000000349361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfae659d5f30f97d2021-12-21 10:26:24.445root 11241100x8000000000000000349362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4104453a9d5cfbeb2021-12-21 10:26:24.445root 11241100x8000000000000000349363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1831e02808bd48a02021-12-21 10:26:24.445root 11241100x8000000000000000349364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346ba5a10d2bca552021-12-21 10:26:24.446root 11241100x8000000000000000349365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22989c0e26777be62021-12-21 10:26:24.446root 11241100x8000000000000000349366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a358ccd42a48abbc2021-12-21 10:26:24.446root 11241100x8000000000000000349367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfa941d94613c8782021-12-21 10:26:24.446root 11241100x8000000000000000349368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d8b2eb15a9d2f62021-12-21 10:26:24.446root 11241100x8000000000000000349369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e612008dfc4ab72021-12-21 10:26:24.446root 11241100x8000000000000000349370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe718899ac43c5f2021-12-21 10:26:24.446root 11241100x8000000000000000349371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c30b067c732a542021-12-21 10:26:24.446root 11241100x8000000000000000349372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97377d360a6eb7c72021-12-21 10:26:24.447root 11241100x8000000000000000349373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283a9e97409da7a32021-12-21 10:26:24.943root 11241100x8000000000000000349374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32db1a72557afeed2021-12-21 10:26:24.943root 11241100x8000000000000000349375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30556f13da1e6b412021-12-21 10:26:24.943root 11241100x8000000000000000349376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22f45a2a02592e12021-12-21 10:26:24.943root 11241100x8000000000000000349377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5cb1056b7fe05a2021-12-21 10:26:24.943root 11241100x8000000000000000349378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cdd15904b637ac12021-12-21 10:26:24.944root 11241100x8000000000000000349379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9c5896d86c023e2021-12-21 10:26:24.944root 11241100x8000000000000000349380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd07bf63fe6af792021-12-21 10:26:24.944root 11241100x8000000000000000349381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d77c71cda4e9552021-12-21 10:26:24.945root 11241100x8000000000000000349382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8d466f8b2246dc2021-12-21 10:26:24.945root 11241100x8000000000000000349383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92192844d3b151a82021-12-21 10:26:24.945root 11241100x8000000000000000349384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75477f659b8653262021-12-21 10:26:24.945root 11241100x8000000000000000349385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6255d7453b0177e92021-12-21 10:26:24.945root 11241100x8000000000000000349386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69081c15105bdbbd2021-12-21 10:26:24.946root 11241100x8000000000000000349387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981dba8f317efc452021-12-21 10:26:24.946root 11241100x8000000000000000349388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7807b05373065122021-12-21 10:26:24.946root 11241100x8000000000000000349389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55f29b3ef6a02372021-12-21 10:26:24.946root 11241100x8000000000000000349390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28f3187ac7039412021-12-21 10:26:24.946root 11241100x8000000000000000349391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25fbc53db5a80ef72021-12-21 10:26:24.946root 11241100x8000000000000000349392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb5069b847612d3c2021-12-21 10:26:24.946root 11241100x8000000000000000349393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a25709cee8d674c2021-12-21 10:26:24.947root 11241100x8000000000000000349394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c4d9fe6a16a58b2021-12-21 10:26:24.947root 11241100x8000000000000000349395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0579d8a4b265c1882021-12-21 10:26:24.947root 11241100x8000000000000000349396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5ea8ea76100fe02021-12-21 10:26:24.947root 11241100x8000000000000000349397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24972d8e03da0a392021-12-21 10:26:24.947root 11241100x8000000000000000349398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d5c4a26b54e3ff2021-12-21 10:26:24.947root 11241100x8000000000000000349399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f38f875c739b7e72021-12-21 10:26:24.948root 11241100x8000000000000000349400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21954d032569a16b2021-12-21 10:26:24.948root 11241100x8000000000000000349401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ebd73f05c4e3542021-12-21 10:26:24.948root 11241100x8000000000000000349402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41fa58b200c904d2021-12-21 10:26:24.948root 11241100x8000000000000000349403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f157ff8ae71aa2e02021-12-21 10:26:24.948root 11241100x8000000000000000349404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d6e0d1d73053452021-12-21 10:26:24.949root 11241100x8000000000000000349405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603192bc55394af02021-12-21 10:26:24.949root 11241100x8000000000000000349406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e51942409dd3902021-12-21 10:26:24.949root 11241100x8000000000000000349407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ba1ecda8df622d2021-12-21 10:26:24.949root 11241100x8000000000000000349408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5bb3dca3b2278c2021-12-21 10:26:24.949root 11241100x8000000000000000349409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db0bdab490f45392021-12-21 10:26:24.949root 11241100x8000000000000000349410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e9b35656c03b5d2021-12-21 10:26:24.949root 11241100x8000000000000000349411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5a0a1c65613d512021-12-21 10:26:24.949root 11241100x8000000000000000349412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1834708b61455382021-12-21 10:26:24.950root 11241100x8000000000000000349413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab9b46969563c402021-12-21 10:26:24.950root 11241100x8000000000000000349414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae540afb01e01c452021-12-21 10:26:24.950root 11241100x8000000000000000349415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a96433f0d0c221c2021-12-21 10:26:24.950root 11241100x8000000000000000349416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2eba64993950dd92021-12-21 10:26:24.950root 11241100x8000000000000000349417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b738a859a33a2f882021-12-21 10:26:24.950root 11241100x8000000000000000349418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed1893b12b240822021-12-21 10:26:24.950root 11241100x8000000000000000349419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080116f2e637daa32021-12-21 10:26:24.951root 11241100x8000000000000000349420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ee315ccc4ba94d2021-12-21 10:26:24.951root 11241100x8000000000000000349421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4194f5418c56b82021-12-21 10:26:24.951root 11241100x8000000000000000349422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff67ee2702efa0e22021-12-21 10:26:24.951root 11241100x8000000000000000349423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca030a4f27105e142021-12-21 10:26:24.951root 11241100x8000000000000000349424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:24.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8445af09e57c142021-12-21 10:26:24.951root 354300x8000000000000000349425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.097{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-34164-false10.0.1.12-8089- 11241100x8000000000000000349426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe15cd1a7b6814f2021-12-21 10:26:25.443root 11241100x8000000000000000349427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d7fdcb1fdce4ef2021-12-21 10:26:25.443root 11241100x8000000000000000349428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f013bbaeb071fe482021-12-21 10:26:25.443root 11241100x8000000000000000349429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d36167d9e7ae842021-12-21 10:26:25.444root 11241100x8000000000000000349430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53d2f26f04c37c12021-12-21 10:26:25.444root 11241100x8000000000000000349431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63105f4098bf4fc82021-12-21 10:26:25.444root 11241100x8000000000000000349432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76febcf04f4d015a2021-12-21 10:26:25.444root 11241100x8000000000000000349433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb71ed32e4215ec2021-12-21 10:26:25.444root 11241100x8000000000000000349434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe90484b3174c06f2021-12-21 10:26:25.444root 11241100x8000000000000000349435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6b9a3d23fb19df2021-12-21 10:26:25.444root 11241100x8000000000000000349436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c890bd56e0b8592021-12-21 10:26:25.444root 11241100x8000000000000000349437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b95e781157a10c12021-12-21 10:26:25.444root 11241100x8000000000000000349438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46370511b0f21f222021-12-21 10:26:25.444root 11241100x8000000000000000349439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e78bace71fb6df82021-12-21 10:26:25.444root 11241100x8000000000000000349440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6864c3d2d85a0912021-12-21 10:26:25.444root 11241100x8000000000000000349441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.977a614dd300740a2021-12-21 10:26:25.444root 11241100x8000000000000000349442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23590d24277af2522021-12-21 10:26:25.444root 11241100x8000000000000000349443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4581a9dcb184e922021-12-21 10:26:25.444root 11241100x8000000000000000349444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01330359dc9556962021-12-21 10:26:25.444root 11241100x8000000000000000349445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49262ca675e43d272021-12-21 10:26:25.445root 11241100x8000000000000000349446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c408d2df626241c32021-12-21 10:26:25.445root 11241100x8000000000000000349447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f242003602a340382021-12-21 10:26:25.445root 11241100x8000000000000000349448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b6fa26e2fdbcf22021-12-21 10:26:25.445root 11241100x8000000000000000349449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c8c19c87ee2de22021-12-21 10:26:25.445root 11241100x8000000000000000349450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba613e2be06e4492021-12-21 10:26:25.445root 11241100x8000000000000000349451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d64d290cd4bc7c2021-12-21 10:26:25.445root 11241100x8000000000000000349452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd697fe39d6649842021-12-21 10:26:25.445root 11241100x8000000000000000349453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb844b5511a9804b2021-12-21 10:26:25.445root 11241100x8000000000000000349454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b86c398df49fca52021-12-21 10:26:25.445root 11241100x8000000000000000349455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbcb93be61f5b5c2021-12-21 10:26:25.445root 11241100x8000000000000000349456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3cae4d87d237be2021-12-21 10:26:25.445root 11241100x8000000000000000349457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9093ce12cbedf8ce2021-12-21 10:26:25.445root 11241100x8000000000000000349458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0807cbee89393c512021-12-21 10:26:25.445root 11241100x8000000000000000349459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af345c9b5a8e2b7e2021-12-21 10:26:25.445root 11241100x8000000000000000349460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d225778b87d28e052021-12-21 10:26:25.943root 11241100x8000000000000000349461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0591cc6038204fbc2021-12-21 10:26:25.943root 11241100x8000000000000000349462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674fd73765f2df652021-12-21 10:26:25.943root 11241100x8000000000000000349463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f06e5439d61b9502021-12-21 10:26:25.943root 11241100x8000000000000000349464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646fd2e70de51a522021-12-21 10:26:25.943root 11241100x8000000000000000349465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192499463b2fd1752021-12-21 10:26:25.943root 11241100x8000000000000000349466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55481d35bf5142402021-12-21 10:26:25.943root 11241100x8000000000000000349467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7b4c8e76f3efd52021-12-21 10:26:25.944root 11241100x8000000000000000349468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d572dfa0b89ae2e2021-12-21 10:26:25.944root 11241100x8000000000000000349469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831b79ffcdbcf9492021-12-21 10:26:25.944root 11241100x8000000000000000349470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b660abf5247a2b2e2021-12-21 10:26:25.944root 11241100x8000000000000000349471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6479049a1ede552a2021-12-21 10:26:25.944root 11241100x8000000000000000349472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b40274d8ce1aef2021-12-21 10:26:25.944root 11241100x8000000000000000349473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d893caf5b09c4422021-12-21 10:26:25.944root 11241100x8000000000000000349474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38737e8080859dee2021-12-21 10:26:25.944root 11241100x8000000000000000349475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a625dc1204fa8d62021-12-21 10:26:25.945root 11241100x8000000000000000349476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919247f7c83328592021-12-21 10:26:25.945root 11241100x8000000000000000349477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309ff1b36e7633f12021-12-21 10:26:25.945root 11241100x8000000000000000349478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688504df8edc00002021-12-21 10:26:25.945root 11241100x8000000000000000349479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d5af42f3ebedae2021-12-21 10:26:25.945root 11241100x8000000000000000349480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e57d8f6579184a2021-12-21 10:26:25.945root 11241100x8000000000000000349481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ca07902915c65d2021-12-21 10:26:25.945root 11241100x8000000000000000349482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a04c737adf758b2021-12-21 10:26:25.945root 11241100x8000000000000000349483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f0041e68bc469f2021-12-21 10:26:25.946root 11241100x8000000000000000349484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ff1bcd0a5c21862021-12-21 10:26:25.946root 11241100x8000000000000000349485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f76239702cf8d42021-12-21 10:26:25.946root 11241100x8000000000000000349486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc1a6ddb2f287d42021-12-21 10:26:25.946root 11241100x8000000000000000349487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d7a1d8d9eec4d22021-12-21 10:26:25.946root 11241100x8000000000000000349488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1c0b8f4497bfa42021-12-21 10:26:25.947root 11241100x8000000000000000349489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e741ecbc0eb6f9522021-12-21 10:26:25.947root 11241100x8000000000000000349490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff83f9b89c2813ab2021-12-21 10:26:25.947root 11241100x8000000000000000349491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100f8f15e180ee8a2021-12-21 10:26:25.947root 11241100x8000000000000000349492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9a55cfe5e3dad82021-12-21 10:26:25.947root 11241100x8000000000000000349493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52f1548f8deea9d2021-12-21 10:26:25.947root 11241100x8000000000000000349494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243d5425b252aa0b2021-12-21 10:26:25.947root 11241100x8000000000000000349495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de59ffaa6f4f54392021-12-21 10:26:25.948root 11241100x8000000000000000349496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ecc0338fa5243a92021-12-21 10:26:25.948root 11241100x8000000000000000349497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.582000a64d84da8d2021-12-21 10:26:25.948root 11241100x8000000000000000349498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01cd61d18afd5282021-12-21 10:26:26.443root 11241100x8000000000000000349499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47db70c70cb433382021-12-21 10:26:26.443root 11241100x8000000000000000349500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525a4c8d0f4eeb352021-12-21 10:26:26.444root 11241100x8000000000000000349501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502533c7866231582021-12-21 10:26:26.444root 11241100x8000000000000000349502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1e46b2d141203e2021-12-21 10:26:26.444root 11241100x8000000000000000349503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c076d5b48b1e48be2021-12-21 10:26:26.444root 11241100x8000000000000000349504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff5d6c3eeca9b2c2021-12-21 10:26:26.444root 11241100x8000000000000000349505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fe47e226200a012021-12-21 10:26:26.444root 11241100x8000000000000000349506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99beb5d8956ea40d2021-12-21 10:26:26.444root 11241100x8000000000000000349507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba210fdc5c761f412021-12-21 10:26:26.444root 11241100x8000000000000000349508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3351de4b9d15d1022021-12-21 10:26:26.444root 11241100x8000000000000000349509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10cca007946421c52021-12-21 10:26:26.444root 11241100x8000000000000000349510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a95a3fafd9c15e72021-12-21 10:26:26.445root 11241100x8000000000000000349511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77dde4ff52c1f43a2021-12-21 10:26:26.445root 11241100x8000000000000000349512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72be474d5ee306f52021-12-21 10:26:26.446root 11241100x8000000000000000349513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4459b893b9db93e2021-12-21 10:26:26.446root 11241100x8000000000000000349514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b27f2ca3936106c42021-12-21 10:26:26.446root 11241100x8000000000000000349515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d80b5794ece00b2021-12-21 10:26:26.446root 11241100x8000000000000000349516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3777f319a736162021-12-21 10:26:26.446root 11241100x8000000000000000349517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0118ea0c6f83cb2021-12-21 10:26:26.446root 11241100x8000000000000000349518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c568c34981e7382021-12-21 10:26:26.446root 11241100x8000000000000000349519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11698645ab99bee2021-12-21 10:26:26.446root 11241100x8000000000000000349520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b66cb33598e09442021-12-21 10:26:26.446root 11241100x8000000000000000349521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506f10c6c93cfd632021-12-21 10:26:26.446root 11241100x8000000000000000349522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185b285d09ed83f42021-12-21 10:26:26.446root 11241100x8000000000000000349523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d3be4aeb45c77c2021-12-21 10:26:26.446root 11241100x8000000000000000349524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b20fbe1b2c0b102021-12-21 10:26:26.446root 11241100x8000000000000000349525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dbf9ff8e0da2a6a2021-12-21 10:26:26.447root 11241100x8000000000000000349526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de01c1f998b85052021-12-21 10:26:26.447root 11241100x8000000000000000349527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757b9a209a3cea032021-12-21 10:26:26.447root 11241100x8000000000000000349528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df066724f48b7b6e2021-12-21 10:26:26.447root 11241100x8000000000000000349529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33f806e363a5b3e2021-12-21 10:26:26.447root 11241100x8000000000000000349530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd63f8465d80ff72021-12-21 10:26:26.447root 11241100x8000000000000000349531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab902fc7fe0761af2021-12-21 10:26:26.449root 11241100x8000000000000000349532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b486a0cadfbe8e82021-12-21 10:26:26.449root 11241100x8000000000000000349533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b0870fdd7b61302021-12-21 10:26:26.943root 11241100x8000000000000000349534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e883ba897218745d2021-12-21 10:26:26.943root 11241100x8000000000000000349535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d25434b5cd0c852021-12-21 10:26:26.943root 11241100x8000000000000000349536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5023505a49d2142021-12-21 10:26:26.943root 11241100x8000000000000000349537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e2cd7e0bc811c62021-12-21 10:26:26.943root 11241100x8000000000000000349538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b0b66c69cb0c4d2021-12-21 10:26:26.943root 11241100x8000000000000000349539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8468d18dd61d53332021-12-21 10:26:26.943root 11241100x8000000000000000349540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.344c8b05489080b72021-12-21 10:26:26.943root 11241100x8000000000000000349541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b81a6e148b805e2021-12-21 10:26:26.943root 11241100x8000000000000000349542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22083a06d268d8f2021-12-21 10:26:26.943root 11241100x8000000000000000349543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48bc97ea104fe1d2021-12-21 10:26:26.943root 11241100x8000000000000000349544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eab7ec6345a9ee32021-12-21 10:26:26.943root 11241100x8000000000000000349545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.825d23eae21047682021-12-21 10:26:26.943root 11241100x8000000000000000349546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb215862d74571b02021-12-21 10:26:26.943root 11241100x8000000000000000349547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35c25f8ab72552d2021-12-21 10:26:26.944root 11241100x8000000000000000349548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf54c7d101a68412021-12-21 10:26:26.944root 11241100x8000000000000000349549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36ffe22abd118012021-12-21 10:26:26.944root 11241100x8000000000000000349550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e9345065c002262021-12-21 10:26:26.944root 11241100x8000000000000000349551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1224e6ef36263a2021-12-21 10:26:26.944root 11241100x8000000000000000349552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b06ef876a49c6d2021-12-21 10:26:26.944root 11241100x8000000000000000349553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9192cd9b9bf91da62021-12-21 10:26:26.944root 11241100x8000000000000000349554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fcbbc897e2623d2021-12-21 10:26:26.944root 11241100x8000000000000000349555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1ea09d24c4e4b72021-12-21 10:26:26.944root 11241100x8000000000000000349556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f706869552aeceb82021-12-21 10:26:26.944root 11241100x8000000000000000349557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce766d59880f00b2021-12-21 10:26:26.944root 11241100x8000000000000000349558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83d98febb4308712021-12-21 10:26:26.944root 11241100x8000000000000000349559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411c407ec67545eb2021-12-21 10:26:26.944root 11241100x8000000000000000349560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba61bf35887bdef2021-12-21 10:26:26.944root 11241100x8000000000000000349561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561dca23f72989e12021-12-21 10:26:26.944root 11241100x8000000000000000349562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a591d3965a921ff2021-12-21 10:26:26.944root 11241100x8000000000000000349563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c542b25191ea86712021-12-21 10:26:26.945root 11241100x8000000000000000349564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8777926723b2302021-12-21 10:26:26.945root 11241100x8000000000000000349565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240c078d5ecb1cba2021-12-21 10:26:26.945root 11241100x8000000000000000349566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f73f62faf0aa7b2021-12-21 10:26:26.945root 11241100x8000000000000000349567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72662d67126cf5772021-12-21 10:26:26.945root 11241100x8000000000000000349568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c326cc37beb1fcd2021-12-21 10:26:26.945root 11241100x8000000000000000349569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7787983a3839f87c2021-12-21 10:26:26.945root 11241100x8000000000000000349570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfb9edbf844061b2021-12-21 10:26:26.945root 11241100x8000000000000000349571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218d07507bf839ae2021-12-21 10:26:26.945root 11241100x8000000000000000349572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f045fd62f59946be2021-12-21 10:26:26.945root 11241100x8000000000000000349573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e547e2a25a30982021-12-21 10:26:26.945root 11241100x8000000000000000349574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ff7eab69b1f20f2021-12-21 10:26:26.945root 11241100x8000000000000000349575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4785d9e6fce7501c2021-12-21 10:26:26.945root 11241100x8000000000000000349576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12de610489cd1a42021-12-21 10:26:26.945root 11241100x8000000000000000349577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7abed0b849b2c42021-12-21 10:26:26.945root 11241100x8000000000000000349578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527c57aefb6fde9e2021-12-21 10:26:26.946root 11241100x8000000000000000349579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00122274f0bb54e32021-12-21 10:26:26.946root 11241100x8000000000000000349580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d139a6a09b2387af2021-12-21 10:26:26.946root 11241100x8000000000000000349581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be69190e227858442021-12-21 10:26:26.946root 11241100x8000000000000000349582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21fa1c12f5e40b2c2021-12-21 10:26:26.946root 11241100x8000000000000000349583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa787e4d8eba70c12021-12-21 10:26:26.946root 11241100x8000000000000000349584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7d2b3542691f1e2021-12-21 10:26:26.946root 11241100x8000000000000000349585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea43b8c2a8372022021-12-21 10:26:26.946root 11241100x8000000000000000349586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc3a88f0a5c237f2021-12-21 10:26:26.946root 11241100x8000000000000000349587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d4141820bd86512021-12-21 10:26:26.946root 11241100x8000000000000000349588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3095003427626862021-12-21 10:26:26.946root 11241100x8000000000000000349589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc6b2185dba18f82021-12-21 10:26:26.947root 11241100x8000000000000000349590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff4eb1cc96691732021-12-21 10:26:26.947root 11241100x8000000000000000349591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181f054f3e39f1de2021-12-21 10:26:26.947root 11241100x8000000000000000349592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4e8f3260798d452021-12-21 10:26:26.947root 11241100x8000000000000000349593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65fd6a1b219c77482021-12-21 10:26:26.947root 11241100x8000000000000000349594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0847ae1681c407d52021-12-21 10:26:26.947root 11241100x8000000000000000349595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad27d9cb9ee976062021-12-21 10:26:26.947root 11241100x8000000000000000349596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baba37f0c786a66f2021-12-21 10:26:26.947root 11241100x8000000000000000349597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b9158c8ab680e82021-12-21 10:26:26.947root 11241100x8000000000000000349598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a07ab87391ba672021-12-21 10:26:26.947root 11241100x8000000000000000349599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d807739ca8e9092021-12-21 10:26:26.947root 11241100x8000000000000000349600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d960bfebdb4504382021-12-21 10:26:26.947root 11241100x8000000000000000349601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68642a09cb21320d2021-12-21 10:26:26.947root 11241100x8000000000000000349602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e51b13d362261552021-12-21 10:26:26.947root 11241100x8000000000000000349603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9371bb0f2f875b62021-12-21 10:26:26.948root 11241100x8000000000000000349604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e7c3c2731d873b2021-12-21 10:26:26.948root 11241100x8000000000000000349605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc0f3042461d5622021-12-21 10:26:26.948root 11241100x8000000000000000349606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3f85b63a5e1d1e2021-12-21 10:26:26.948root 11241100x8000000000000000349607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225d2ce5e0d9d65b2021-12-21 10:26:26.948root 11241100x8000000000000000349608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79211864d4f7a222021-12-21 10:26:26.948root 11241100x8000000000000000349609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67acff5c1e29a4c2021-12-21 10:26:26.948root 11241100x8000000000000000349610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034f3168b4147dbb2021-12-21 10:26:26.948root 11241100x8000000000000000349611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a211b53aa051be2021-12-21 10:26:26.948root 11241100x8000000000000000349612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1dc0cb08cde7132021-12-21 10:26:26.948root 11241100x8000000000000000349613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2134e3151fed39532021-12-21 10:26:26.948root 11241100x8000000000000000349614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275339528e2823a22021-12-21 10:26:26.948root 11241100x8000000000000000349615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b71cacde28e16e2021-12-21 10:26:26.948root 11241100x8000000000000000349616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60256b3e1779eac82021-12-21 10:26:26.949root 11241100x8000000000000000349617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558e4b24efa0eae92021-12-21 10:26:26.949root 11241100x8000000000000000349618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d750c09adf8d8f2021-12-21 10:26:26.949root 11241100x8000000000000000349619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8e9dfb0865afe62021-12-21 10:26:26.949root 11241100x8000000000000000349620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679edb7b16e1cc6f2021-12-21 10:26:26.949root 11241100x8000000000000000349621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a463eac7e9ab3e312021-12-21 10:26:26.949root 11241100x8000000000000000349622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba400c64d8e00bcd2021-12-21 10:26:26.949root 11241100x8000000000000000349623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa80530f2cafae82021-12-21 10:26:26.949root 11241100x8000000000000000349624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f4adda8ae9f6bb2021-12-21 10:26:26.949root 11241100x8000000000000000349625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f83765d3a6cb362021-12-21 10:26:26.949root 11241100x8000000000000000349626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ebd4f40206f789c2021-12-21 10:26:26.949root 11241100x8000000000000000349627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fcd279872a3f092021-12-21 10:26:26.949root 11241100x8000000000000000349628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3c6fcb2eaf4c242021-12-21 10:26:26.949root 11241100x8000000000000000349629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39af8c0ee3ed13b32021-12-21 10:26:26.949root 11241100x8000000000000000349630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e4be3b222a52002021-12-21 10:26:26.949root 11241100x8000000000000000349631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090682b754e5efd32021-12-21 10:26:26.950root 11241100x8000000000000000349632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a44d3f7e0bb1862021-12-21 10:26:26.950root 11241100x8000000000000000349633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78089c1e18db9c2b2021-12-21 10:26:26.950root 11241100x8000000000000000349634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ad235e1510bd2812021-12-21 10:26:26.950root 11241100x8000000000000000349635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85dfac1145378e642021-12-21 10:26:26.950root 11241100x8000000000000000349636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06b5bc243fff0bc2021-12-21 10:26:26.950root 11241100x8000000000000000349637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3545f781c5cd872021-12-21 10:26:26.950root 11241100x8000000000000000349638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acb73beaf5ab03c92021-12-21 10:26:26.950root 11241100x8000000000000000349639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f265bfc6ede30f02021-12-21 10:26:26.951root 11241100x8000000000000000349640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02964fc50cf4ed82021-12-21 10:26:26.951root 11241100x8000000000000000349641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4520ec5d457638f2021-12-21 10:26:26.951root 11241100x8000000000000000349642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f664418fdbd3a712021-12-21 10:26:26.951root 11241100x8000000000000000349643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0583cbf1abd25782021-12-21 10:26:26.951root 11241100x8000000000000000349644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c72e8aab30493e52021-12-21 10:26:26.951root 11241100x8000000000000000349645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a58ec692065939982021-12-21 10:26:26.951root 11241100x8000000000000000349646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f7262cdf5dab1a2021-12-21 10:26:26.951root 11241100x8000000000000000349647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b85f1a32438cec2021-12-21 10:26:26.952root 11241100x8000000000000000349648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f39a39387307b832021-12-21 10:26:26.952root 11241100x8000000000000000349649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1937270b21cca6762021-12-21 10:26:26.952root 11241100x8000000000000000349650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0adf58b03728d82021-12-21 10:26:26.952root 11241100x8000000000000000349651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57163297af1e45e92021-12-21 10:26:26.952root 11241100x8000000000000000349652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d30f3b6a25c8c32021-12-21 10:26:26.952root 11241100x8000000000000000349653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2ed834359a67a62021-12-21 10:26:26.952root 11241100x8000000000000000349654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26683629174672072021-12-21 10:26:26.952root 11241100x8000000000000000349655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4a40a03bf4b6852021-12-21 10:26:26.953root 11241100x8000000000000000349656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e0f5913a34fcfe2021-12-21 10:26:26.953root 11241100x8000000000000000349657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9167e887a30a541c2021-12-21 10:26:26.953root 11241100x8000000000000000349658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d53a37f280aa7e2021-12-21 10:26:26.953root 11241100x8000000000000000349659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b7f948ba6d1d3d2021-12-21 10:26:26.953root 11241100x8000000000000000349660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c48ee0ec5181662021-12-21 10:26:26.953root 11241100x8000000000000000349661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cbea5038be5f9d02021-12-21 10:26:26.953root 11241100x8000000000000000349662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443317ae22efa9522021-12-21 10:26:26.954root 11241100x8000000000000000349663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b897c1fbee14bff2021-12-21 10:26:26.954root 11241100x8000000000000000349664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1173247ba5aefdde2021-12-21 10:26:26.954root 11241100x8000000000000000349665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c3c487dc0d26b62021-12-21 10:26:26.954root 11241100x8000000000000000349666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52c059fd093d6032021-12-21 10:26:26.955root 11241100x8000000000000000349667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717e470dcbc61cbd2021-12-21 10:26:26.955root 11241100x8000000000000000349668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80ce57a7bb50e98e2021-12-21 10:26:26.955root 11241100x8000000000000000349669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4f65983be226422021-12-21 10:26:26.955root 11241100x8000000000000000349670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a4fb0d7132f3062021-12-21 10:26:26.955root 11241100x8000000000000000349671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343090ae1d8f47242021-12-21 10:26:26.955root 11241100x8000000000000000349672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3068273929c30d32021-12-21 10:26:26.955root 11241100x8000000000000000349673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37371756c520be02021-12-21 10:26:26.955root 11241100x8000000000000000349674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2841db842e6d108a2021-12-21 10:26:26.955root 11241100x8000000000000000349675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294af3e47d6333462021-12-21 10:26:26.956root 11241100x8000000000000000349676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004c5c5d174056132021-12-21 10:26:26.956root 11241100x8000000000000000349677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb01f73a80c0f1a2021-12-21 10:26:26.956root 11241100x8000000000000000349678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104d01980a42b20e2021-12-21 10:26:26.956root 11241100x8000000000000000349679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a68415de07d8552021-12-21 10:26:26.956root 11241100x8000000000000000349680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a999b726763897a72021-12-21 10:26:26.956root 11241100x8000000000000000349681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f441c38c15dc32d52021-12-21 10:26:26.956root 11241100x8000000000000000349682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237c5348501ba2752021-12-21 10:26:26.956root 11241100x8000000000000000349683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:26.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e0110c5fb4969e2021-12-21 10:26:26.956root 11241100x8000000000000000349684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb483099293a1c9b2021-12-21 10:26:27.443root 11241100x8000000000000000349685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9983663f47974a5b2021-12-21 10:26:27.443root 11241100x8000000000000000349686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206a214740793ddb2021-12-21 10:26:27.443root 11241100x8000000000000000349687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc5c3d792b8d214b2021-12-21 10:26:27.443root 11241100x8000000000000000349688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f5a2b3d5d7e0972021-12-21 10:26:27.443root 11241100x8000000000000000349689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a3408788e5c9ea2021-12-21 10:26:27.443root 11241100x8000000000000000349690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371bc412b74378fa2021-12-21 10:26:27.443root 11241100x8000000000000000349691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5733c320ccfc7ab02021-12-21 10:26:27.443root 11241100x8000000000000000349692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f3f2fecde941022021-12-21 10:26:27.443root 11241100x8000000000000000349693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7bb70907679e062021-12-21 10:26:27.443root 11241100x8000000000000000349694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2efdac12399a740b2021-12-21 10:26:27.443root 11241100x8000000000000000349695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd65fea978bcf62b2021-12-21 10:26:27.443root 11241100x8000000000000000349696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b369ab2bd6311e92021-12-21 10:26:27.444root 11241100x8000000000000000349697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267d4dde5e42b34b2021-12-21 10:26:27.444root 11241100x8000000000000000349698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd97db2a7a441882021-12-21 10:26:27.444root 11241100x8000000000000000349699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b395bb456a88802021-12-21 10:26:27.444root 11241100x8000000000000000349700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec2d4927e0304dc2021-12-21 10:26:27.444root 11241100x8000000000000000349701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8702e5561290dd062021-12-21 10:26:27.444root 11241100x8000000000000000349702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221e65d7b5fc642b2021-12-21 10:26:27.444root 11241100x8000000000000000349703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6b66cad42972ba2021-12-21 10:26:27.444root 11241100x8000000000000000349704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a444760d07a4642021-12-21 10:26:27.444root 11241100x8000000000000000349705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbcbbc302829424e2021-12-21 10:26:27.445root 11241100x8000000000000000349706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0585df8a470df412021-12-21 10:26:27.445root 11241100x8000000000000000349707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c18763a7ef5c482021-12-21 10:26:27.445root 11241100x8000000000000000349708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9640ca07c6840baf2021-12-21 10:26:27.445root 11241100x8000000000000000349709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bdced4be3ccbb692021-12-21 10:26:27.445root 11241100x8000000000000000349710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599d09efb41c04422021-12-21 10:26:27.445root 11241100x8000000000000000349711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af9f67f9f4da6d482021-12-21 10:26:27.445root 11241100x8000000000000000349712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd058f5de1de6fa2021-12-21 10:26:27.445root 11241100x8000000000000000349713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95dadae9863572952021-12-21 10:26:27.445root 11241100x8000000000000000349714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2787071dbc7a9f72021-12-21 10:26:27.445root 11241100x8000000000000000349715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dedffe1d3045d5662021-12-21 10:26:27.445root 11241100x8000000000000000349716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae1ace143fce3fe2021-12-21 10:26:27.445root 11241100x8000000000000000349717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e09d85e6fee9f92021-12-21 10:26:27.446root 11241100x8000000000000000349718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a0030a0403fe8f2021-12-21 10:26:27.446root 11241100x8000000000000000349719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6722e153ada6daa72021-12-21 10:26:27.446root 11241100x8000000000000000349720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd17eb5648d27262021-12-21 10:26:27.446root 11241100x8000000000000000349721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb153d665ff85b12021-12-21 10:26:27.446root 11241100x8000000000000000349722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47f34df8231e2b72021-12-21 10:26:27.446root 11241100x8000000000000000349723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c090e74590c32cd62021-12-21 10:26:27.446root 11241100x8000000000000000349724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a431b454577c2b72021-12-21 10:26:27.446root 11241100x8000000000000000349725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd9d8c2591005382021-12-21 10:26:27.447root 11241100x8000000000000000349726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fcc41a00ee90e252021-12-21 10:26:27.447root 11241100x8000000000000000349727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6e73d1977c2ad02021-12-21 10:26:27.447root 11241100x8000000000000000349728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97da370b899f15202021-12-21 10:26:27.447root 11241100x8000000000000000349729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d8f44f698a16fa2021-12-21 10:26:27.448root 11241100x8000000000000000349730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a395a3015ccf9c542021-12-21 10:26:27.448root 11241100x8000000000000000349731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4035ef58ad3e29972021-12-21 10:26:27.448root 11241100x8000000000000000349732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e8c97c1bc0894c2021-12-21 10:26:27.448root 11241100x8000000000000000349733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76931948076fb872021-12-21 10:26:27.448root 11241100x8000000000000000349734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e20f090c112ca592021-12-21 10:26:27.448root 11241100x8000000000000000349735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c7afce3a6edea42021-12-21 10:26:27.448root 11241100x8000000000000000349736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbac8bc2210f47662021-12-21 10:26:27.448root 11241100x8000000000000000349737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4363f43040fca7ff2021-12-21 10:26:27.449root 11241100x8000000000000000349738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ac00c012b714c52021-12-21 10:26:27.449root 11241100x8000000000000000349739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4adca0b7e56953612021-12-21 10:26:27.449root 11241100x8000000000000000349740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cebf531a7cd484162021-12-21 10:26:27.449root 11241100x8000000000000000349741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b260959b72987c002021-12-21 10:26:27.449root 11241100x8000000000000000349742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801d2eb889b0750d2021-12-21 10:26:27.449root 11241100x8000000000000000349743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48eef03ab0d471e62021-12-21 10:26:27.450root 11241100x8000000000000000349744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d2b95808a27fb5a2021-12-21 10:26:27.450root 11241100x8000000000000000349745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65da02239ffa867d2021-12-21 10:26:27.450root 11241100x8000000000000000349746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df36a1d5c5ecf65b2021-12-21 10:26:27.450root 11241100x8000000000000000349747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e3cfa261f1b38e2021-12-21 10:26:27.450root 11241100x8000000000000000349748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cd09ff4eef23002021-12-21 10:26:27.450root 11241100x8000000000000000349749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e9c615e37e61cf2021-12-21 10:26:27.451root 11241100x8000000000000000349750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a206f648b891919d2021-12-21 10:26:27.452root 11241100x8000000000000000349751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05282a2a421c7c892021-12-21 10:26:27.452root 11241100x8000000000000000349752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf847982deba3bfb2021-12-21 10:26:27.452root 11241100x8000000000000000349753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea9301f447c16ec2021-12-21 10:26:27.452root 11241100x8000000000000000349754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f50da375a3a27e42021-12-21 10:26:27.452root 11241100x8000000000000000349755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bca8b8646453702021-12-21 10:26:27.452root 11241100x8000000000000000349756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6689b9e026b541112021-12-21 10:26:27.452root 11241100x8000000000000000349757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd286e4a27cf34ae2021-12-21 10:26:27.453root 11241100x8000000000000000349758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef798980550a2872021-12-21 10:26:27.453root 11241100x8000000000000000349759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d8fc4468482a042021-12-21 10:26:27.453root 11241100x8000000000000000349760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e35518c797f66b2021-12-21 10:26:27.453root 11241100x8000000000000000349761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb855bc275fcd2d2021-12-21 10:26:27.453root 11241100x8000000000000000349762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b072e1a71130c0df2021-12-21 10:26:27.453root 11241100x8000000000000000349763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd02ff5e5e2d745a2021-12-21 10:26:27.453root 11241100x8000000000000000349764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53b73142570de182021-12-21 10:26:27.454root 11241100x8000000000000000349765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e249af159b832e2021-12-21 10:26:27.454root 11241100x8000000000000000349766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530b74adea0aa5782021-12-21 10:26:27.454root 11241100x8000000000000000349767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.631a7089500242942021-12-21 10:26:27.943root 11241100x8000000000000000349768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd122c44388356d02021-12-21 10:26:27.943root 11241100x8000000000000000349769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f80b1fae7279832021-12-21 10:26:27.943root 11241100x8000000000000000349770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba107fdeda8fac972021-12-21 10:26:27.943root 11241100x8000000000000000349771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d3c5496e853dc12021-12-21 10:26:27.943root 11241100x8000000000000000349772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6670fc540dd7d3f2021-12-21 10:26:27.943root 11241100x8000000000000000349773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ff82a1ebd96e012021-12-21 10:26:27.943root 11241100x8000000000000000349774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8712bb5a165d5fe2021-12-21 10:26:27.943root 11241100x8000000000000000349775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7985b60de5437a532021-12-21 10:26:27.944root 11241100x8000000000000000349776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957b73bad65a12972021-12-21 10:26:27.944root 11241100x8000000000000000349777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287ea637c2147af32021-12-21 10:26:27.944root 11241100x8000000000000000349778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2adb97603a583d2021-12-21 10:26:27.944root 11241100x8000000000000000349779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a4ad77d0acee1a2021-12-21 10:26:27.944root 11241100x8000000000000000349780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045d303b204301ff2021-12-21 10:26:27.944root 11241100x8000000000000000349781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73e7715feb5f08f2021-12-21 10:26:27.944root 11241100x8000000000000000349782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5061dfec176cf7382021-12-21 10:26:27.944root 11241100x8000000000000000349783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38beef502a2ef0772021-12-21 10:26:27.944root 11241100x8000000000000000349784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea70605ce58d9442021-12-21 10:26:27.944root 11241100x8000000000000000349785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5939cc69c6170c522021-12-21 10:26:27.944root 11241100x8000000000000000349786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54779ff0593385582021-12-21 10:26:27.945root 11241100x8000000000000000349787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c148953feca356992021-12-21 10:26:27.945root 11241100x8000000000000000349788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.192361ff10c30f6d2021-12-21 10:26:27.945root 11241100x8000000000000000349789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4385f7aeefe299b12021-12-21 10:26:27.945root 11241100x8000000000000000349790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b9b6fff7f788c52021-12-21 10:26:27.945root 11241100x8000000000000000349791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e9a97fd1d7a0802021-12-21 10:26:27.945root 11241100x8000000000000000349792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7ee8fbd19ec5872021-12-21 10:26:27.945root 11241100x8000000000000000349793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9eb88eb6a41594d2021-12-21 10:26:27.945root 11241100x8000000000000000349794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b318ca3b78bd1a882021-12-21 10:26:27.945root 11241100x8000000000000000349795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4df81b122e47702021-12-21 10:26:27.945root 11241100x8000000000000000349796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c608056265d8dc12021-12-21 10:26:27.945root 11241100x8000000000000000349797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f10927ffd02cbf2021-12-21 10:26:27.946root 11241100x8000000000000000349798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774e1bf2383bbd3e2021-12-21 10:26:27.946root 11241100x8000000000000000349799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e36ace522dfe38872021-12-21 10:26:27.946root 11241100x8000000000000000349800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffc652a65470a7082021-12-21 10:26:27.946root 11241100x8000000000000000349801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c3b09ccee3401322021-12-21 10:26:27.946root 11241100x8000000000000000349802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36073ae923e383ec2021-12-21 10:26:27.946root 11241100x8000000000000000349803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209e2314f3e534752021-12-21 10:26:27.946root 11241100x8000000000000000349804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46def9d33fbb763f2021-12-21 10:26:27.947root 11241100x8000000000000000349805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520ec7cb47b06ca72021-12-21 10:26:27.947root 11241100x8000000000000000349806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daabba693cc3b4f02021-12-21 10:26:27.947root 11241100x8000000000000000349807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe2f2df6c4d8c6c2021-12-21 10:26:27.947root 11241100x8000000000000000349808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2037d8c412b9062021-12-21 10:26:27.947root 11241100x8000000000000000349809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a006105d2296622021-12-21 10:26:27.948root 11241100x8000000000000000349810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0bac80a21fa90162021-12-21 10:26:27.948root 11241100x8000000000000000349811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef23e3186db4fead2021-12-21 10:26:27.948root 11241100x8000000000000000349812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ad0eac15e8db422021-12-21 10:26:27.948root 11241100x8000000000000000349813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23692ca8f9953432021-12-21 10:26:27.948root 11241100x8000000000000000349814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0acac9486a22fec52021-12-21 10:26:27.948root 11241100x8000000000000000349815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88979db0c16abb102021-12-21 10:26:27.949root 11241100x8000000000000000349816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b234ad3b9563d22021-12-21 10:26:27.949root 11241100x8000000000000000349817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b69ad915ba23772021-12-21 10:26:27.949root 11241100x8000000000000000349818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821a0cdafabf60632021-12-21 10:26:27.949root 11241100x8000000000000000349819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1bc2ac25b5abeb82021-12-21 10:26:27.949root 11241100x8000000000000000349820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47236f5ae90d4e892021-12-21 10:26:27.950root 11241100x8000000000000000349821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb7d5f99cd2b22e2021-12-21 10:26:27.950root 11241100x8000000000000000349822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b91ceeb3433931da2021-12-21 10:26:27.950root 11241100x8000000000000000349823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1085ce6c493f23c2021-12-21 10:26:27.950root 11241100x8000000000000000349824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c146601d25a517f2021-12-21 10:26:27.950root 11241100x8000000000000000349825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a4dc32c521ef9f2021-12-21 10:26:27.950root 11241100x8000000000000000349826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ffb1b146bbbab82021-12-21 10:26:27.951root 11241100x8000000000000000349827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c5865550f62f2d2021-12-21 10:26:27.951root 11241100x8000000000000000349828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0072b3890c9e4172021-12-21 10:26:27.951root 11241100x8000000000000000349829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d708a381c79dacb2021-12-21 10:26:27.951root 11241100x8000000000000000349830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c9738818db95a042021-12-21 10:26:27.951root 11241100x8000000000000000349831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:27.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ecc4c69845ce0db2021-12-21 10:26:27.951root 11241100x8000000000000000349832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf249fccfdeba802021-12-21 10:26:28.443root 11241100x8000000000000000349833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bb26418ed3a5d242021-12-21 10:26:28.443root 11241100x8000000000000000349834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb1b8a60653b16c2021-12-21 10:26:28.443root 11241100x8000000000000000349835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a32b4431c38ca32021-12-21 10:26:28.443root 11241100x8000000000000000349836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e56baf80623c12692021-12-21 10:26:28.443root 11241100x8000000000000000349837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f3632877e9afe12021-12-21 10:26:28.444root 11241100x8000000000000000349838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0aa3b1b00a51162021-12-21 10:26:28.444root 11241100x8000000000000000349839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31b43817fe8fce82021-12-21 10:26:28.444root 11241100x8000000000000000349840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abdedc42d158a0d2021-12-21 10:26:28.444root 11241100x8000000000000000349841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a79c09763bfb4092021-12-21 10:26:28.444root 11241100x8000000000000000349842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a79388a72b709252021-12-21 10:26:28.444root 11241100x8000000000000000349843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e4394efeba9c852021-12-21 10:26:28.444root 11241100x8000000000000000349844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d5aa6b25c6543ee2021-12-21 10:26:28.444root 11241100x8000000000000000349845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9442afd65a2b2fe2021-12-21 10:26:28.444root 11241100x8000000000000000349846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67516c250727b8e72021-12-21 10:26:28.445root 11241100x8000000000000000349847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cefdd246afe606842021-12-21 10:26:28.445root 11241100x8000000000000000349848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a349f8cbfe91e02021-12-21 10:26:28.445root 11241100x8000000000000000349849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007b78ce872374dc2021-12-21 10:26:28.445root 11241100x8000000000000000349850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94854ce9915efc122021-12-21 10:26:28.445root 11241100x8000000000000000349851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d11b4fc9f8127f6c2021-12-21 10:26:28.445root 11241100x8000000000000000349852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b759dc37d6032ad2021-12-21 10:26:28.445root 11241100x8000000000000000349853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2493787335d8892021-12-21 10:26:28.445root 11241100x8000000000000000349854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53862efd5ef8bd902021-12-21 10:26:28.445root 11241100x8000000000000000349855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948a72d4b9db59852021-12-21 10:26:28.445root 11241100x8000000000000000349856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d7bc7ab37485122021-12-21 10:26:28.445root 11241100x8000000000000000349857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075604e5a3c055f82021-12-21 10:26:28.446root 11241100x8000000000000000349858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41bdfaae89ae1b92021-12-21 10:26:28.446root 11241100x8000000000000000349859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205355bb1bdfc6412021-12-21 10:26:28.446root 11241100x8000000000000000349860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d1249826ca97a22021-12-21 10:26:28.446root 11241100x8000000000000000349861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a51962098b9e632021-12-21 10:26:28.446root 11241100x8000000000000000349862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d191abd73b5fe9d2021-12-21 10:26:28.446root 11241100x8000000000000000349863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821ebb41f4766df02021-12-21 10:26:28.446root 11241100x8000000000000000349864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7449c00c61115302021-12-21 10:26:28.446root 11241100x8000000000000000349865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d7cc2b832ddf5202021-12-21 10:26:28.446root 11241100x8000000000000000349866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92b90590c894d84d2021-12-21 10:26:28.446root 11241100x8000000000000000349867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dae057fd995c9602021-12-21 10:26:28.447root 11241100x8000000000000000349868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c744627ad0312b402021-12-21 10:26:28.447root 11241100x8000000000000000349869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1cf6a41be0914c22021-12-21 10:26:28.447root 11241100x8000000000000000349870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a6c648320b67e72021-12-21 10:26:28.447root 11241100x8000000000000000349871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d4a687818f4a452021-12-21 10:26:28.447root 11241100x8000000000000000349872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17a6c7c5ab0051f2021-12-21 10:26:28.447root 11241100x8000000000000000349873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a987d2bb9be4f7922021-12-21 10:26:28.943root 11241100x8000000000000000349874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce53fb6d240d579e2021-12-21 10:26:28.943root 11241100x8000000000000000349875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9922191634a8ab3c2021-12-21 10:26:28.943root 11241100x8000000000000000349876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2804f05891a827502021-12-21 10:26:28.943root 11241100x8000000000000000349877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2641da2b3b96cf3a2021-12-21 10:26:28.944root 11241100x8000000000000000349878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e1c28d7d3085d82021-12-21 10:26:28.944root 11241100x8000000000000000349879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874a316b7f1b373c2021-12-21 10:26:28.944root 11241100x8000000000000000349880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e29832ac66cf9752021-12-21 10:26:28.944root 11241100x8000000000000000349881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47cb00f24516c7b2021-12-21 10:26:28.944root 11241100x8000000000000000349882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38fb783cd4eb6be12021-12-21 10:26:28.944root 11241100x8000000000000000349883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b593a0fca8828fb12021-12-21 10:26:28.944root 11241100x8000000000000000349884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e134e5337df0c84d2021-12-21 10:26:28.944root 11241100x8000000000000000349885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e8f44f0ea52ee02021-12-21 10:26:28.944root 11241100x8000000000000000349886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce7f454caa584d02021-12-21 10:26:28.945root 11241100x8000000000000000349887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3ce869d8a2bf142021-12-21 10:26:28.945root 11241100x8000000000000000349888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625f6d8ac110bdc42021-12-21 10:26:28.945root 11241100x8000000000000000349889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533a5afeee0544532021-12-21 10:26:28.945root 11241100x8000000000000000349890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c7b158db19c48ac2021-12-21 10:26:28.945root 11241100x8000000000000000349891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31dfa0f35e8b00db2021-12-21 10:26:28.945root 11241100x8000000000000000349892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c9ab001b3e3ecc2021-12-21 10:26:28.946root 11241100x8000000000000000349893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc4a1b58f0787fd2021-12-21 10:26:28.946root 11241100x8000000000000000349894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713e6cf6192d84182021-12-21 10:26:28.946root 11241100x8000000000000000349895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e81aa133a93302a2021-12-21 10:26:28.946root 11241100x8000000000000000349896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e18c7135ea98672021-12-21 10:26:28.946root 11241100x8000000000000000349897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc6d8860d01b3012021-12-21 10:26:28.947root 11241100x8000000000000000349898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a9ede725591e2e2021-12-21 10:26:28.947root 11241100x8000000000000000349899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a371b5fb776c612021-12-21 10:26:28.947root 11241100x8000000000000000349900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0a97993dcdd5ba52021-12-21 10:26:28.947root 11241100x8000000000000000349901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbecd78b1d2d1a52021-12-21 10:26:28.947root 11241100x8000000000000000349902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a48e10f5ded41692021-12-21 10:26:28.948root 11241100x8000000000000000349903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66daaab613305492021-12-21 10:26:28.948root 11241100x8000000000000000349904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4edcf0e811a79b12021-12-21 10:26:28.948root 11241100x8000000000000000349905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775afb9f6858a9a62021-12-21 10:26:28.948root 11241100x8000000000000000349906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4953bd98d544942021-12-21 10:26:28.948root 11241100x8000000000000000349907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef424f80a504e072021-12-21 10:26:28.949root 11241100x8000000000000000349908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29ba02189e160ab2021-12-21 10:26:28.949root 11241100x8000000000000000349909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de15047ef55191632021-12-21 10:26:28.949root 11241100x8000000000000000349910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fddf0846aa1b5c2021-12-21 10:26:28.950root 11241100x8000000000000000349911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b639747ad3556352021-12-21 10:26:28.950root 11241100x8000000000000000349912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e66dbfd62b4e2ee2021-12-21 10:26:28.950root 11241100x8000000000000000349913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c38c8d8fb14b922021-12-21 10:26:28.950root 11241100x8000000000000000349914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2ae0dea3ce2f482021-12-21 10:26:28.950root 11241100x8000000000000000349915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c464ed61b46830012021-12-21 10:26:28.951root 11241100x8000000000000000349916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3539517a34ebf7572021-12-21 10:26:28.951root 11241100x8000000000000000349917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:28.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f6de4e5cef386a32021-12-21 10:26:28.951root 354300x8000000000000000349918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.070{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47102-false10.0.1.12-8000- 11241100x8000000000000000349919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296589d4cf332c942021-12-21 10:26:29.443root 11241100x8000000000000000349920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9483e3407fa7105f2021-12-21 10:26:29.443root 11241100x8000000000000000349921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eeb0042f42d78172021-12-21 10:26:29.443root 11241100x8000000000000000349922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c116a5861d61cd2021-12-21 10:26:29.443root 11241100x8000000000000000349923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a594c9bf266fa4f2021-12-21 10:26:29.443root 11241100x8000000000000000349924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b144ce22143d872021-12-21 10:26:29.443root 11241100x8000000000000000349925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3670b445a7de922b2021-12-21 10:26:29.443root 11241100x8000000000000000349926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2889468b9cd5dfd72021-12-21 10:26:29.444root 11241100x8000000000000000349927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb317b4332757d6c2021-12-21 10:26:29.444root 11241100x8000000000000000349928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f07737efd1c33e2021-12-21 10:26:29.444root 11241100x8000000000000000349929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddaaa3485efc588f2021-12-21 10:26:29.444root 11241100x8000000000000000349930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d182ebabf1bee42021-12-21 10:26:29.444root 11241100x8000000000000000349931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1891e55a67dd7b2021-12-21 10:26:29.444root 11241100x8000000000000000349932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b6c5dd96e70bd72021-12-21 10:26:29.444root 11241100x8000000000000000349933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d2d9abb0c76cc92021-12-21 10:26:29.445root 11241100x8000000000000000349934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9f3facd3fa14b32021-12-21 10:26:29.445root 11241100x8000000000000000349935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4496f2dced6d66332021-12-21 10:26:29.445root 11241100x8000000000000000349936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b137c0492b888102021-12-21 10:26:29.445root 11241100x8000000000000000349937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b23a260025554ad2021-12-21 10:26:29.445root 11241100x8000000000000000349938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c387cef56ad4c42021-12-21 10:26:29.445root 11241100x8000000000000000349939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bdb78bd68f9d68d2021-12-21 10:26:29.445root 11241100x8000000000000000349940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b837bb3efec6a4b2021-12-21 10:26:29.445root 11241100x8000000000000000349941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ebf484a4e3d8ed2021-12-21 10:26:29.445root 11241100x8000000000000000349942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2bebfee1bd2d60a2021-12-21 10:26:29.446root 11241100x8000000000000000349943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb29b10045661c22021-12-21 10:26:29.446root 11241100x8000000000000000349944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a78e2d9af1c72e32021-12-21 10:26:29.446root 11241100x8000000000000000349945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4269770413f6272021-12-21 10:26:29.446root 11241100x8000000000000000349946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c7ad013958010432021-12-21 10:26:29.446root 11241100x8000000000000000349947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aac55f42dd918fc2021-12-21 10:26:29.446root 11241100x8000000000000000349948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a36af82f2b4ab42021-12-21 10:26:29.446root 11241100x8000000000000000349949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9560f4359636cbc2021-12-21 10:26:29.447root 11241100x8000000000000000349950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6eea0e95412e272021-12-21 10:26:29.447root 11241100x8000000000000000349951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8958380d5a75b20e2021-12-21 10:26:29.447root 11241100x8000000000000000349952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e49425eacadb032021-12-21 10:26:29.447root 11241100x8000000000000000349953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17281aecb6e4cf282021-12-21 10:26:29.447root 11241100x8000000000000000349954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18476e0c7abb79672021-12-21 10:26:29.447root 11241100x8000000000000000349955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e58a7d226fb5a32021-12-21 10:26:29.447root 11241100x8000000000000000349956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9c41256eded7b12021-12-21 10:26:29.447root 11241100x8000000000000000349957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709ee144c60c162d2021-12-21 10:26:29.448root 11241100x8000000000000000349958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c0c537eaf13c2c2021-12-21 10:26:29.448root 11241100x8000000000000000349959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4bc87c0a77047da2021-12-21 10:26:29.448root 11241100x8000000000000000349960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d6765210225d6e2021-12-21 10:26:29.448root 11241100x8000000000000000349961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9a22e1801e552a2021-12-21 10:26:29.448root 11241100x8000000000000000349962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce30149ba207b2d2021-12-21 10:26:29.448root 11241100x8000000000000000349963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e697014b14fe4fd2021-12-21 10:26:29.448root 11241100x8000000000000000349964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f0d92f16ad1dce2021-12-21 10:26:29.448root 11241100x8000000000000000349965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a963e411e777adbd2021-12-21 10:26:29.448root 11241100x8000000000000000349966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71595b261d3fb0f2021-12-21 10:26:29.943root 11241100x8000000000000000349967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e34824b944c4ab2021-12-21 10:26:29.943root 11241100x8000000000000000349968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6bc886d9d502cfc2021-12-21 10:26:29.943root 11241100x8000000000000000349969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174f6349227051062021-12-21 10:26:29.943root 11241100x8000000000000000349970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1d0c3ba29f5b612021-12-21 10:26:29.943root 11241100x8000000000000000349971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609e12da448346152021-12-21 10:26:29.943root 11241100x8000000000000000349972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a509b052f2248832021-12-21 10:26:29.943root 11241100x8000000000000000349973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0773763b8aaf092e2021-12-21 10:26:29.943root 11241100x8000000000000000349974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd46aed91b3204792021-12-21 10:26:29.943root 11241100x8000000000000000349975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c5371cc3168e902021-12-21 10:26:29.944root 11241100x8000000000000000349976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.276cac92664e60242021-12-21 10:26:29.944root 11241100x8000000000000000349977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b973486fcb966a02021-12-21 10:26:29.944root 11241100x8000000000000000349978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c283e026bd71f93d2021-12-21 10:26:29.944root 11241100x8000000000000000349979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b2fecd01dbd43a62021-12-21 10:26:29.944root 11241100x8000000000000000349980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5fd945bb9c83932021-12-21 10:26:29.944root 11241100x8000000000000000349981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25de9727fc66136c2021-12-21 10:26:29.944root 11241100x8000000000000000349982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f949b8c57b86902021-12-21 10:26:29.944root 11241100x8000000000000000349983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58da6982b335b3822021-12-21 10:26:29.944root 11241100x8000000000000000349984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249f7eee5b6b84f22021-12-21 10:26:29.945root 11241100x8000000000000000349985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b806170e6b54c02021-12-21 10:26:29.945root 11241100x8000000000000000349986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a348e19122c8672021-12-21 10:26:29.945root 11241100x8000000000000000349987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7c0c37523b908e2021-12-21 10:26:29.945root 11241100x8000000000000000349988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a721f2230ec8592021-12-21 10:26:29.945root 11241100x8000000000000000349989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e391654395e8192021-12-21 10:26:29.945root 11241100x8000000000000000349990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca90da503f79c8e2021-12-21 10:26:29.945root 11241100x8000000000000000349991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95fa7523bcfa1d252021-12-21 10:26:29.945root 11241100x8000000000000000349992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7833ea1c945fea592021-12-21 10:26:29.946root 11241100x8000000000000000349993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45313e2f61bc98de2021-12-21 10:26:29.946root 11241100x8000000000000000349994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae60de7b7257fc462021-12-21 10:26:29.946root 11241100x8000000000000000349995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227de17e20aca0192021-12-21 10:26:29.946root 11241100x8000000000000000349996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50f8f24c9848eb92021-12-21 10:26:29.946root 11241100x8000000000000000349997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de159c1969328e422021-12-21 10:26:29.946root 11241100x8000000000000000349998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d0c930730753fd2021-12-21 10:26:29.947root 11241100x8000000000000000349999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f8399b91fb79982021-12-21 10:26:29.947root 11241100x8000000000000000350000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80507758a4ae21132021-12-21 10:26:29.947root 11241100x8000000000000000350001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cf4052999c64922021-12-21 10:26:29.947root 11241100x8000000000000000350002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1536444a85d71392021-12-21 10:26:29.947root 11241100x8000000000000000350003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f03c2bdab843db32021-12-21 10:26:29.947root 11241100x8000000000000000350004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980452d93c3dccc02021-12-21 10:26:29.947root 11241100x8000000000000000350005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b009b3c9da953e02021-12-21 10:26:29.947root 11241100x8000000000000000350006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14775f3732d1559b2021-12-21 10:26:29.947root 11241100x8000000000000000350007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af98d08439c86b392021-12-21 10:26:29.947root 11241100x8000000000000000350008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e815d79319980422021-12-21 10:26:29.948root 11241100x8000000000000000350009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e5d94b5add0f2d2021-12-21 10:26:29.948root 11241100x8000000000000000350010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203772a40054a1222021-12-21 10:26:29.948root 11241100x8000000000000000350011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b35f137df025fc2021-12-21 10:26:29.948root 11241100x8000000000000000350012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca400ffb11d1d64c2021-12-21 10:26:29.948root 11241100x8000000000000000350013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a14d8e23ec427302021-12-21 10:26:29.948root 11241100x8000000000000000350014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4e40731b54509992021-12-21 10:26:29.948root 11241100x8000000000000000350015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378c4309aa6ff8682021-12-21 10:26:29.948root 11241100x8000000000000000350016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2fdfc4b741af7972021-12-21 10:26:29.948root 11241100x8000000000000000350017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8dd74ab983665aa2021-12-21 10:26:29.948root 11241100x8000000000000000350018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e4ebcccd768a172021-12-21 10:26:29.949root 11241100x8000000000000000350019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb47d0d3ccaf3882021-12-21 10:26:29.949root 11241100x8000000000000000350020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73579f775ac361c02021-12-21 10:26:29.949root 11241100x8000000000000000350021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1511a56cc08320bf2021-12-21 10:26:29.949root 11241100x8000000000000000350022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5e7e3776f78f8b2021-12-21 10:26:29.949root 11241100x8000000000000000350023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a1067276e90b022021-12-21 10:26:29.949root 11241100x8000000000000000350024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350f5da4efe77ad72021-12-21 10:26:29.949root 11241100x8000000000000000350025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32dc78c0923b2fc92021-12-21 10:26:29.949root 11241100x8000000000000000350026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5996a07dd1540812021-12-21 10:26:29.950root 11241100x8000000000000000350027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bf1a672ca60d482021-12-21 10:26:29.950root 11241100x8000000000000000350028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0454a44dff96f1002021-12-21 10:26:29.950root 11241100x8000000000000000350029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7b4653c13416782021-12-21 10:26:29.950root 11241100x8000000000000000350030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6330eb523e94d712021-12-21 10:26:29.950root 11241100x8000000000000000350031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:29.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d78e24f7882da8962021-12-21 10:26:29.950root 11241100x8000000000000000350032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55cb7e05db89377c2021-12-21 10:26:30.443root 11241100x8000000000000000350033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67066229daa99d6a2021-12-21 10:26:30.443root 11241100x8000000000000000350034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69712e5efcbee35b2021-12-21 10:26:30.443root 11241100x8000000000000000350035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82489d47658239cc2021-12-21 10:26:30.443root 11241100x8000000000000000350036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015e8af7f0c66c192021-12-21 10:26:30.443root 11241100x8000000000000000350037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c87b9b7249447a42021-12-21 10:26:30.443root 11241100x8000000000000000350038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2336de7c72b49242021-12-21 10:26:30.443root 11241100x8000000000000000350039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.497374db5f9a5c132021-12-21 10:26:30.443root 11241100x8000000000000000350040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43ca7f30bf73f1b2021-12-21 10:26:30.443root 11241100x8000000000000000350041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52997c48913f5272021-12-21 10:26:30.444root 11241100x8000000000000000350042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4dcad0d55b8afae2021-12-21 10:26:30.444root 11241100x8000000000000000350043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351c6ced19286eca2021-12-21 10:26:30.444root 11241100x8000000000000000350044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0446a61b2d77146a2021-12-21 10:26:30.444root 11241100x8000000000000000350045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65e097145415159f2021-12-21 10:26:30.444root 11241100x8000000000000000350046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ea6fdb15d15b272021-12-21 10:26:30.444root 11241100x8000000000000000350047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e99760e5f1db8472021-12-21 10:26:30.444root 11241100x8000000000000000350048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe0c8ef4a183179b2021-12-21 10:26:30.444root 11241100x8000000000000000350049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd824c7a2d50c8f2021-12-21 10:26:30.445root 11241100x8000000000000000350050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bbef9d6179496302021-12-21 10:26:30.445root 11241100x8000000000000000350051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f492ed0ab454022021-12-21 10:26:30.445root 11241100x8000000000000000350052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b72484a683af89f52021-12-21 10:26:30.445root 11241100x8000000000000000350053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4f3b8c55c655252021-12-21 10:26:30.445root 11241100x8000000000000000350054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a1243b7c1723a32021-12-21 10:26:30.445root 11241100x8000000000000000350055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1489be8d804835ed2021-12-21 10:26:30.445root 11241100x8000000000000000350056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d9d133f99f218932021-12-21 10:26:30.445root 11241100x8000000000000000350057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1073150566e2ae72021-12-21 10:26:30.445root 11241100x8000000000000000350058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6262b74206c303e32021-12-21 10:26:30.445root 11241100x8000000000000000350059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a059bad4d158b7f2021-12-21 10:26:30.445root 11241100x8000000000000000350060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8831e76491bdf4bc2021-12-21 10:26:30.445root 11241100x8000000000000000350061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc17a0916afc1042021-12-21 10:26:30.445root 11241100x8000000000000000350062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a3546032f76dc892021-12-21 10:26:30.446root 11241100x8000000000000000350063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697f13563f9c21412021-12-21 10:26:30.446root 11241100x8000000000000000350064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56bca52f0e4d9a7f2021-12-21 10:26:30.446root 11241100x8000000000000000350065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512f00e0f3d089e72021-12-21 10:26:30.446root 11241100x8000000000000000350066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5725d9e75790a32021-12-21 10:26:30.446root 11241100x8000000000000000350067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3e2a67cb86b4b02021-12-21 10:26:30.446root 11241100x8000000000000000350068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183e8485cd659e302021-12-21 10:26:30.446root 11241100x8000000000000000350069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c072ce1ffe2de52021-12-21 10:26:30.446root 11241100x8000000000000000350070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66b450d28fecce72021-12-21 10:26:30.447root 11241100x8000000000000000350071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78b7713b3385dd612021-12-21 10:26:30.448root 11241100x8000000000000000350072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3df8c2b52d53e52021-12-21 10:26:30.448root 11241100x8000000000000000350073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73d714d6dcfdb3792021-12-21 10:26:30.448root 11241100x8000000000000000350074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde6ae849156f7d22021-12-21 10:26:30.943root 11241100x8000000000000000350075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1c7966352134812021-12-21 10:26:30.943root 11241100x8000000000000000350076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd8ca1883e2e7812021-12-21 10:26:30.943root 11241100x8000000000000000350077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d473109b82a4b9a2021-12-21 10:26:30.943root 11241100x8000000000000000350078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a986c82c142344e2021-12-21 10:26:30.943root 11241100x8000000000000000350079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b776d5afd13aeba12021-12-21 10:26:30.943root 11241100x8000000000000000350080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f567a075bec09bd92021-12-21 10:26:30.943root 11241100x8000000000000000350081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c76806590dda9252021-12-21 10:26:30.943root 11241100x8000000000000000350082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad59b145b31e84e2021-12-21 10:26:30.943root 11241100x8000000000000000350083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87bc9a8b0b09cc382021-12-21 10:26:30.944root 11241100x8000000000000000350084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92484f4a5c663d282021-12-21 10:26:30.944root 11241100x8000000000000000350085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f98b5f67895dff32021-12-21 10:26:30.944root 11241100x8000000000000000350086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674dee3e76f78a2d2021-12-21 10:26:30.944root 11241100x8000000000000000350087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b375852d5254022021-12-21 10:26:30.944root 11241100x8000000000000000350088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0767beec04eba5112021-12-21 10:26:30.944root 11241100x8000000000000000350089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33e9135a7493b2c2021-12-21 10:26:30.944root 11241100x8000000000000000350090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ecc8956612a4082021-12-21 10:26:30.944root 11241100x8000000000000000350091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc64f90e2e34d0302021-12-21 10:26:30.944root 11241100x8000000000000000350092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cede5d45c9b81ad2021-12-21 10:26:30.944root 11241100x8000000000000000350093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2436e666581f382021-12-21 10:26:30.945root 11241100x8000000000000000350094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45cb8dcb16a217eb2021-12-21 10:26:30.945root 11241100x8000000000000000350095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c942cc5a7c41ec3a2021-12-21 10:26:30.945root 11241100x8000000000000000350096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2937dd6219ccff162021-12-21 10:26:30.945root 11241100x8000000000000000350097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f59a93392bcfd82021-12-21 10:26:30.945root 11241100x8000000000000000350098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30eabc193e4f4d652021-12-21 10:26:30.945root 11241100x8000000000000000350099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d1350c01c9c0542021-12-21 10:26:30.945root 11241100x8000000000000000350100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099558669c8b20df2021-12-21 10:26:30.945root 11241100x8000000000000000350101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13031081215cd7fc2021-12-21 10:26:30.945root 11241100x8000000000000000350102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60888079bf2720872021-12-21 10:26:30.945root 11241100x8000000000000000350103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b4ab51ab331cf02021-12-21 10:26:30.945root 11241100x8000000000000000350104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0052739032e9e8482021-12-21 10:26:30.945root 11241100x8000000000000000350105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b283146a3c23992021-12-21 10:26:30.945root 11241100x8000000000000000350106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cfbe0841486a3a2021-12-21 10:26:30.946root 11241100x8000000000000000350107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb3e824c5f5b9582021-12-21 10:26:30.946root 11241100x8000000000000000350108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48bbff53e37519772021-12-21 10:26:30.946root 11241100x8000000000000000350109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c425b5e934c466e2021-12-21 10:26:30.946root 11241100x8000000000000000350110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09468c4fbe5811cb2021-12-21 10:26:30.946root 11241100x8000000000000000350111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64743f0fea3191732021-12-21 10:26:30.946root 11241100x8000000000000000350112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77b8afa5f46508a62021-12-21 10:26:30.946root 11241100x8000000000000000350113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8fe981153f378f2021-12-21 10:26:30.946root 11241100x8000000000000000350114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1bf8ddd168e5352021-12-21 10:26:30.946root 11241100x8000000000000000350115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.107228c11dfbfb7c2021-12-21 10:26:30.946root 11241100x8000000000000000350116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16884dfe11d52942021-12-21 10:26:30.946root 11241100x8000000000000000350117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1faea84b8127945d2021-12-21 10:26:30.946root 11241100x8000000000000000350118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9406f850fe51fb442021-12-21 10:26:30.946root 11241100x8000000000000000350119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db686dae21451bed2021-12-21 10:26:30.946root 11241100x8000000000000000350120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9328bc792c8c722d2021-12-21 10:26:30.947root 11241100x8000000000000000350121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86affd1044aeaa12021-12-21 10:26:30.947root 11241100x8000000000000000350122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:30.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8411cdeba49e01bc2021-12-21 10:26:30.947root 11241100x8000000000000000350123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff670cbcdccd4fd2021-12-21 10:26:31.443root 11241100x8000000000000000350124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537c6c58067f7ee12021-12-21 10:26:31.443root 11241100x8000000000000000350125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3769b7a9bf47c69c2021-12-21 10:26:31.443root 11241100x8000000000000000350126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00e52815413f8682021-12-21 10:26:31.443root 11241100x8000000000000000350127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b36228fb0d5e712021-12-21 10:26:31.444root 11241100x8000000000000000350128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df33e9af82736a12021-12-21 10:26:31.444root 11241100x8000000000000000350129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127667244dbe9bdc2021-12-21 10:26:31.444root 11241100x8000000000000000350130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0a08859a662bac2021-12-21 10:26:31.444root 11241100x8000000000000000350131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f816fe76b608be12021-12-21 10:26:31.444root 11241100x8000000000000000350132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2f560765d879dd2021-12-21 10:26:31.444root 11241100x8000000000000000350133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d746eaf6dc46773a2021-12-21 10:26:31.445root 11241100x8000000000000000350134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790aa5069332be082021-12-21 10:26:31.445root 11241100x8000000000000000350135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005981f994e50f572021-12-21 10:26:31.445root 11241100x8000000000000000350136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd6de51dafb3fae2021-12-21 10:26:31.445root 11241100x8000000000000000350137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d23d5d667b68b4e2021-12-21 10:26:31.445root 11241100x8000000000000000350138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610ea47191e0bf592021-12-21 10:26:31.445root 11241100x8000000000000000350139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0fb62758355f4c22021-12-21 10:26:31.445root 11241100x8000000000000000350140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de362deed0bb2d5a2021-12-21 10:26:31.445root 11241100x8000000000000000350141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75b65388c72723e2021-12-21 10:26:31.445root 11241100x8000000000000000350142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2acdb7bd75979d8c2021-12-21 10:26:31.445root 11241100x8000000000000000350143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c78362ad5725002021-12-21 10:26:31.446root 11241100x8000000000000000350144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d692bc7aec462f262021-12-21 10:26:31.446root 11241100x8000000000000000350145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf002d118890b1ed2021-12-21 10:26:31.446root 11241100x8000000000000000350146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a947793569520602021-12-21 10:26:31.446root 11241100x8000000000000000350147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7340f29d139ac8d72021-12-21 10:26:31.446root 11241100x8000000000000000350148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ecd6602e9040d62021-12-21 10:26:31.446root 11241100x8000000000000000350149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b16d011e969f9522021-12-21 10:26:31.446root 11241100x8000000000000000350150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e3519fc82b7bb42021-12-21 10:26:31.446root 11241100x8000000000000000350151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a47e8b5c8602a32021-12-21 10:26:31.446root 11241100x8000000000000000350152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa4261cf40cb0d92021-12-21 10:26:31.446root 11241100x8000000000000000350153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c9e9318e337aea2021-12-21 10:26:31.447root 11241100x8000000000000000350154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93cfe917aa6294a2021-12-21 10:26:31.447root 11241100x8000000000000000350155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d59fcf5eceee6452021-12-21 10:26:31.447root 11241100x8000000000000000350156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1361034385bbce6c2021-12-21 10:26:31.447root 11241100x8000000000000000350157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c649bf0b0d381ab2021-12-21 10:26:31.447root 11241100x8000000000000000350158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd45b6e413a1bba2021-12-21 10:26:31.447root 11241100x8000000000000000350159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6a342d77f41a1d2021-12-21 10:26:31.447root 11241100x8000000000000000350160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce268f372a4fa53b2021-12-21 10:26:31.447root 11241100x8000000000000000350161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe03c66b760b20e2021-12-21 10:26:31.447root 11241100x8000000000000000350162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca5176c8383ed482021-12-21 10:26:31.448root 11241100x8000000000000000350163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fde4a8b1f978a7c2021-12-21 10:26:31.452root 11241100x8000000000000000350164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3baf7ec96aebca12021-12-21 10:26:31.943root 11241100x8000000000000000350165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ca1b7504032c9d2021-12-21 10:26:31.943root 11241100x8000000000000000350166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c2ff20b66cdd292021-12-21 10:26:31.943root 11241100x8000000000000000350167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c223f04a71b40be2021-12-21 10:26:31.943root 11241100x8000000000000000350168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d7cbc0c67d16ed2021-12-21 10:26:31.943root 11241100x8000000000000000350169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12154435fd356f752021-12-21 10:26:31.943root 11241100x8000000000000000350170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6106ba6e8d72aa9b2021-12-21 10:26:31.943root 11241100x8000000000000000350171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9747649f6b55f6742021-12-21 10:26:31.943root 11241100x8000000000000000350172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60eaaa090e0112752021-12-21 10:26:31.943root 11241100x8000000000000000350173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0f04b258128e0c2021-12-21 10:26:31.943root 11241100x8000000000000000350174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69967be20bf4d6b12021-12-21 10:26:31.943root 11241100x8000000000000000350175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2571e11a47350ca32021-12-21 10:26:31.944root 11241100x8000000000000000350176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde99b920009a1bc2021-12-21 10:26:31.944root 11241100x8000000000000000350177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3feaf60b505842cf2021-12-21 10:26:31.944root 11241100x8000000000000000350178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ab4484f1295ea72021-12-21 10:26:31.944root 11241100x8000000000000000350179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47b4c781dc880632021-12-21 10:26:31.944root 11241100x8000000000000000350180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbaf27e4a18416da2021-12-21 10:26:31.944root 11241100x8000000000000000350181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c74e55508ccdc322021-12-21 10:26:31.944root 11241100x8000000000000000350182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d825b59b6fcc8f412021-12-21 10:26:31.944root 11241100x8000000000000000350183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14dc6d6950282a92021-12-21 10:26:31.944root 11241100x8000000000000000350184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af39dae560100b42021-12-21 10:26:31.944root 11241100x8000000000000000350185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4da725c62bb9a8572021-12-21 10:26:31.944root 11241100x8000000000000000350186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc815cfa709fb53f2021-12-21 10:26:31.945root 11241100x8000000000000000350187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd61c6691058b3ee2021-12-21 10:26:31.945root 11241100x8000000000000000350188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e834311553a029d42021-12-21 10:26:31.945root 11241100x8000000000000000350189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e0b79770a9552b82021-12-21 10:26:31.945root 11241100x8000000000000000350190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aadf56c3a818c4262021-12-21 10:26:31.945root 11241100x8000000000000000350191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ffb64dbbf67e4e2021-12-21 10:26:31.945root 11241100x8000000000000000350192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99e210c615a14f72021-12-21 10:26:31.945root 11241100x8000000000000000350193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.938525bdc4a47b002021-12-21 10:26:31.945root 11241100x8000000000000000350194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3536a93144ccb992021-12-21 10:26:31.945root 11241100x8000000000000000350195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888e20f997763bf72021-12-21 10:26:31.945root 11241100x8000000000000000350196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01005046e35e74172021-12-21 10:26:31.945root 11241100x8000000000000000350197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfa3935db4292f62021-12-21 10:26:31.945root 11241100x8000000000000000350198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3369ad9530bc153b2021-12-21 10:26:31.945root 11241100x8000000000000000350199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd08f236d7c84e62021-12-21 10:26:31.945root 11241100x8000000000000000350200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eea6b1c36230dd22021-12-21 10:26:31.946root 11241100x8000000000000000350201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da28e240c7394d602021-12-21 10:26:31.946root 11241100x8000000000000000350202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363a1aa34ef7bca02021-12-21 10:26:31.946root 11241100x8000000000000000350203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2c2112f685f3472021-12-21 10:26:31.946root 11241100x8000000000000000350204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd29300230ffbf322021-12-21 10:26:31.946root 11241100x8000000000000000350205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d1089e492306172021-12-21 10:26:31.946root 11241100x8000000000000000350206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8bf41aa56f23752021-12-21 10:26:31.946root 11241100x8000000000000000350207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b254fbd8ba8ba5b2021-12-21 10:26:31.946root 11241100x8000000000000000350208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e520fb09eefad922021-12-21 10:26:31.946root 11241100x8000000000000000350209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c294b29f0dfb54d2021-12-21 10:26:31.946root 11241100x8000000000000000350210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ce6468b56725be2021-12-21 10:26:31.946root 11241100x8000000000000000350211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da0988cf880fc962021-12-21 10:26:31.947root 11241100x8000000000000000350212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e85ce347ba12b882021-12-21 10:26:31.947root 11241100x8000000000000000350213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678045111e8de9e42021-12-21 10:26:31.947root 11241100x8000000000000000350214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ed0d36643442e82021-12-21 10:26:31.947root 11241100x8000000000000000350215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a3e7a3e29124a62021-12-21 10:26:31.947root 11241100x8000000000000000350216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfa783f0f5a60a782021-12-21 10:26:31.947root 11241100x8000000000000000350217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b63dbd40fa66022021-12-21 10:26:31.947root 11241100x8000000000000000350218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0ab2bf5c1fa6c62021-12-21 10:26:31.947root 11241100x8000000000000000350219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ca1c561b8388f42021-12-21 10:26:31.948root 11241100x8000000000000000350220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5048586160a503112021-12-21 10:26:31.948root 11241100x8000000000000000350221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c4af735c811d772021-12-21 10:26:31.948root 11241100x8000000000000000350222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972d3f203589299a2021-12-21 10:26:31.948root 11241100x8000000000000000350223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d950276a35af8272021-12-21 10:26:31.948root 11241100x8000000000000000350224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f826158b451bcba2021-12-21 10:26:31.948root 11241100x8000000000000000350225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17be90b8c4a300e02021-12-21 10:26:31.948root 11241100x8000000000000000350226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731db5cb0e01360b2021-12-21 10:26:31.948root 11241100x8000000000000000350227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a361fdf098941bb2021-12-21 10:26:31.948root 11241100x8000000000000000350228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73045d006f9f8f4a2021-12-21 10:26:31.949root 11241100x8000000000000000350229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27692433074281212021-12-21 10:26:31.949root 11241100x8000000000000000350230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45370f235fa9ee62021-12-21 10:26:32.443root 11241100x8000000000000000350231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956a39fdc78d80c32021-12-21 10:26:32.444root 11241100x8000000000000000350232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c215b38a2e287342021-12-21 10:26:32.444root 11241100x8000000000000000350233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86df0dafe664cc22021-12-21 10:26:32.444root 11241100x8000000000000000350234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec9c45424cdc3cc2021-12-21 10:26:32.444root 11241100x8000000000000000350235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e23585a03723e02021-12-21 10:26:32.444root 11241100x8000000000000000350236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ca46cd59d7309a2021-12-21 10:26:32.444root 11241100x8000000000000000350237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c295803d11bb192021-12-21 10:26:32.444root 11241100x8000000000000000350238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6fc3215c6d5f112021-12-21 10:26:32.444root 11241100x8000000000000000350239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9906e3fe010a082021-12-21 10:26:32.444root 11241100x8000000000000000350240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9badf2bef9d7652021-12-21 10:26:32.444root 11241100x8000000000000000350241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abb5d91df0408cf2021-12-21 10:26:32.445root 11241100x8000000000000000350242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa89e2b39c536842021-12-21 10:26:32.445root 11241100x8000000000000000350243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3640ca94935017ac2021-12-21 10:26:32.445root 11241100x8000000000000000350244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a90e8f38c053512021-12-21 10:26:32.445root 11241100x8000000000000000350245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab29371f4a6ec6192021-12-21 10:26:32.445root 11241100x8000000000000000350246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0283408533e60acf2021-12-21 10:26:32.445root 11241100x8000000000000000350247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7848f08a91e3ba732021-12-21 10:26:32.445root 11241100x8000000000000000350248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550c5a83dc18ab7d2021-12-21 10:26:32.445root 11241100x8000000000000000350249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46f4c83b5ca32782021-12-21 10:26:32.445root 11241100x8000000000000000350250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0539ded04e2ff1fa2021-12-21 10:26:32.446root 11241100x8000000000000000350251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adffc4b5047239bf2021-12-21 10:26:32.446root 11241100x8000000000000000350252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b279e19ed841874f2021-12-21 10:26:32.446root 11241100x8000000000000000350253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b574d1e1137d72e2021-12-21 10:26:32.446root 11241100x8000000000000000350254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ace5ea47f160662021-12-21 10:26:32.446root 11241100x8000000000000000350255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294d018910c481a32021-12-21 10:26:32.446root 11241100x8000000000000000350256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798828f19ee6fc732021-12-21 10:26:32.446root 11241100x8000000000000000350257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4c0a3ca1a661cd2021-12-21 10:26:32.446root 11241100x8000000000000000350258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ababa105cda769b2021-12-21 10:26:32.446root 11241100x8000000000000000350259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af0f7d72568aa4f2021-12-21 10:26:32.447root 11241100x8000000000000000350260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46209dbe7a3c2d62021-12-21 10:26:32.447root 11241100x8000000000000000350261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7edd9e1952b33ae62021-12-21 10:26:32.447root 11241100x8000000000000000350262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb295c0ee3e9412b2021-12-21 10:26:32.447root 11241100x8000000000000000350263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.441a4ec2ae239ad52021-12-21 10:26:32.447root 11241100x8000000000000000350264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f67eb86054cb1f2021-12-21 10:26:32.447root 11241100x8000000000000000350265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324431cb645113982021-12-21 10:26:32.447root 11241100x8000000000000000350266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b34bbca33edc702021-12-21 10:26:32.447root 11241100x8000000000000000350267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3463e06df21a782021-12-21 10:26:32.447root 11241100x8000000000000000350268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9b88e08dc55fdc2021-12-21 10:26:32.448root 11241100x8000000000000000350269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62f2904d32105e3d2021-12-21 10:26:32.943root 11241100x8000000000000000350270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c70d8d8aa5e98b42021-12-21 10:26:32.944root 11241100x8000000000000000350271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949c0e9059a08e212021-12-21 10:26:32.944root 11241100x8000000000000000350272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc5fbf59a0786f52021-12-21 10:26:32.944root 11241100x8000000000000000350273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7faf8287a3c4441d2021-12-21 10:26:32.944root 11241100x8000000000000000350274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf4bb9ba7376f612021-12-21 10:26:32.944root 11241100x8000000000000000350275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741475f5e90406542021-12-21 10:26:32.944root 11241100x8000000000000000350276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feca629a3f703fdd2021-12-21 10:26:32.944root 11241100x8000000000000000350277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fe35dcbb3cf2d12021-12-21 10:26:32.945root 11241100x8000000000000000350278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a79b188cf580992021-12-21 10:26:32.945root 11241100x8000000000000000350279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcfbd2445551ae32021-12-21 10:26:32.945root 11241100x8000000000000000350280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46b7874fd4032fc22021-12-21 10:26:32.945root 11241100x8000000000000000350281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0030414da6b5e22021-12-21 10:26:32.945root 11241100x8000000000000000350282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3979fecc3e8294182021-12-21 10:26:32.945root 11241100x8000000000000000350283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2259e630d6f859422021-12-21 10:26:32.945root 11241100x8000000000000000350284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35773f3241b563e2021-12-21 10:26:32.945root 11241100x8000000000000000350285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af55e13fc50bb65d2021-12-21 10:26:32.946root 11241100x8000000000000000350286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eccb3b9b50282bdc2021-12-21 10:26:32.946root 11241100x8000000000000000350287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e563660363d2aa5d2021-12-21 10:26:32.946root 11241100x8000000000000000350288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9657a79a19dcf0e2021-12-21 10:26:32.947root 11241100x8000000000000000350289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f693588732561a92021-12-21 10:26:32.947root 11241100x8000000000000000350290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c79ee3d67b916e2021-12-21 10:26:32.947root 11241100x8000000000000000350291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4cd008ba3ad9282021-12-21 10:26:32.948root 11241100x8000000000000000350292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92eb8ed2d6e728e82021-12-21 10:26:32.948root 11241100x8000000000000000350293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3857fcb676d5c8872021-12-21 10:26:32.948root 11241100x8000000000000000350294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9213cae08790802021-12-21 10:26:32.949root 11241100x8000000000000000350295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4707f3574302dd52021-12-21 10:26:32.949root 11241100x8000000000000000350296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536d5680c49e54fe2021-12-21 10:26:32.949root 11241100x8000000000000000350297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcfff000b0e56762021-12-21 10:26:32.949root 11241100x8000000000000000350298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d24bb99c49b91b02021-12-21 10:26:32.949root 11241100x8000000000000000350299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69da550948e82df2021-12-21 10:26:32.951root 11241100x8000000000000000350300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03564e6b247c74212021-12-21 10:26:32.951root 11241100x8000000000000000350301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ac1a0f92510c482021-12-21 10:26:32.951root 11241100x8000000000000000350302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6853853b17bcb0042021-12-21 10:26:32.951root 11241100x8000000000000000350303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf859f0a4e2b94c42021-12-21 10:26:32.952root 11241100x8000000000000000350304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed968075992534c2021-12-21 10:26:32.953root 11241100x8000000000000000350305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f87a2680abc4df2021-12-21 10:26:32.953root 11241100x8000000000000000350306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66444abce572e5932021-12-21 10:26:32.953root 11241100x8000000000000000350307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82af0c6397f54aa82021-12-21 10:26:32.953root 11241100x8000000000000000350308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee5dab328f4ff852021-12-21 10:26:32.953root 11241100x8000000000000000350309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:32.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09c767bcd54324f2021-12-21 10:26:32.953root 11241100x8000000000000000350310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1865e10be7c78172021-12-21 10:26:33.443root 11241100x8000000000000000350311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c555717195b1e732021-12-21 10:26:33.443root 11241100x8000000000000000350312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21fac0f8c977e9a72021-12-21 10:26:33.443root 11241100x8000000000000000350313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407a2a8a57f6080f2021-12-21 10:26:33.443root 11241100x8000000000000000350314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1b2a4e4ff869c92021-12-21 10:26:33.443root 11241100x8000000000000000350315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0d20528b7cd61352021-12-21 10:26:33.444root 11241100x8000000000000000350316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b4346d48b8b1452021-12-21 10:26:33.444root 11241100x8000000000000000350317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4745ea8b885a18be2021-12-21 10:26:33.444root 11241100x8000000000000000350318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9da81b0e05beee42021-12-21 10:26:33.444root 11241100x8000000000000000350319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe0ec960c8b273a2021-12-21 10:26:33.444root 11241100x8000000000000000350320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3804726a3673d43f2021-12-21 10:26:33.444root 11241100x8000000000000000350321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2503e4109fb0f8e42021-12-21 10:26:33.444root 11241100x8000000000000000350322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3945a45463e23e072021-12-21 10:26:33.444root 11241100x8000000000000000350323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1e5d74816d89ec2021-12-21 10:26:33.444root 11241100x8000000000000000350324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f26b70f326ae2b2021-12-21 10:26:33.444root 11241100x8000000000000000350325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7be4c3e0bc65d62021-12-21 10:26:33.444root 11241100x8000000000000000350326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f44d410a9ea68cd2021-12-21 10:26:33.445root 11241100x8000000000000000350327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbdc3af50a83ef072021-12-21 10:26:33.445root 11241100x8000000000000000350328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee2f44b25ed664552021-12-21 10:26:33.445root 11241100x8000000000000000350329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1470cc2f3b2ea27d2021-12-21 10:26:33.445root 11241100x8000000000000000350330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440b2cc7991592312021-12-21 10:26:33.445root 11241100x8000000000000000350331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f15214a21d251412021-12-21 10:26:33.445root 11241100x8000000000000000350332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47ff5d17baff4a32021-12-21 10:26:33.445root 11241100x8000000000000000350333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a606daf0a463e702021-12-21 10:26:33.445root 11241100x8000000000000000350334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c3eb90ba74f97a2021-12-21 10:26:33.446root 11241100x8000000000000000350335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c7eb74a8876f592021-12-21 10:26:33.446root 11241100x8000000000000000350336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289fe813069cb9362021-12-21 10:26:33.446root 11241100x8000000000000000350337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797292fca7f2242f2021-12-21 10:26:33.446root 11241100x8000000000000000350338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42424e9a976dc9a82021-12-21 10:26:33.446root 11241100x8000000000000000350339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ac3893bd1f6cda2021-12-21 10:26:33.446root 11241100x8000000000000000350340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcde24e12ee569482021-12-21 10:26:33.447root 11241100x8000000000000000350341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b28c07ed557fd632021-12-21 10:26:33.447root 11241100x8000000000000000350342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c07cf904332facc2021-12-21 10:26:33.447root 11241100x8000000000000000350343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a802096abbed84cb2021-12-21 10:26:33.447root 11241100x8000000000000000350344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75bb1d2d2d6345bb2021-12-21 10:26:33.447root 11241100x8000000000000000350345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab2df7a3fece95b22021-12-21 10:26:33.447root 11241100x8000000000000000350346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba7dddf0fb1ad1072021-12-21 10:26:33.447root 11241100x8000000000000000350347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a08ddf8b086fe4a2021-12-21 10:26:33.448root 11241100x8000000000000000350348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6420dfca7c4bb02021-12-21 10:26:33.448root 11241100x8000000000000000350349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6b50dcc115931f2021-12-21 10:26:33.448root 11241100x8000000000000000350350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d213f826c7e13942021-12-21 10:26:33.448root 11241100x8000000000000000350351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8c4dc47184029a2021-12-21 10:26:33.448root 11241100x8000000000000000350352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74544d3a12c94892021-12-21 10:26:33.943root 11241100x8000000000000000350353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9a9394713b4f172021-12-21 10:26:33.943root 11241100x8000000000000000350354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eccab98fb63fb1232021-12-21 10:26:33.943root 11241100x8000000000000000350355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06eb0e48ff1702262021-12-21 10:26:33.943root 11241100x8000000000000000350356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e79a2c381c9561a2021-12-21 10:26:33.943root 11241100x8000000000000000350357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbdd3ced1d9d54b2021-12-21 10:26:33.944root 11241100x8000000000000000350358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e6eb8b9a90daf72021-12-21 10:26:33.944root 11241100x8000000000000000350359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9418aa5947aeaae2021-12-21 10:26:33.944root 11241100x8000000000000000350360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030d748cabd815132021-12-21 10:26:33.944root 11241100x8000000000000000350361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e57391a7fb239a2021-12-21 10:26:33.944root 11241100x8000000000000000350362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee76200b9f5038f2021-12-21 10:26:33.944root 11241100x8000000000000000350363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac574ff302b272742021-12-21 10:26:33.944root 11241100x8000000000000000350364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4f7d9869f3b8272021-12-21 10:26:33.945root 11241100x8000000000000000350365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63824eb465eeac992021-12-21 10:26:33.945root 11241100x8000000000000000350366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54eedc9cd7e24672021-12-21 10:26:33.945root 11241100x8000000000000000350367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f70e30818ea8e82021-12-21 10:26:33.945root 11241100x8000000000000000350368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7599e3b88529b212021-12-21 10:26:33.945root 11241100x8000000000000000350369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cff26ef48e716d62021-12-21 10:26:33.945root 11241100x8000000000000000350370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c566dea49acb568e2021-12-21 10:26:33.945root 11241100x8000000000000000350371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d51d395d5454792021-12-21 10:26:33.945root 11241100x8000000000000000350372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1578c351394259912021-12-21 10:26:33.945root 11241100x8000000000000000350373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e5207ddf61404b2021-12-21 10:26:33.945root 11241100x8000000000000000350374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb58fe5059ed5492021-12-21 10:26:33.945root 11241100x8000000000000000350375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100e4bfc54b283cc2021-12-21 10:26:33.946root 11241100x8000000000000000350376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da08661493a35522021-12-21 10:26:33.946root 11241100x8000000000000000350377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c6a59e819db2662021-12-21 10:26:33.946root 11241100x8000000000000000350378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa56de5a009f9b2f2021-12-21 10:26:33.946root 11241100x8000000000000000350379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652c3f6245138cb72021-12-21 10:26:33.946root 11241100x8000000000000000350380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f3782cbf4a2ba32021-12-21 10:26:33.946root 11241100x8000000000000000350381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650cd5a20e085e932021-12-21 10:26:33.947root 11241100x8000000000000000350382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2c81db633799c22021-12-21 10:26:33.947root 11241100x8000000000000000350383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6644d549dee92aec2021-12-21 10:26:33.947root 11241100x8000000000000000350384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdaddef9292f78252021-12-21 10:26:33.947root 11241100x8000000000000000350385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7f57f6e99c2b3d2021-12-21 10:26:33.947root 11241100x8000000000000000350386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865552ee7b415c922021-12-21 10:26:33.947root 11241100x8000000000000000350387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7283c09c1fdbf4572021-12-21 10:26:33.947root 11241100x8000000000000000350388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abdec0409e17fc662021-12-21 10:26:33.947root 11241100x8000000000000000350389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8659a2e26696de802021-12-21 10:26:33.948root 11241100x8000000000000000350390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:33.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b70a8ed0ed0361f2021-12-21 10:26:33.948root 354300x8000000000000000350391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.094{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47104-false10.0.1.12-8000- 11241100x8000000000000000350392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af87d1885d7763da2021-12-21 10:26:34.443root 11241100x8000000000000000350393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a478a6f794afdb582021-12-21 10:26:34.443root 11241100x8000000000000000350394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88ad8a57decc6e22021-12-21 10:26:34.443root 11241100x8000000000000000350395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b240a7bce46ad082021-12-21 10:26:34.443root 11241100x8000000000000000350396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4351efb9fc30a4672021-12-21 10:26:34.443root 11241100x8000000000000000350397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d21aca2a7229a22021-12-21 10:26:34.443root 11241100x8000000000000000350398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02749076560233622021-12-21 10:26:34.443root 11241100x8000000000000000350399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d137f9709e0b2082021-12-21 10:26:34.443root 11241100x8000000000000000350400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db81f44c4b243f412021-12-21 10:26:34.443root 11241100x8000000000000000350401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e595606317b700b2021-12-21 10:26:34.444root 11241100x8000000000000000350402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243052c88c396da02021-12-21 10:26:34.444root 11241100x8000000000000000350403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996d07c54a9af0da2021-12-21 10:26:34.444root 11241100x8000000000000000350404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd47101e11b1d4c2021-12-21 10:26:34.444root 11241100x8000000000000000350405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547fed317127b1dc2021-12-21 10:26:34.444root 11241100x8000000000000000350406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949a5b3df20f90b02021-12-21 10:26:34.444root 11241100x8000000000000000350407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0fb4d21eaac918d2021-12-21 10:26:34.444root 11241100x8000000000000000350408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a04ce78ed692ad52021-12-21 10:26:34.444root 11241100x8000000000000000350409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53f79f39c8208932021-12-21 10:26:34.444root 11241100x8000000000000000350410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52be93de224cdf532021-12-21 10:26:34.444root 11241100x8000000000000000350411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59106f5894f1e3b32021-12-21 10:26:34.445root 11241100x8000000000000000350412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087256eedf40831a2021-12-21 10:26:34.445root 11241100x8000000000000000350413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5625a1c45c55de2021-12-21 10:26:34.445root 11241100x8000000000000000350414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabe0ec3c60dced92021-12-21 10:26:34.445root 11241100x8000000000000000350415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40f2ed7320986af2021-12-21 10:26:34.445root 11241100x8000000000000000350416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2511f4475acf54a02021-12-21 10:26:34.445root 11241100x8000000000000000350417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73fc2710aad344cb2021-12-21 10:26:34.445root 11241100x8000000000000000350418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571940231bcffbf52021-12-21 10:26:34.445root 11241100x8000000000000000350419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8030032460e1ae2021-12-21 10:26:34.445root 11241100x8000000000000000350420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0c80ac463314c32021-12-21 10:26:34.446root 11241100x8000000000000000350421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5848c83f82821f742021-12-21 10:26:34.446root 11241100x8000000000000000350422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9941d44ac38a09082021-12-21 10:26:34.446root 11241100x8000000000000000350423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54654d4a104cdbc52021-12-21 10:26:34.446root 11241100x8000000000000000350424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e4d3a4c63c40602021-12-21 10:26:34.447root 11241100x8000000000000000350425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925c0ff52bde3f872021-12-21 10:26:34.447root 11241100x8000000000000000350426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9034d89c3e60a4f2021-12-21 10:26:34.447root 11241100x8000000000000000350427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b901f289e920c6052021-12-21 10:26:34.447root 11241100x8000000000000000350428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a106186199ebaaa2021-12-21 10:26:34.447root 11241100x8000000000000000350429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0a8d6181b0490b2021-12-21 10:26:34.447root 11241100x8000000000000000350430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f72c10b58e170c2021-12-21 10:26:34.447root 11241100x8000000000000000350431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2295a4a7213878fb2021-12-21 10:26:34.447root 11241100x8000000000000000350432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1c0200c2af34f82021-12-21 10:26:34.447root 11241100x8000000000000000350433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd8befa3f93a4202021-12-21 10:26:34.447root 11241100x8000000000000000350434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfd98f259219ab12021-12-21 10:26:34.448root 11241100x8000000000000000350435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f342c563a1eb04c2021-12-21 10:26:34.448root 11241100x8000000000000000350436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96bff13c65c7ce5e2021-12-21 10:26:34.448root 11241100x8000000000000000350437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e373a29a28fe6c5d2021-12-21 10:26:34.448root 11241100x8000000000000000350438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.569578f3b64055ac2021-12-21 10:26:34.448root 11241100x8000000000000000350439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab3db6e52f2a6de2021-12-21 10:26:34.448root 11241100x8000000000000000350440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b23f591150eefa62021-12-21 10:26:34.448root 11241100x8000000000000000350441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a162a5e681e0c0b62021-12-21 10:26:34.449root 11241100x8000000000000000350442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01f02e8ba73084632021-12-21 10:26:34.449root 11241100x8000000000000000350443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a837850ae031992021-12-21 10:26:34.449root 11241100x8000000000000000350444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7824896cf16fec3a2021-12-21 10:26:34.449root 11241100x8000000000000000350445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ba0e596fb042932021-12-21 10:26:34.449root 11241100x8000000000000000350446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0fc0049009889962021-12-21 10:26:34.449root 11241100x8000000000000000350447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc9bc526098c24c2021-12-21 10:26:34.449root 11241100x8000000000000000350448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51b2ca9ec6a54112021-12-21 10:26:34.449root 11241100x8000000000000000350449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed14b631fa752d52021-12-21 10:26:34.449root 11241100x8000000000000000350450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44795364a083635f2021-12-21 10:26:34.450root 11241100x8000000000000000350451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1342921af7cc9b02021-12-21 10:26:34.450root 11241100x8000000000000000350452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2078a2232e56ec882021-12-21 10:26:34.450root 11241100x8000000000000000350453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee92efb1826b81bc2021-12-21 10:26:34.450root 11241100x8000000000000000350454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ceb1167e2dedee2021-12-21 10:26:34.450root 11241100x8000000000000000350455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4525722499bad61d2021-12-21 10:26:34.450root 11241100x8000000000000000350456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb59183c4739f4c2021-12-21 10:26:34.450root 11241100x8000000000000000350457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90fda884085699db2021-12-21 10:26:34.450root 11241100x8000000000000000350458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32a64816bc6d7dd2021-12-21 10:26:34.450root 11241100x8000000000000000350459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3331e84156ff0f182021-12-21 10:26:34.450root 11241100x8000000000000000350460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac38c4ee8884a38e2021-12-21 10:26:34.943root 11241100x8000000000000000350461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8861af86247ab3ce2021-12-21 10:26:34.943root 11241100x8000000000000000350462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c65920f94921812021-12-21 10:26:34.943root 11241100x8000000000000000350463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7075479bf8fd5da82021-12-21 10:26:34.943root 11241100x8000000000000000350464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4bc02e8fe62e2a2021-12-21 10:26:34.944root 11241100x8000000000000000350465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17a3ef4711c72382021-12-21 10:26:34.944root 11241100x8000000000000000350466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178c3f4e4d2713eb2021-12-21 10:26:34.944root 11241100x8000000000000000350467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b94884568d08c52021-12-21 10:26:34.944root 11241100x8000000000000000350468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7635b9cfa0fc42782021-12-21 10:26:34.944root 11241100x8000000000000000350469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f9031201a7eaed2021-12-21 10:26:34.944root 11241100x8000000000000000350470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5449b2a9858ca5582021-12-21 10:26:34.945root 11241100x8000000000000000350471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3428564b89f1ecd62021-12-21 10:26:34.945root 11241100x8000000000000000350472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8201b1b4218e35b62021-12-21 10:26:34.945root 11241100x8000000000000000350473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3517ce274f52d9a32021-12-21 10:26:34.945root 11241100x8000000000000000350474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d0df66ac6f08f02021-12-21 10:26:34.945root 11241100x8000000000000000350475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8d5a44a4292fb12021-12-21 10:26:34.945root 11241100x8000000000000000350476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b49daf4921ff962021-12-21 10:26:34.945root 11241100x8000000000000000350477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872514a849e5b2182021-12-21 10:26:34.945root 11241100x8000000000000000350478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be6c1bcdbad3cef02021-12-21 10:26:34.946root 11241100x8000000000000000350479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62f8880b283a22f2021-12-21 10:26:34.946root 11241100x8000000000000000350480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b4b103e0241a802021-12-21 10:26:34.946root 11241100x8000000000000000350481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f26b4d1ac594b362021-12-21 10:26:34.946root 11241100x8000000000000000350482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866cc42228b4ec792021-12-21 10:26:34.946root 11241100x8000000000000000350483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5797ec9c40263f2021-12-21 10:26:34.946root 11241100x8000000000000000350484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b53cfe577fee4ff2021-12-21 10:26:34.946root 11241100x8000000000000000350485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0164dedb12b0482021-12-21 10:26:34.946root 11241100x8000000000000000350486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1c0aa1b22fe9dc2021-12-21 10:26:34.946root 11241100x8000000000000000350487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3cf865a0afdc092021-12-21 10:26:34.946root 11241100x8000000000000000350488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8d3f85107d7f4c2021-12-21 10:26:34.946root 11241100x8000000000000000350489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6283593062cfaa82021-12-21 10:26:34.947root 11241100x8000000000000000350490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0692d712c66f881b2021-12-21 10:26:34.947root 11241100x8000000000000000350491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f5db0d6ffcbad02021-12-21 10:26:34.947root 11241100x8000000000000000350492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a718d13adcf611542021-12-21 10:26:34.947root 11241100x8000000000000000350493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8f8c4790637ed92021-12-21 10:26:34.947root 11241100x8000000000000000350494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1106f688df89bb2021-12-21 10:26:34.947root 11241100x8000000000000000350495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88dc9bcc24aacab2021-12-21 10:26:34.947root 11241100x8000000000000000350496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75907302e7ab6242021-12-21 10:26:34.947root 11241100x8000000000000000350497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b38f49b876fad292021-12-21 10:26:34.948root 11241100x8000000000000000350498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b5f77c32b529772021-12-21 10:26:34.948root 11241100x8000000000000000350499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed062a24907d8802021-12-21 10:26:34.948root 11241100x8000000000000000350500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398ee462e5bd26cc2021-12-21 10:26:34.948root 11241100x8000000000000000350501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55181e69a232b6632021-12-21 10:26:34.948root 11241100x8000000000000000350502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b5c01855f96d692021-12-21 10:26:34.948root 11241100x8000000000000000350503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1cb2a5b5b9c6b462021-12-21 10:26:35.443root 11241100x8000000000000000350504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e670eb6b76502d2021-12-21 10:26:35.443root 11241100x8000000000000000350505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb6aab7ce195ca52021-12-21 10:26:35.443root 11241100x8000000000000000350506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63aba55d9ce62ce72021-12-21 10:26:35.443root 11241100x8000000000000000350507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba334cde5193a942021-12-21 10:26:35.443root 11241100x8000000000000000350508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371cf1c26cf44ca22021-12-21 10:26:35.444root 11241100x8000000000000000350509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31cca49cf96088cb2021-12-21 10:26:35.444root 11241100x8000000000000000350510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c388771e14d3782021-12-21 10:26:35.444root 11241100x8000000000000000350511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7569541febed822021-12-21 10:26:35.444root 11241100x8000000000000000350512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a28fcf10e214614d2021-12-21 10:26:35.444root 11241100x8000000000000000350513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e43a4aad26f7a142021-12-21 10:26:35.445root 11241100x8000000000000000350514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807a6e949e0b71812021-12-21 10:26:35.445root 11241100x8000000000000000350515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85c11d416141d7162021-12-21 10:26:35.445root 11241100x8000000000000000350516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01b4c45bdb44e702021-12-21 10:26:35.445root 11241100x8000000000000000350517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9281ba19aa87f0ca2021-12-21 10:26:35.445root 11241100x8000000000000000350518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7231bef8417b42eb2021-12-21 10:26:35.445root 11241100x8000000000000000350519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10932fbbfbfa23cd2021-12-21 10:26:35.445root 11241100x8000000000000000350520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e273ceacf9c3f59b2021-12-21 10:26:35.445root 11241100x8000000000000000350521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2190eb8494ae6a2021-12-21 10:26:35.445root 11241100x8000000000000000350522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c7ac09a68483f62021-12-21 10:26:35.446root 11241100x8000000000000000350523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7803ae71dfd688992021-12-21 10:26:35.446root 11241100x8000000000000000350524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1be4900c3d50adc2021-12-21 10:26:35.446root 11241100x8000000000000000350525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b85a994d3bdf26c2021-12-21 10:26:35.446root 11241100x8000000000000000350526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76c30406234060702021-12-21 10:26:35.446root 11241100x8000000000000000350527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235488b0ee8559ec2021-12-21 10:26:35.446root 11241100x8000000000000000350528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36ae192921699022021-12-21 10:26:35.446root 11241100x8000000000000000350529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6464bf2d29d52e82021-12-21 10:26:35.447root 11241100x8000000000000000350530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a89753373ff2cb1e2021-12-21 10:26:35.447root 11241100x8000000000000000350531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150c58cd19e798842021-12-21 10:26:35.447root 11241100x8000000000000000350532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438a5088b9ee11382021-12-21 10:26:35.447root 11241100x8000000000000000350533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.594a4fd30700881d2021-12-21 10:26:35.447root 11241100x8000000000000000350534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0ac0d9a92339712021-12-21 10:26:35.447root 11241100x8000000000000000350535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7581ad6429022e322021-12-21 10:26:35.447root 11241100x8000000000000000350536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f124774005e8542021-12-21 10:26:35.448root 11241100x8000000000000000350537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65050b5fc66751a12021-12-21 10:26:35.448root 11241100x8000000000000000350538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af579288e50b781a2021-12-21 10:26:35.448root 11241100x8000000000000000350539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc835c33b333de52021-12-21 10:26:35.448root 11241100x8000000000000000350540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cf782c902eac6f2021-12-21 10:26:35.448root 11241100x8000000000000000350541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d2b1d1c0dfa36e2021-12-21 10:26:35.448root 11241100x8000000000000000350542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712d6dc9e021ca712021-12-21 10:26:35.448root 11241100x8000000000000000350543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937291378f571cab2021-12-21 10:26:35.449root 11241100x8000000000000000350544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348b4f8e76da0c9d2021-12-21 10:26:35.449root 11241100x8000000000000000350545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1c34645f05cbd82021-12-21 10:26:35.449root 11241100x8000000000000000350546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf347fcb9cf710bc2021-12-21 10:26:35.449root 11241100x8000000000000000350547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a27477685ac01922021-12-21 10:26:35.449root 11241100x8000000000000000350548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4a9e0f217f86992021-12-21 10:26:35.449root 11241100x8000000000000000350549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0615ee8ce756602021-12-21 10:26:35.449root 11241100x8000000000000000350550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6d442f378092102021-12-21 10:26:35.450root 11241100x8000000000000000350551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5055fd2b70aedf952021-12-21 10:26:35.943root 11241100x8000000000000000350552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c0c6fd3d3592072021-12-21 10:26:35.943root 11241100x8000000000000000350553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31d8dde6f55d7a72021-12-21 10:26:35.944root 11241100x8000000000000000350554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2120c0966904834b2021-12-21 10:26:35.944root 11241100x8000000000000000350555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9c7a2efad390e32021-12-21 10:26:35.944root 11241100x8000000000000000350556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b1319754f3d82122021-12-21 10:26:35.944root 11241100x8000000000000000350557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ec5949697a08732021-12-21 10:26:35.944root 11241100x8000000000000000350558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b730f1fdc82e32722021-12-21 10:26:35.944root 11241100x8000000000000000350559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8413a7ee32f6838b2021-12-21 10:26:35.945root 11241100x8000000000000000350560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496950bd665408b02021-12-21 10:26:35.945root 11241100x8000000000000000350561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18859f7af90e991e2021-12-21 10:26:35.945root 11241100x8000000000000000350562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97770d3982af47d92021-12-21 10:26:35.945root 11241100x8000000000000000350563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52bef0853f770612021-12-21 10:26:35.945root 11241100x8000000000000000350564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fca41ea76f52a252021-12-21 10:26:35.945root 11241100x8000000000000000350565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc66fbeb1d81c9ea2021-12-21 10:26:35.945root 11241100x8000000000000000350566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b333cb344a799612021-12-21 10:26:35.945root 11241100x8000000000000000350567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b364018f9ad88fc2021-12-21 10:26:35.945root 11241100x8000000000000000350568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95ea834736526fe2021-12-21 10:26:35.946root 11241100x8000000000000000350569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38cb18fc3b9288e62021-12-21 10:26:35.946root 11241100x8000000000000000350570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1679ea2451e60432021-12-21 10:26:35.946root 11241100x8000000000000000350571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f150b50df7f77f952021-12-21 10:26:35.946root 11241100x8000000000000000350572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c529df9235eb7ab2021-12-21 10:26:35.946root 11241100x8000000000000000350573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421eff2cc69e831a2021-12-21 10:26:35.946root 11241100x8000000000000000350574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc2c5627b045c982021-12-21 10:26:35.946root 11241100x8000000000000000350575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc646723c48d2f412021-12-21 10:26:35.946root 11241100x8000000000000000350576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06155c8079f4f6962021-12-21 10:26:35.947root 11241100x8000000000000000350577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33872a2224008be22021-12-21 10:26:35.947root 11241100x8000000000000000350578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92a3c4509dbf3a42021-12-21 10:26:35.947root 11241100x8000000000000000350579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ddd588bc84dfe682021-12-21 10:26:35.947root 11241100x8000000000000000350580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190e3f4a69fac0902021-12-21 10:26:35.947root 11241100x8000000000000000350581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929aa72ba2a918372021-12-21 10:26:35.947root 11241100x8000000000000000350582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a73c184744c2c62021-12-21 10:26:35.947root 11241100x8000000000000000350583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367ddf159deff4242021-12-21 10:26:35.947root 11241100x8000000000000000350584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d029a8a54f8a7b62021-12-21 10:26:35.948root 11241100x8000000000000000350585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec29848f49076502021-12-21 10:26:35.948root 11241100x8000000000000000350586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccac653b8cd5f8d42021-12-21 10:26:35.948root 11241100x8000000000000000350587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.372f3a2c05c983772021-12-21 10:26:35.948root 11241100x8000000000000000350588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:35.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38795fbfde2b52b12021-12-21 10:26:35.948root 11241100x8000000000000000350589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:36.348{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:26:36.348root 11241100x8000000000000000350590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:36.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea54ed42d425acc2021-12-21 10:26:36.349root 11241100x8000000000000000350591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:36.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195679e25bc810d22021-12-21 10:26:36.350root 11241100x8000000000000000350592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:36.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.036f17f9b5ee753a2021-12-21 10:26:36.350root 11241100x8000000000000000350593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:36.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce747446cd56ed572021-12-21 10:26:36.350root 11241100x8000000000000000350594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:36.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9152533a3a8656852021-12-21 10:26:36.350root 11241100x8000000000000000350595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:36.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5ac85870cb4f3f2021-12-21 10:26:36.350root 11241100x8000000000000000350596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:36.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398498b7a7306b852021-12-21 10:26:36.351root 11241100x8000000000000000350597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:36.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf1dc5e31fb9a492021-12-21 10:26:36.351root 11241100x8000000000000000350598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:36.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a8a2e72c60893e2021-12-21 10:26:36.351root 11241100x8000000000000000350599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:36.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062494ddea0ca3282021-12-21 10:26:36.351root 11241100x8000000000000000350600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:36.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c4ef2a6cbec3cc2021-12-21 10:26:36.352root 11241100x8000000000000000350601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:36.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.309b61ededcf01242021-12-21 10:26:36.352root 11241100x8000000000000000350602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:36.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9235235e2d57ea612021-12-21 10:26:36.352root 11241100x8000000000000000350603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:36.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd8e0bc47cee62e2021-12-21 10:26:36.352root 11241100x8000000000000000350604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:36.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea28e71ca620e802021-12-21 10:26:36.352root 11241100x8000000000000000350605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:36.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d9c4221f50f6f32021-12-21 10:26:36.352root 11241100x8000000000000000350606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:36.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e4eb039cb08dea2021-12-21 10:26:36.352root 11241100x8000000000000000350639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79706e8a33432d012021-12-21 10:26:36.693root 11241100x8000000000000000350640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3794d9264e9c32b82021-12-21 10:26:36.694root 11241100x8000000000000000350641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fedcb5471f85e042021-12-21 10:26:36.694root 11241100x8000000000000000350642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12987689c64361f12021-12-21 10:26:36.694root 11241100x8000000000000000350643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76793158bc8a62092021-12-21 10:26:36.694root 11241100x8000000000000000350644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc93c9fdb7f9f1d2021-12-21 10:26:37.193root 11241100x8000000000000000350645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03879ca69224114c2021-12-21 10:26:37.193root 11241100x8000000000000000350646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c665775f6ffb5d2021-12-21 10:26:37.193root 11241100x8000000000000000350647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e96309eef7059c222021-12-21 10:26:37.193root 11241100x8000000000000000350648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b67f013e7858d72021-12-21 10:26:37.193root 11241100x8000000000000000350649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c36d6dbadcac2c32021-12-21 10:26:37.693root 11241100x8000000000000000350650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fca158dc798abcf2021-12-21 10:26:37.693root 11241100x8000000000000000350651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ef5a1a7ddd26942021-12-21 10:26:37.693root 11241100x8000000000000000350652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50505afd1f8b6b462021-12-21 10:26:37.693root 11241100x8000000000000000350653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a047206607a9d5ed2021-12-21 10:26:37.693root 11241100x8000000000000000350654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:38.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bfb550816a147b2021-12-21 10:26:38.192root 11241100x8000000000000000350655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2345331767d28972021-12-21 10:26:38.193root 11241100x8000000000000000350656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1dbf39df0153d6f2021-12-21 10:26:38.193root 11241100x8000000000000000350657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee6b9500cf2875412021-12-21 10:26:38.193root 11241100x8000000000000000350658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6671e0bd8f1731ba2021-12-21 10:26:38.193root 11241100x8000000000000000350659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47560b1234addc222021-12-21 10:26:38.693root 11241100x8000000000000000350660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55104e2a34bdaf6e2021-12-21 10:26:38.693root 11241100x8000000000000000350661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc29dd98aba19e302021-12-21 10:26:38.693root 11241100x8000000000000000350662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432180f59fbb61362021-12-21 10:26:38.693root 11241100x8000000000000000350663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7de4e41f77362c02021-12-21 10:26:38.693root 11241100x8000000000000000350664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965194905d5347d62021-12-21 10:26:39.193root 11241100x8000000000000000350665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1da8c8b620c50242021-12-21 10:26:39.193root 11241100x8000000000000000350666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585e9ff09e3e428e2021-12-21 10:26:39.193root 11241100x8000000000000000350667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97f7785c19cdd612021-12-21 10:26:39.193root 11241100x8000000000000000350668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.324267ffbe528a7c2021-12-21 10:26:39.193root 23542300x8000000000000000350669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:39.350{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000350670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3750b181a7543f922021-12-21 10:26:39.693root 11241100x8000000000000000350671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed8e603d40952752021-12-21 10:26:39.694root 11241100x8000000000000000350672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e62dbab05391812021-12-21 10:26:39.694root 11241100x8000000000000000350673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85226dcaa874b5c52021-12-21 10:26:39.694root 11241100x8000000000000000350674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5975f2e49f9d5c82021-12-21 10:26:39.694root 11241100x8000000000000000350675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3773df160b08856b2021-12-21 10:26:39.694root 354300x8000000000000000350676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:40.042{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47106-false10.0.1.12-8000- 11241100x8000000000000000350677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:40.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.712e7e4f7f128b0e2021-12-21 10:26:40.043root 11241100x8000000000000000350678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:40.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c26c301c2f504bc2021-12-21 10:26:40.044root 11241100x8000000000000000350679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:40.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79089865ede7eb3a2021-12-21 10:26:40.044root 11241100x8000000000000000350680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:40.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d1aea0e76a83f62021-12-21 10:26:40.044root 11241100x8000000000000000350681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:40.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06961b9c907c6e62021-12-21 10:26:40.044root 11241100x8000000000000000350682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:40.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89a1b79e899415992021-12-21 10:26:40.044root 11241100x8000000000000000350683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:40.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b96c8054ac579f2021-12-21 10:26:40.044root 11241100x8000000000000000350684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dbc6013817b4d302021-12-21 10:26:40.443root 11241100x8000000000000000350685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74074df41201784a2021-12-21 10:26:40.443root 11241100x8000000000000000350686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4a8aaff05de3f82021-12-21 10:26:40.443root 11241100x8000000000000000350687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4945696f7d34bf6e2021-12-21 10:26:40.443root 11241100x8000000000000000350688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7409a93a7ccb6d4a2021-12-21 10:26:40.443root 11241100x8000000000000000350689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ed4e425caffcb52021-12-21 10:26:40.443root 11241100x8000000000000000350690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:40.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24f05055cc46cb8a2021-12-21 10:26:40.443root 11241100x8000000000000000350691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb35e331975407a2021-12-21 10:26:40.943root 11241100x8000000000000000350692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888a125a0f6b760c2021-12-21 10:26:40.943root 11241100x8000000000000000350693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb7b1abcd0668262021-12-21 10:26:40.943root 11241100x8000000000000000350694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346e8e922e54c0512021-12-21 10:26:40.943root 11241100x8000000000000000350695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8faada8d581d072c2021-12-21 10:26:40.943root 11241100x8000000000000000350696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6fff9be11e19a42021-12-21 10:26:40.943root 11241100x8000000000000000350697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:40.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2c60660d4f39332021-12-21 10:26:40.943root 11241100x8000000000000000350698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a852b1387591f8e2021-12-21 10:26:41.443root 11241100x8000000000000000350699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086957fb1de77bfd2021-12-21 10:26:41.443root 11241100x8000000000000000350700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20eeddb482508bd42021-12-21 10:26:41.443root 11241100x8000000000000000350701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f5c4c7a03c535a2021-12-21 10:26:41.443root 11241100x8000000000000000350702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a991bcefaa94b34c2021-12-21 10:26:41.443root 11241100x8000000000000000350703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7db9b66fbb3c3692021-12-21 10:26:41.443root 11241100x8000000000000000350704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b461646e6370fe22021-12-21 10:26:41.443root 11241100x8000000000000000350705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0a8e0a66626a782021-12-21 10:26:41.943root 11241100x8000000000000000350706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7473c4f9b43edd9c2021-12-21 10:26:41.943root 11241100x8000000000000000350707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a5600f0d8cdb4b2021-12-21 10:26:41.943root 11241100x8000000000000000350708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb10904023986772021-12-21 10:26:41.943root 11241100x8000000000000000350709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e38533d23b9a532021-12-21 10:26:41.943root 11241100x8000000000000000350710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8a03100830b1352021-12-21 10:26:41.943root 11241100x8000000000000000350711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e2cee329130722a2021-12-21 10:26:41.943root 11241100x8000000000000000350712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b9e444cec59d0112021-12-21 10:26:42.443root 11241100x8000000000000000350713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3205cc737073c4dd2021-12-21 10:26:42.443root 11241100x8000000000000000350714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90decc8b6e565d312021-12-21 10:26:42.443root 11241100x8000000000000000350715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba4841f827f39352021-12-21 10:26:42.443root 11241100x8000000000000000350716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9838d4a360204532021-12-21 10:26:42.443root 11241100x8000000000000000350717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f27aef9de4d744f2021-12-21 10:26:42.443root 11241100x8000000000000000350718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8ed9bbb20b53812021-12-21 10:26:42.443root 11241100x8000000000000000350719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184ee6c929ced3392021-12-21 10:26:42.943root 11241100x8000000000000000350720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24537a39cc5f30412021-12-21 10:26:42.943root 11241100x8000000000000000350721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48c15f9e3bda8eb2021-12-21 10:26:42.943root 11241100x8000000000000000350722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a3e7c34e30ba472021-12-21 10:26:42.943root 11241100x8000000000000000350723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0dc1b664ec9d2a2021-12-21 10:26:42.943root 11241100x8000000000000000350724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f600317c34d0b6f2021-12-21 10:26:42.943root 11241100x8000000000000000350725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f475e72ecdb4cecc2021-12-21 10:26:42.943root 11241100x8000000000000000350726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec74466119af9f62021-12-21 10:26:43.443root 11241100x8000000000000000350727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d8adf1305a51a22021-12-21 10:26:43.443root 11241100x8000000000000000350728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a1b3a5d82faea82021-12-21 10:26:43.443root 11241100x8000000000000000350729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eee84a74366df522021-12-21 10:26:43.443root 11241100x8000000000000000350730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87dce465baa92aef2021-12-21 10:26:43.443root 11241100x8000000000000000350731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940f5c170be9b2222021-12-21 10:26:43.443root 11241100x8000000000000000350732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f49591239b690152021-12-21 10:26:43.443root 11241100x8000000000000000350733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7373e2da2d65aa2021-12-21 10:26:43.943root 11241100x8000000000000000350734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490163f9a8269d5a2021-12-21 10:26:43.943root 11241100x8000000000000000350735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2400b39f2a14eed2021-12-21 10:26:43.943root 11241100x8000000000000000350736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc97478f6fb9b4eb2021-12-21 10:26:43.943root 11241100x8000000000000000350737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4169ef1921cab3672021-12-21 10:26:43.943root 11241100x8000000000000000350738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7457ccca83e7b62021-12-21 10:26:43.943root 11241100x8000000000000000350739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d57964a9dad6e22021-12-21 10:26:43.943root 11241100x8000000000000000350740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.662a6f9f82d106262021-12-21 10:26:44.443root 11241100x8000000000000000350741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ffb1723f84b77c2021-12-21 10:26:44.443root 11241100x8000000000000000350742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a29bf2b146d08b22021-12-21 10:26:44.443root 11241100x8000000000000000350743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de72f0614b01a4a2021-12-21 10:26:44.443root 11241100x8000000000000000350744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca25ffabb3ae7682021-12-21 10:26:44.443root 11241100x8000000000000000350745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077c582474eda9a22021-12-21 10:26:44.443root 11241100x8000000000000000350746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8a82f243d5983d2021-12-21 10:26:44.443root 11241100x8000000000000000350747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087ee92ffeaf6d1d2021-12-21 10:26:44.943root 11241100x8000000000000000350748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b4e3a53437e9302021-12-21 10:26:44.943root 11241100x8000000000000000350749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558d74fbbb8905ff2021-12-21 10:26:44.943root 11241100x8000000000000000350750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b6cb4f2777ea1a2021-12-21 10:26:44.943root 11241100x8000000000000000350751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2c4feb098c7e4e2021-12-21 10:26:44.943root 11241100x8000000000000000350752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6610c7217fa1cff2021-12-21 10:26:44.943root 11241100x8000000000000000350753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b566a7e8efd12262021-12-21 10:26:44.943root 354300x8000000000000000350754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:45.079{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47108-false10.0.1.12-8000- 11241100x8000000000000000350755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a146a289ae6f4c92021-12-21 10:26:45.443root 11241100x8000000000000000350756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c28d4a8a1a45812021-12-21 10:26:45.443root 11241100x8000000000000000350757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15170fbcb1c78762021-12-21 10:26:45.443root 11241100x8000000000000000350758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd89a3841a8d35d2021-12-21 10:26:45.443root 11241100x8000000000000000350759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56843d5c45281cf52021-12-21 10:26:45.443root 11241100x8000000000000000350760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce093e0734822b8b2021-12-21 10:26:45.443root 11241100x8000000000000000350761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fed2505dc647b02021-12-21 10:26:45.443root 11241100x8000000000000000350762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716bf4b0082b8a5e2021-12-21 10:26:45.443root 11241100x8000000000000000350763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:45.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ba8a64f37d80032021-12-21 10:26:45.942root 11241100x8000000000000000350764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1780acca45aacfd2021-12-21 10:26:45.943root 11241100x8000000000000000350765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb49042a67ef53e92021-12-21 10:26:45.943root 11241100x8000000000000000350766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f23d4afe1a55b2a2021-12-21 10:26:45.943root 11241100x8000000000000000350767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ee62c0d73311772021-12-21 10:26:45.943root 11241100x8000000000000000350768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12705e650e9da1d22021-12-21 10:26:45.943root 11241100x8000000000000000350769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08935600cb33404f2021-12-21 10:26:45.943root 11241100x8000000000000000350770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1035f573232fd8082021-12-21 10:26:45.943root 11241100x8000000000000000350771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c59fdd56fd4df772021-12-21 10:26:46.443root 11241100x8000000000000000350772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473554108878c40a2021-12-21 10:26:46.443root 11241100x8000000000000000350773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b8f231d6f9390f2021-12-21 10:26:46.443root 11241100x8000000000000000350774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a9c3e5f3b2dc3672021-12-21 10:26:46.443root 11241100x8000000000000000350775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34bd76d1b51ac8582021-12-21 10:26:46.443root 11241100x8000000000000000350776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead631bb406726a82021-12-21 10:26:46.443root 11241100x8000000000000000350777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e195026eba9de3dd2021-12-21 10:26:46.443root 11241100x8000000000000000350778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d885bfcbb6edf03c2021-12-21 10:26:46.443root 11241100x8000000000000000350779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b639e2bc01a90052021-12-21 10:26:46.943root 11241100x8000000000000000350780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591ca763ab63ae352021-12-21 10:26:46.943root 11241100x8000000000000000350781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce558c6dd37451f02021-12-21 10:26:46.943root 11241100x8000000000000000350782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb940cc215f4f2e22021-12-21 10:26:46.943root 11241100x8000000000000000350783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed107bab73426e532021-12-21 10:26:46.943root 11241100x8000000000000000350784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56253eb637ee20302021-12-21 10:26:46.943root 11241100x8000000000000000350785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619907f3fedd981d2021-12-21 10:26:46.943root 11241100x8000000000000000350786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484043c0c8cbf4572021-12-21 10:26:46.943root 11241100x8000000000000000350787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533f4a03a838a1fa2021-12-21 10:26:47.443root 11241100x8000000000000000350788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62840f59f80a5eb2021-12-21 10:26:47.443root 11241100x8000000000000000350789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebdfa8f16aba91492021-12-21 10:26:47.443root 11241100x8000000000000000350790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a72a0e25204317f2021-12-21 10:26:47.443root 11241100x8000000000000000350791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec22ec6faa04efc2021-12-21 10:26:47.443root 11241100x8000000000000000350792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c048daefc0d4c32021-12-21 10:26:47.443root 11241100x8000000000000000350793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f140060c251f783d2021-12-21 10:26:47.443root 11241100x8000000000000000350794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf74897071a30ba2021-12-21 10:26:47.443root 11241100x8000000000000000350795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33984087eb33d02b2021-12-21 10:26:47.943root 11241100x8000000000000000350796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8dec2d6eb52d692021-12-21 10:26:47.943root 11241100x8000000000000000350797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1409bd1f22e386702021-12-21 10:26:47.943root 11241100x8000000000000000350798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c19ebb53a4388572021-12-21 10:26:47.943root 11241100x8000000000000000350799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b56daf647f2aa802021-12-21 10:26:47.943root 11241100x8000000000000000350800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd45f9e8296a18b2021-12-21 10:26:47.943root 11241100x8000000000000000350801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b56b7351887c662021-12-21 10:26:47.943root 11241100x8000000000000000350802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccc6f1ec1dc47b62021-12-21 10:26:47.943root 11241100x8000000000000000350803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d52bc2d6e17a9c32021-12-21 10:26:48.443root 11241100x8000000000000000350804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab17dc5fef1b29c2021-12-21 10:26:48.443root 11241100x8000000000000000350805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465582657cc8a01b2021-12-21 10:26:48.443root 11241100x8000000000000000350806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28dd2d35baf54db52021-12-21 10:26:48.443root 11241100x8000000000000000350807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06cfd3fa02f16f52021-12-21 10:26:48.443root 11241100x8000000000000000350808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e18c8bdf1e627e2021-12-21 10:26:48.443root 11241100x8000000000000000350809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112478fe013cc0d52021-12-21 10:26:48.443root 11241100x8000000000000000350810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8ae2e45850acdb2021-12-21 10:26:48.443root 11241100x8000000000000000350811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3388eb4d4ad68b72021-12-21 10:26:48.943root 11241100x8000000000000000350812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6beb264a1096a2b02021-12-21 10:26:48.943root 11241100x8000000000000000350813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de043defbb0c6412021-12-21 10:26:48.943root 11241100x8000000000000000350814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69ec1ece15917a62021-12-21 10:26:48.943root 11241100x8000000000000000350815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f934037517839c2021-12-21 10:26:48.943root 11241100x8000000000000000350816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d4775bc9ea7d7d2021-12-21 10:26:48.943root 11241100x8000000000000000350817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5d9363460acd452021-12-21 10:26:48.943root 11241100x8000000000000000350818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299aabd1d52d670e2021-12-21 10:26:48.943root 11241100x8000000000000000350819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c64f2837ab0c9e42021-12-21 10:26:49.443root 11241100x8000000000000000350820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3afe97ed6ec42dad2021-12-21 10:26:49.443root 11241100x8000000000000000350821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2dca0cc73f19b62021-12-21 10:26:49.443root 11241100x8000000000000000350822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07d52ba6d3dd44c92021-12-21 10:26:49.443root 11241100x8000000000000000350823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca36b6885e5676c2021-12-21 10:26:49.443root 11241100x8000000000000000350824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6d28094b1707c22021-12-21 10:26:49.443root 11241100x8000000000000000350825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c2d8c147bdb4442021-12-21 10:26:49.443root 11241100x8000000000000000350826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c23b93733a133762021-12-21 10:26:49.443root 11241100x8000000000000000350827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f3de96bcd393352021-12-21 10:26:49.943root 11241100x8000000000000000350828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c74c0c655f1c6c22021-12-21 10:26:49.943root 11241100x8000000000000000350829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221073e7239a8d992021-12-21 10:26:49.943root 11241100x8000000000000000350830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a41b283a86304b12021-12-21 10:26:49.943root 11241100x8000000000000000350831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539a5ce4e520f9d82021-12-21 10:26:49.943root 11241100x8000000000000000350832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75e81e55153217b2021-12-21 10:26:49.943root 11241100x8000000000000000350833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9197931d1790822021-12-21 10:26:49.943root 11241100x8000000000000000350834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba6fc6cd96715e72021-12-21 10:26:49.943root 354300x8000000000000000350835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:50.166{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47110-false10.0.1.12-8000- 11241100x8000000000000000350836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62f983782ab52292021-12-21 10:26:50.443root 11241100x8000000000000000350837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89647c63aba6e3712021-12-21 10:26:50.443root 11241100x8000000000000000350838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b257f994d031d75d2021-12-21 10:26:50.443root 11241100x8000000000000000350839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452cfdfa5dcae9e42021-12-21 10:26:50.443root 11241100x8000000000000000350840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64a4bb8c32b66642021-12-21 10:26:50.443root 11241100x8000000000000000350841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dff6611a3e85b512021-12-21 10:26:50.443root 11241100x8000000000000000350842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd667c7bf718a5cd2021-12-21 10:26:50.443root 11241100x8000000000000000350843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee024e5ff377ec62021-12-21 10:26:50.443root 11241100x8000000000000000350844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d904be9ba9f63be2021-12-21 10:26:50.443root 11241100x8000000000000000350845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a2ea4ae8ac6eb72021-12-21 10:26:50.943root 11241100x8000000000000000350846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4212b5517aca762021-12-21 10:26:50.943root 11241100x8000000000000000350847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bebb487437bd97d52021-12-21 10:26:50.943root 11241100x8000000000000000350848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01c0c654e9e02c42021-12-21 10:26:50.943root 11241100x8000000000000000350849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1dc9bfc2118bfc2021-12-21 10:26:50.943root 11241100x8000000000000000350850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff61e55a55cfc532021-12-21 10:26:50.943root 11241100x8000000000000000350851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078371f534d1eef82021-12-21 10:26:50.943root 11241100x8000000000000000350852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ad12b3d16955da2021-12-21 10:26:50.943root 11241100x8000000000000000350853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71b4d767b1283912021-12-21 10:26:50.943root 11241100x8000000000000000350854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692f1461ac8cbfcc2021-12-21 10:26:51.443root 11241100x8000000000000000350855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5ddb7ef4f372782021-12-21 10:26:51.443root 11241100x8000000000000000350856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f4b38899753f712021-12-21 10:26:51.443root 11241100x8000000000000000350857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71439e3eaba546ef2021-12-21 10:26:51.443root 11241100x8000000000000000350858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86865cb9324b889e2021-12-21 10:26:51.443root 11241100x8000000000000000350859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24983dde297a57f2021-12-21 10:26:51.443root 11241100x8000000000000000350860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd982c7a6b6bf842021-12-21 10:26:51.443root 11241100x8000000000000000350861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858a11a03d17abc12021-12-21 10:26:51.444root 11241100x8000000000000000350862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a933615d7e755c62021-12-21 10:26:51.444root 11241100x8000000000000000350863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef9ad219d2081c42021-12-21 10:26:51.943root 11241100x8000000000000000350864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a87e7c9d081d3ec2021-12-21 10:26:51.943root 11241100x8000000000000000350865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62514fdcdd18ece52021-12-21 10:26:51.943root 11241100x8000000000000000350866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af13b887337a75f92021-12-21 10:26:51.943root 11241100x8000000000000000350867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb991d0f4f06c3e2021-12-21 10:26:51.943root 11241100x8000000000000000350868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979ddb6aebd2fa6c2021-12-21 10:26:51.943root 11241100x8000000000000000350869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e551848e8deea9a2021-12-21 10:26:51.943root 11241100x8000000000000000350870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c41094239640e0f2021-12-21 10:26:51.944root 11241100x8000000000000000350871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcb13b4fc74b11f22021-12-21 10:26:51.944root 11241100x8000000000000000350872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e9c014d104992e2021-12-21 10:26:52.443root 11241100x8000000000000000350873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a4cfd6cd9709ea2021-12-21 10:26:52.443root 11241100x8000000000000000350874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad27185fb16d9bb2021-12-21 10:26:52.443root 11241100x8000000000000000350875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813d6d4f32eb675c2021-12-21 10:26:52.443root 11241100x8000000000000000350876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca1529a23e672d62021-12-21 10:26:52.443root 11241100x8000000000000000350877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c1655c173f880a2021-12-21 10:26:52.443root 11241100x8000000000000000350878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d8c3cad40a41cc2021-12-21 10:26:52.443root 11241100x8000000000000000350879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f5fa8cda697d022021-12-21 10:26:52.443root 11241100x8000000000000000350880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3917e5f99404e72021-12-21 10:26:52.443root 11241100x8000000000000000350881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c26b1c701be3042021-12-21 10:26:52.943root 11241100x8000000000000000350882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d583b598d2b2d952021-12-21 10:26:52.943root 11241100x8000000000000000350883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a9ce5e5034b1c72021-12-21 10:26:52.943root 11241100x8000000000000000350884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546b1910932660ec2021-12-21 10:26:52.943root 11241100x8000000000000000350885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e7f5721f4ab4c52021-12-21 10:26:52.943root 11241100x8000000000000000350886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69a6d813b2f882bd2021-12-21 10:26:52.943root 11241100x8000000000000000350887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa21e015ec9876d2021-12-21 10:26:52.944root 11241100x8000000000000000350888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d060302612e9e92021-12-21 10:26:52.944root 11241100x8000000000000000350889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe4f7d84d85e11852021-12-21 10:26:52.944root 11241100x8000000000000000350890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66333d6105c1f7862021-12-21 10:26:53.443root 11241100x8000000000000000350891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04adb49b2d704572021-12-21 10:26:53.443root 11241100x8000000000000000350892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbc864ddd8f039af2021-12-21 10:26:53.443root 11241100x8000000000000000350893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ad1a60067bb04a2021-12-21 10:26:53.443root 11241100x8000000000000000350894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ead59f21c37b5442021-12-21 10:26:53.443root 11241100x8000000000000000350895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be719a1b51736972021-12-21 10:26:53.443root 11241100x8000000000000000350896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1351d588c65bdd452021-12-21 10:26:53.443root 11241100x8000000000000000350897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d40261c0ffa5fb22021-12-21 10:26:53.443root 11241100x8000000000000000350898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feec447af1b4daed2021-12-21 10:26:53.443root 11241100x8000000000000000350899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54a962fda16e4752021-12-21 10:26:53.943root 11241100x8000000000000000350900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346475c743b576a32021-12-21 10:26:53.943root 11241100x8000000000000000350901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355a8d0a69c37e222021-12-21 10:26:53.943root 11241100x8000000000000000350902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30a788c1c9308d102021-12-21 10:26:53.943root 11241100x8000000000000000350903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a3e169ecfd987562021-12-21 10:26:53.943root 11241100x8000000000000000350904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20178075cc2d4a992021-12-21 10:26:53.944root 11241100x8000000000000000350905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa7513b83860dd52021-12-21 10:26:53.944root 11241100x8000000000000000350906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1a90b7cba07b572021-12-21 10:26:53.944root 11241100x8000000000000000350907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722c75506fb4b15f2021-12-21 10:26:53.944root 11241100x8000000000000000350908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ae6da2c2ac278f2021-12-21 10:26:54.443root 11241100x8000000000000000350909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040f90d7b92599d02021-12-21 10:26:54.443root 11241100x8000000000000000350910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a1c7d2e345c55d2021-12-21 10:26:54.443root 11241100x8000000000000000350911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8cbec1ba7cca9c2021-12-21 10:26:54.443root 11241100x8000000000000000350912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6703a818cf18fb6a2021-12-21 10:26:54.443root 11241100x8000000000000000350913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60527a909a18aebb2021-12-21 10:26:54.443root 11241100x8000000000000000350914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef9939819dde4662021-12-21 10:26:54.443root 11241100x8000000000000000350915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0509dc1d3897d4c2021-12-21 10:26:54.443root 11241100x8000000000000000350916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367292c9176ce6672021-12-21 10:26:54.443root 11241100x8000000000000000350917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a82e31a673b8da52021-12-21 10:26:54.943root 11241100x8000000000000000350918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3df0e631c9ded2e2021-12-21 10:26:54.943root 11241100x8000000000000000350919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ec816fc44d64852021-12-21 10:26:54.943root 11241100x8000000000000000350920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17b81e74aa44eef2021-12-21 10:26:54.943root 11241100x8000000000000000350921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac11295b00b7cbb2021-12-21 10:26:54.943root 11241100x8000000000000000350922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2eaa63fe9192c32021-12-21 10:26:54.943root 11241100x8000000000000000350923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003357249c3c48ce2021-12-21 10:26:54.943root 11241100x8000000000000000350924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ececb39073d18cc42021-12-21 10:26:54.943root 11241100x8000000000000000350925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef271bb25d1273f2021-12-21 10:26:54.944root 354300x8000000000000000350926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:55.188{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47112-false10.0.1.12-8000- 11241100x8000000000000000350927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18bcc5e047ce0072021-12-21 10:26:55.443root 11241100x8000000000000000350928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1955931df5af23a82021-12-21 10:26:55.443root 11241100x8000000000000000350929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1877192c70a3af72021-12-21 10:26:55.443root 11241100x8000000000000000350930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aee45e0843f0b222021-12-21 10:26:55.443root 11241100x8000000000000000350931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d73c848b6a1c822021-12-21 10:26:55.443root 11241100x8000000000000000350932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cbbb1e46701cb82021-12-21 10:26:55.443root 11241100x8000000000000000350933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e49cab8f10e8a612021-12-21 10:26:55.443root 11241100x8000000000000000350934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46ab9db7340946d2021-12-21 10:26:55.444root 11241100x8000000000000000350935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98d2331dfb8fcbf2021-12-21 10:26:55.444root 11241100x8000000000000000350936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93c0aec2993459d82021-12-21 10:26:55.444root 11241100x8000000000000000350937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c6f01ae2cf70cb2021-12-21 10:26:55.943root 11241100x8000000000000000350938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6c9346eca8d2c12021-12-21 10:26:55.943root 11241100x8000000000000000350939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78dab4d1cc0941bf2021-12-21 10:26:55.943root 11241100x8000000000000000350940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41820310ea390dc2021-12-21 10:26:55.943root 11241100x8000000000000000350941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e8b12000ca96f32021-12-21 10:26:55.943root 11241100x8000000000000000350942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4a3f71bc25021b2021-12-21 10:26:55.943root 11241100x8000000000000000350943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba241ab783a8f43a2021-12-21 10:26:55.943root 11241100x8000000000000000350944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f85546af00be1d2021-12-21 10:26:55.944root 11241100x8000000000000000350945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9df164eb56cdb682021-12-21 10:26:55.944root 11241100x8000000000000000350946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce04837032276a562021-12-21 10:26:55.944root 11241100x8000000000000000350947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e148ed1f13221e2f2021-12-21 10:26:56.443root 11241100x8000000000000000350948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d911d9f3814703d42021-12-21 10:26:56.443root 11241100x8000000000000000350949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8b52019573d02d2021-12-21 10:26:56.443root 11241100x8000000000000000350950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3b2ad0753121492021-12-21 10:26:56.443root 11241100x8000000000000000350951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5d549aa5ff0ef62021-12-21 10:26:56.443root 11241100x8000000000000000350952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb8e9e1567990332021-12-21 10:26:56.443root 11241100x8000000000000000350953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ef98ef2e2789da2021-12-21 10:26:56.443root 11241100x8000000000000000350954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45216dacd85b97c2021-12-21 10:26:56.443root 11241100x8000000000000000350955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161a44d14a7fed5c2021-12-21 10:26:56.443root 11241100x8000000000000000350956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a685880efcff09592021-12-21 10:26:56.443root 11241100x8000000000000000350957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9427bc060fc67b042021-12-21 10:26:56.943root 11241100x8000000000000000350958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8314877a54fffddb2021-12-21 10:26:56.943root 11241100x8000000000000000350959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1800c55aeb0e2aba2021-12-21 10:26:56.943root 11241100x8000000000000000350960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ec8ffa3bd719652021-12-21 10:26:56.943root 11241100x8000000000000000350961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962aaf8544878e662021-12-21 10:26:56.943root 11241100x8000000000000000350962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fcf99bf3edbe5a2021-12-21 10:26:56.943root 11241100x8000000000000000350963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82082481faa101e02021-12-21 10:26:56.943root 11241100x8000000000000000350964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc2f169794c107d2021-12-21 10:26:56.943root 11241100x8000000000000000350965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c0b1009c8ca5a82021-12-21 10:26:56.944root 11241100x8000000000000000350966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbff693393c73fd22021-12-21 10:26:56.944root 11241100x8000000000000000350967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d737d7454c4502c2021-12-21 10:26:57.443root 11241100x8000000000000000350968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d13c2f179431c82021-12-21 10:26:57.443root 11241100x8000000000000000350969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e239ec88b78fd8612021-12-21 10:26:57.443root 11241100x8000000000000000350970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42dd20af04a0f5bb2021-12-21 10:26:57.443root 11241100x8000000000000000350971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6417f982ed1b28632021-12-21 10:26:57.443root 11241100x8000000000000000350972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890425d43de0a7c62021-12-21 10:26:57.443root 11241100x8000000000000000350973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c371100827ad322021-12-21 10:26:57.443root 11241100x8000000000000000350974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6222a315f921f4b2021-12-21 10:26:57.443root 11241100x8000000000000000350975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7185c68e35855c3e2021-12-21 10:26:57.444root 11241100x8000000000000000350976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb9b4ceec8a5e5d2021-12-21 10:26:57.444root 11241100x8000000000000000350977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45444940ed7ce45d2021-12-21 10:26:57.943root 11241100x8000000000000000350978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ebaa5518be41ca2021-12-21 10:26:57.943root 11241100x8000000000000000350979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604c62f43ed3e39f2021-12-21 10:26:57.943root 11241100x8000000000000000350980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911a51d78c2f0cb02021-12-21 10:26:57.943root 11241100x8000000000000000350981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdfa75382ef089ac2021-12-21 10:26:57.943root 11241100x8000000000000000350982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5312446a83fb16d52021-12-21 10:26:57.943root 11241100x8000000000000000350983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff02121e0e8536542021-12-21 10:26:57.943root 11241100x8000000000000000350984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209cd1d0c8576c002021-12-21 10:26:57.944root 11241100x8000000000000000350985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f423fbcf30eb0852021-12-21 10:26:57.944root 11241100x8000000000000000350986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d4ffacd5dfba2ff2021-12-21 10:26:57.944root 11241100x8000000000000000350987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ec0cc23a8daf4052021-12-21 10:26:58.443root 11241100x8000000000000000350988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba62f493aec76f32021-12-21 10:26:58.443root 11241100x8000000000000000350989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394c45324076563c2021-12-21 10:26:58.443root 11241100x8000000000000000350990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3500afeb47faf5f2021-12-21 10:26:58.443root 11241100x8000000000000000350991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463cf68db155cc8f2021-12-21 10:26:58.443root 11241100x8000000000000000350992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94ff036664b25fd2021-12-21 10:26:58.443root 11241100x8000000000000000350993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a61c7d4eb1bd2a302021-12-21 10:26:58.443root 11241100x8000000000000000350994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcf5146e9b057322021-12-21 10:26:58.443root 11241100x8000000000000000350995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a51f4f18d038ab22021-12-21 10:26:58.444root 11241100x8000000000000000350996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85825eebf6f7be112021-12-21 10:26:58.444root 11241100x8000000000000000350997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d58df2d4b27b142021-12-21 10:26:58.943root 11241100x8000000000000000350998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3943640f098817d32021-12-21 10:26:58.943root 11241100x8000000000000000350999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e174eaddd8f8180f2021-12-21 10:26:58.943root 11241100x8000000000000000351000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34286d7e4062d782021-12-21 10:26:58.943root 11241100x8000000000000000351001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f743f5de2edae52021-12-21 10:26:58.943root 11241100x8000000000000000351002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a5ddd693c9bc612021-12-21 10:26:58.943root 11241100x8000000000000000351003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd9f3a7ae964b1df2021-12-21 10:26:58.943root 11241100x8000000000000000351004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96090be052814fac2021-12-21 10:26:58.943root 11241100x8000000000000000351005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7fbed86d5eef4a92021-12-21 10:26:58.944root 11241100x8000000000000000351006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b556fff8def5a88d2021-12-21 10:26:58.944root 11241100x8000000000000000351007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3010b901eec2cb132021-12-21 10:26:59.443root 11241100x8000000000000000351008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78fcb984d6b44cb2021-12-21 10:26:59.443root 11241100x8000000000000000351009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f13b346172f18432021-12-21 10:26:59.443root 11241100x8000000000000000351010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0c71d248623db82021-12-21 10:26:59.443root 11241100x8000000000000000351011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c5c73634ca012d2021-12-21 10:26:59.443root 11241100x8000000000000000351012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d4a7b0dbed5cfe2021-12-21 10:26:59.444root 11241100x8000000000000000351013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aca3f6c06d5ee132021-12-21 10:26:59.444root 11241100x8000000000000000351014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0a378a359c1e1c12021-12-21 10:26:59.444root 11241100x8000000000000000351015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eef7af8a044cd9c2021-12-21 10:26:59.444root 11241100x8000000000000000351016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f177901ef61dfba2021-12-21 10:26:59.444root 11241100x8000000000000000351017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d1ee05b3b1262d2021-12-21 10:26:59.943root 11241100x8000000000000000351018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265eb1670f32bdb32021-12-21 10:26:59.943root 11241100x8000000000000000351019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b5fe9429940bc282021-12-21 10:26:59.943root 11241100x8000000000000000351020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1582142c691c7562021-12-21 10:26:59.943root 11241100x8000000000000000351021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0f8eaf4dbc9193b2021-12-21 10:26:59.943root 11241100x8000000000000000351022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d541bd07a380afa02021-12-21 10:26:59.943root 11241100x8000000000000000351023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3493c41b54b2d42021-12-21 10:26:59.943root 11241100x8000000000000000351024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe863bafce751c02021-12-21 10:26:59.944root 11241100x8000000000000000351025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1953853f090eaa42021-12-21 10:26:59.944root 11241100x8000000000000000351026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:26:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4942fdf44e89f87a2021-12-21 10:26:59.944root 354300x8000000000000000351027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:00.209{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47114-false10.0.1.12-8000- 11241100x8000000000000000351028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:00.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6fab7e8a8965e22021-12-21 10:27:00.210root 11241100x8000000000000000351029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:00.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e54efa7c1632ac02021-12-21 10:27:00.211root 11241100x8000000000000000351030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:00.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a97ec0a96284b69b2021-12-21 10:27:00.211root 11241100x8000000000000000351031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:00.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960aa993bd1f73212021-12-21 10:27:00.211root 11241100x8000000000000000351032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:00.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b92023ce70d3e22021-12-21 10:27:00.211root 11241100x8000000000000000351033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:00.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c097e3ae0616cdb32021-12-21 10:27:00.211root 11241100x8000000000000000351034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:00.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0340e63b555bdf5d2021-12-21 10:27:00.211root 11241100x8000000000000000351035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:00.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a287d2467114bd12021-12-21 10:27:00.211root 11241100x8000000000000000351036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:00.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc71e70883596182021-12-21 10:27:00.211root 11241100x8000000000000000351037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:00.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dbcb921874a4add2021-12-21 10:27:00.212root 11241100x8000000000000000351038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:00.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff2caaadc9b7dd82021-12-21 10:27:00.212root 11241100x8000000000000000351039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa1d1f4f35789002021-12-21 10:27:00.693root 11241100x8000000000000000351040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ded7636bbbdb732021-12-21 10:27:00.693root 11241100x8000000000000000351041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942a030cfbf9beb52021-12-21 10:27:00.693root 11241100x8000000000000000351042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca501daa5325a2f2021-12-21 10:27:00.693root 11241100x8000000000000000351043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd0a244a9905d802021-12-21 10:27:00.693root 11241100x8000000000000000351044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7338ca58c6f1252021-12-21 10:27:00.693root 11241100x8000000000000000351045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5e39ee2885011f2021-12-21 10:27:00.693root 11241100x8000000000000000351046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1aa2344f8507ce2021-12-21 10:27:00.693root 11241100x8000000000000000351047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a8f2994b5dc8ced2021-12-21 10:27:00.693root 11241100x8000000000000000351048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6b7ad898bbf49e02021-12-21 10:27:00.694root 11241100x8000000000000000351049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f05dc703db5a1b82021-12-21 10:27:00.694root 11241100x8000000000000000351050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ed8f025499f96c2021-12-21 10:27:01.193root 11241100x8000000000000000351051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976777a4e999e6e92021-12-21 10:27:01.193root 11241100x8000000000000000351052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8b6c43133f06872021-12-21 10:27:01.193root 11241100x8000000000000000351053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b320a7334fd5d92021-12-21 10:27:01.193root 11241100x8000000000000000351054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130865e7f6256d522021-12-21 10:27:01.193root 11241100x8000000000000000351055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db57a3cb8f4452a2021-12-21 10:27:01.193root 11241100x8000000000000000351056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfdf7d942cf5078c2021-12-21 10:27:01.193root 11241100x8000000000000000351057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833e7c41c1a682492021-12-21 10:27:01.193root 11241100x8000000000000000351058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17051fa526f6d7b2021-12-21 10:27:01.193root 11241100x8000000000000000351059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec55c3423af83702021-12-21 10:27:01.194root 11241100x8000000000000000351060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0daa5305c0c414862021-12-21 10:27:01.194root 11241100x8000000000000000351061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ef16882817d74532021-12-21 10:27:01.693root 11241100x8000000000000000351062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98da7623b831ccb62021-12-21 10:27:01.693root 11241100x8000000000000000351063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc74b4bfe83fe0ba2021-12-21 10:27:01.693root 11241100x8000000000000000351064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63fc3c0e7a9e908c2021-12-21 10:27:01.693root 11241100x8000000000000000351065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd98de84a7142b262021-12-21 10:27:01.693root 11241100x8000000000000000351066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cdcaa72b93cd4fa2021-12-21 10:27:01.693root 11241100x8000000000000000351067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264fb07786b2c2452021-12-21 10:27:01.694root 11241100x8000000000000000351068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73aacd261c974c82021-12-21 10:27:01.694root 11241100x8000000000000000351069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d200346d1124722021-12-21 10:27:01.694root 11241100x8000000000000000351070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f5d3f1ec594b852021-12-21 10:27:01.694root 11241100x8000000000000000351071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac73bc9e2df7eb02021-12-21 10:27:01.694root 11241100x8000000000000000351072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73384caaef234ef92021-12-21 10:27:02.193root 11241100x8000000000000000351073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:02.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11e9a61d7d57aaa2021-12-21 10:27:02.193root 11241100x8000000000000000351074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d498c5385198e652021-12-21 10:27:02.194root 11241100x8000000000000000351075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7979babb88be233d2021-12-21 10:27:02.194root 11241100x8000000000000000351076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04f90c2ca18fa902021-12-21 10:27:02.194root 11241100x8000000000000000351077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:02.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97660ec6509cc3b2021-12-21 10:27:02.194root 11241100x8000000000000000351078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8918954363dd8ff12021-12-21 10:27:02.195root 11241100x8000000000000000351079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d73313416265ad2021-12-21 10:27:02.195root 11241100x8000000000000000351080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:02.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90d52ad92eba1bf2021-12-21 10:27:02.195root 11241100x8000000000000000351081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d226bf863e6a212021-12-21 10:27:02.196root 11241100x8000000000000000351082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:02.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d670c9ec4031fcc92021-12-21 10:27:02.196root 11241100x8000000000000000351083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da88a907a7e3a542021-12-21 10:27:02.693root 11241100x8000000000000000351084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e58b2ef0d09f412021-12-21 10:27:02.693root 11241100x8000000000000000351085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4dc3ee9d2928f82021-12-21 10:27:02.693root 11241100x8000000000000000351086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:02.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc88f25ae2cad4972021-12-21 10:27:02.693root 11241100x8000000000000000351087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b8dd58c3b309dc32021-12-21 10:27:02.694root 11241100x8000000000000000351088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e53d42e77e4680e2021-12-21 10:27:02.694root 11241100x8000000000000000351089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3918f37baa59f1752021-12-21 10:27:02.694root 11241100x8000000000000000351090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d2204cc6b40b112021-12-21 10:27:02.694root 11241100x8000000000000000351091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb3530163017fc62021-12-21 10:27:02.694root 11241100x8000000000000000351092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58b8e3222c79b662021-12-21 10:27:02.694root 11241100x8000000000000000351093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:02.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d7faa4f10437f12021-12-21 10:27:02.694root 11241100x8000000000000000351094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3fafeafb1f50be2021-12-21 10:27:03.193root 11241100x8000000000000000351095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0241ff76f166262021-12-21 10:27:03.193root 11241100x8000000000000000351096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96e5aad3cb2872862021-12-21 10:27:03.193root 11241100x8000000000000000351097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260501797a72f1922021-12-21 10:27:03.193root 11241100x8000000000000000351098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c182bcf2d92f3192021-12-21 10:27:03.193root 11241100x8000000000000000351099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:03.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad8bb8fe1af35fe2021-12-21 10:27:03.193root 11241100x8000000000000000351100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575380b75f3311fb2021-12-21 10:27:03.194root 11241100x8000000000000000351101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d86af7b11e2ed3b2021-12-21 10:27:03.194root 11241100x8000000000000000351102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d369c9f4676f342021-12-21 10:27:03.194root 11241100x8000000000000000351103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bace3a7b0b88162f2021-12-21 10:27:03.194root 11241100x8000000000000000351104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:03.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0790482bffe85f2021-12-21 10:27:03.194root 11241100x8000000000000000351105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15932cc3d44d37912021-12-21 10:27:03.693root 11241100x8000000000000000351106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d49bf746f71471732021-12-21 10:27:03.693root 11241100x8000000000000000351107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1df4837edb82e892021-12-21 10:27:03.693root 11241100x8000000000000000351108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9afe59200e2b412b2021-12-21 10:27:03.693root 11241100x8000000000000000351109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ddc5f38c541f3e2021-12-21 10:27:03.693root 11241100x8000000000000000351110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.decd572fd9ddfe122021-12-21 10:27:03.693root 11241100x8000000000000000351111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:03.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88c9145d11c34cc2021-12-21 10:27:03.693root 11241100x8000000000000000351112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a98c4e3f97e479a2021-12-21 10:27:03.694root 11241100x8000000000000000351113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed8f13e9733ac9a2021-12-21 10:27:03.694root 11241100x8000000000000000351114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f402b675453a43a2021-12-21 10:27:03.694root 11241100x8000000000000000351115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:03.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6b0d874874f79df2021-12-21 10:27:03.694root 11241100x8000000000000000351116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff478eabe65abb322021-12-21 10:27:04.193root 11241100x8000000000000000351117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af58aca6bf6521542021-12-21 10:27:04.193root 11241100x8000000000000000351118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e17205720dccfb52021-12-21 10:27:04.193root 11241100x8000000000000000351119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f77a28f5d4f3482021-12-21 10:27:04.193root 11241100x8000000000000000351120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ff03ecf6e99edbd2021-12-21 10:27:04.193root 11241100x8000000000000000351121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:04.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2691ffa2fc6fb1842021-12-21 10:27:04.193root 11241100x8000000000000000351122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9ac7a57476789d2021-12-21 10:27:04.194root 11241100x8000000000000000351123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e398d0357b30857e2021-12-21 10:27:04.194root 11241100x8000000000000000351124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf0d7e5587e814552021-12-21 10:27:04.194root 11241100x8000000000000000351125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf6883ed9f0cd712021-12-21 10:27:04.194root 11241100x8000000000000000351126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:04.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0574cfed1312502021-12-21 10:27:04.194root 11241100x8000000000000000351127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08093774ad915a42021-12-21 10:27:04.693root 11241100x8000000000000000351128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3044723c2715e5f02021-12-21 10:27:04.693root 11241100x8000000000000000351129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2313d48f54ea2d02021-12-21 10:27:04.693root 11241100x8000000000000000351130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241417f8f828bb582021-12-21 10:27:04.693root 11241100x8000000000000000351131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510b63210ec30f6d2021-12-21 10:27:04.693root 11241100x8000000000000000351132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41bb4668b201252a2021-12-21 10:27:04.693root 11241100x8000000000000000351133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b0174519c428772021-12-21 10:27:04.693root 11241100x8000000000000000351134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02a8d48aa510f432021-12-21 10:27:04.693root 11241100x8000000000000000351135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0a592e044d17f72021-12-21 10:27:04.693root 11241100x8000000000000000351136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:04.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6c5ea6e6f2c9242021-12-21 10:27:04.693root 11241100x8000000000000000351137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:04.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cf6ad877657ce42021-12-21 10:27:04.694root 11241100x8000000000000000351138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba81c28c521f0e152021-12-21 10:27:05.193root 11241100x8000000000000000351139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ad80b27dfc70402021-12-21 10:27:05.193root 11241100x8000000000000000351140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6834545a9f578a2021-12-21 10:27:05.193root 11241100x8000000000000000351141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296ee24db6a9b44f2021-12-21 10:27:05.193root 11241100x8000000000000000351142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34615434f74be6e92021-12-21 10:27:05.193root 11241100x8000000000000000351143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edee5b680830bc22021-12-21 10:27:05.193root 11241100x8000000000000000351144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719e6a1bedeff3332021-12-21 10:27:05.193root 11241100x8000000000000000351145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f175eb5079728e4b2021-12-21 10:27:05.193root 11241100x8000000000000000351146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:05.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc86b3116b074a52021-12-21 10:27:05.193root 11241100x8000000000000000351147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50083cfa571e0822021-12-21 10:27:05.194root 11241100x8000000000000000351148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:05.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e8161749efa2682021-12-21 10:27:05.194root 11241100x8000000000000000351149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10357201792d1892021-12-21 10:27:05.693root 11241100x8000000000000000351150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fba5d2610180a592021-12-21 10:27:05.693root 11241100x8000000000000000351151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c731059eafd95192021-12-21 10:27:05.693root 11241100x8000000000000000351152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbce4b119165a092021-12-21 10:27:05.693root 11241100x8000000000000000351153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf22cff001eaa182021-12-21 10:27:05.693root 11241100x8000000000000000351154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e0f0400d8b48e12021-12-21 10:27:05.693root 11241100x8000000000000000351155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5c56d18bc8457a2021-12-21 10:27:05.693root 11241100x8000000000000000351156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574058fb271d5cec2021-12-21 10:27:05.693root 11241100x8000000000000000351157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:05.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072aa0d96afad1302021-12-21 10:27:05.693root 11241100x8000000000000000351158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2d341c69ec5de22021-12-21 10:27:05.694root 11241100x8000000000000000351159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:05.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d66aa665fcf63d2021-12-21 10:27:05.694root 354300x8000000000000000351160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.096{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47116-false10.0.1.12-8000- 11241100x8000000000000000351161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae356e56e4b20142021-12-21 10:27:06.097root 11241100x8000000000000000351162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5c5c59015dc3b82021-12-21 10:27:06.097root 11241100x8000000000000000351163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5aa4b2fcece25c2021-12-21 10:27:06.097root 11241100x8000000000000000351164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7110f828eadd069b2021-12-21 10:27:06.097root 11241100x8000000000000000351165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e11ff8cd6962c192021-12-21 10:27:06.097root 11241100x8000000000000000351166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2dbcecea0fd86102021-12-21 10:27:06.098root 11241100x8000000000000000351167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b786f4c944f0e18e2021-12-21 10:27:06.098root 11241100x8000000000000000351168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c027965cdd268d2021-12-21 10:27:06.098root 11241100x8000000000000000351169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac067e1f6092ea9f2021-12-21 10:27:06.098root 11241100x8000000000000000351170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16df4f4f4f16409b2021-12-21 10:27:06.098root 11241100x8000000000000000351171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5211f11c23289302021-12-21 10:27:06.098root 11241100x8000000000000000351172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.098{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4041c77f714c5432021-12-21 10:27:06.098root 11241100x8000000000000000351173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.348{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:27:06.348root 11241100x8000000000000000351174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa4994c07a1b4192021-12-21 10:27:06.349root 11241100x8000000000000000351175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f654b70e82f5613e2021-12-21 10:27:06.349root 11241100x8000000000000000351176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fd5690be3e19af2021-12-21 10:27:06.349root 11241100x8000000000000000351177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f40b82e80bdc8a2021-12-21 10:27:06.349root 11241100x8000000000000000351178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc8ad89d8abd9a62021-12-21 10:27:06.350root 11241100x8000000000000000351179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bc1aabefcb308f92021-12-21 10:27:06.350root 11241100x8000000000000000351180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0665949fc43d0ad2021-12-21 10:27:06.350root 11241100x8000000000000000351181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1b0b9f09ecb6c0d2021-12-21 10:27:06.350root 11241100x8000000000000000351182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fa6e71642b050a2021-12-21 10:27:06.350root 11241100x8000000000000000351183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43b0a8a7c570cd782021-12-21 10:27:06.350root 11241100x8000000000000000351184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc5ad6c654989f42021-12-21 10:27:06.350root 11241100x8000000000000000351185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37483037bf1483652021-12-21 10:27:06.350root 11241100x8000000000000000351186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f5204cad7ba84b2021-12-21 10:27:06.351root 11241100x8000000000000000351187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e38b4d911eba30b2021-12-21 10:27:06.693root 11241100x8000000000000000351188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7bae64504ed69d2021-12-21 10:27:06.693root 11241100x8000000000000000351189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8a7eecbc5a971d2021-12-21 10:27:06.693root 11241100x8000000000000000351190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeecf0f937defb742021-12-21 10:27:06.694root 11241100x8000000000000000351191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d0c5e5d5f2a3032021-12-21 10:27:06.694root 11241100x8000000000000000351192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd754bea3e6d7302021-12-21 10:27:06.694root 11241100x8000000000000000351193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa1a43a1072e5052021-12-21 10:27:06.694root 11241100x8000000000000000351194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952c7787bf60adca2021-12-21 10:27:06.695root 11241100x8000000000000000351195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71cd7fcf1859f21e2021-12-21 10:27:06.695root 11241100x8000000000000000351196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533353fce138c1442021-12-21 10:27:06.695root 11241100x8000000000000000351197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0100de70cb8fbc2021-12-21 10:27:06.695root 11241100x8000000000000000351198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557d532f7f3cfe4b2021-12-21 10:27:06.695root 11241100x8000000000000000351199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d86b3b2273dc5f2021-12-21 10:27:06.695root 11241100x8000000000000000351200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37430e7db38fab412021-12-21 10:27:07.193root 11241100x8000000000000000351201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125cc0fa7f4377ee2021-12-21 10:27:07.193root 11241100x8000000000000000351202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59b0c1fedc38ed62021-12-21 10:27:07.193root 11241100x8000000000000000351203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a1471173e38b242021-12-21 10:27:07.193root 11241100x8000000000000000351204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ecf5e44d4c04e72021-12-21 10:27:07.193root 11241100x8000000000000000351205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0404904c740fa7a92021-12-21 10:27:07.194root 11241100x8000000000000000351206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f83bb7cfce62caa92021-12-21 10:27:07.194root 11241100x8000000000000000351207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eecd74cbc34bfa802021-12-21 10:27:07.194root 11241100x8000000000000000351208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24bc0d9b30ef90c82021-12-21 10:27:07.194root 11241100x8000000000000000351209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87166f3833c29fc82021-12-21 10:27:07.194root 11241100x8000000000000000351210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9feae7b1edd7a35d2021-12-21 10:27:07.194root 11241100x8000000000000000351211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e08869a3b4117292021-12-21 10:27:07.194root 11241100x8000000000000000351212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84291b74dce274c92021-12-21 10:27:07.194root 11241100x8000000000000000351213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5edbcd63feeb682021-12-21 10:27:07.693root 11241100x8000000000000000351214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9eecfaffdad5cf12021-12-21 10:27:07.693root 11241100x8000000000000000351215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377824bd8565ba7a2021-12-21 10:27:07.693root 11241100x8000000000000000351216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03301cbcd29bce2f2021-12-21 10:27:07.693root 11241100x8000000000000000351217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f50c1cf624658402021-12-21 10:27:07.693root 11241100x8000000000000000351218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d94244612aae0162021-12-21 10:27:07.693root 11241100x8000000000000000351219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3bccba870f10772021-12-21 10:27:07.694root 11241100x8000000000000000351220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae22622e7685a2312021-12-21 10:27:07.694root 11241100x8000000000000000351221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28671efa0e54c88d2021-12-21 10:27:07.694root 11241100x8000000000000000351222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cfd5e6fa341526a2021-12-21 10:27:07.694root 11241100x8000000000000000351223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e49f1c2c2ba2ea12021-12-21 10:27:07.694root 11241100x8000000000000000351224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742b02826cd876ea2021-12-21 10:27:07.694root 11241100x8000000000000000351225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8323e4f82384a7ef2021-12-21 10:27:07.694root 11241100x8000000000000000351226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d227fb237489e5e32021-12-21 10:27:08.193root 11241100x8000000000000000351227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.554495c0851ea9602021-12-21 10:27:08.193root 11241100x8000000000000000351228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd2aadee70d9bd92021-12-21 10:27:08.193root 11241100x8000000000000000351229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63765bb3cba1aa612021-12-21 10:27:08.194root 11241100x8000000000000000351230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a815d1f3469d7c442021-12-21 10:27:08.194root 11241100x8000000000000000351231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9624443edca4d76f2021-12-21 10:27:08.194root 11241100x8000000000000000351232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2a256593c9f1212021-12-21 10:27:08.194root 11241100x8000000000000000351233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797b78e9cd0d4c9c2021-12-21 10:27:08.194root 11241100x8000000000000000351234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce99993e54fe7d82021-12-21 10:27:08.194root 11241100x8000000000000000351235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b93df57b82358882021-12-21 10:27:08.194root 11241100x8000000000000000351236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e676bc4d683fd9372021-12-21 10:27:08.194root 11241100x8000000000000000351237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b224c0e2dc52702021-12-21 10:27:08.194root 11241100x8000000000000000351238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e8b62b3054aae02021-12-21 10:27:08.194root 11241100x8000000000000000351239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bedcfd932c702cd42021-12-21 10:27:08.693root 11241100x8000000000000000351240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c78441d9cdb5ad2021-12-21 10:27:08.693root 11241100x8000000000000000351241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b0fb7f75b35d032021-12-21 10:27:08.693root 11241100x8000000000000000351242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cda65a7987c860312021-12-21 10:27:08.693root 11241100x8000000000000000351243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6451c0c137bf976c2021-12-21 10:27:08.693root 11241100x8000000000000000351244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05c37b95361f9fd2021-12-21 10:27:08.693root 11241100x8000000000000000351245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26093fc2b187d2fc2021-12-21 10:27:08.694root 11241100x8000000000000000351246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d904df53812caef2021-12-21 10:27:08.694root 11241100x8000000000000000351247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeaff9b3768de5a02021-12-21 10:27:08.694root 11241100x8000000000000000351248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ce267526b2456f2021-12-21 10:27:08.694root 11241100x8000000000000000351249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2163300e17074192021-12-21 10:27:08.694root 11241100x8000000000000000351250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb382f19097b86262021-12-21 10:27:08.694root 11241100x8000000000000000351251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c0660715208eb92021-12-21 10:27:08.694root 11241100x8000000000000000351252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:09.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3fe89f83ab9a4d2021-12-21 10:27:09.192root 11241100x8000000000000000351253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78be63df11b8be032021-12-21 10:27:09.193root 11241100x8000000000000000351254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1cd7b05caf0c8612021-12-21 10:27:09.193root 11241100x8000000000000000351255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4260779cc747340c2021-12-21 10:27:09.195root 11241100x8000000000000000351256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506deb63b96b74bb2021-12-21 10:27:09.195root 11241100x8000000000000000351257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a14e8cf2cf98d192021-12-21 10:27:09.195root 11241100x8000000000000000351258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66814168a0d56da32021-12-21 10:27:09.195root 11241100x8000000000000000351259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3959b85e40a00d752021-12-21 10:27:09.196root 11241100x8000000000000000351260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23d5a4b2add03c32021-12-21 10:27:09.196root 11241100x8000000000000000351261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54eeedf68d9e0f212021-12-21 10:27:09.196root 11241100x8000000000000000351262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b9716ccbfab3532021-12-21 10:27:09.196root 11241100x8000000000000000351263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd11eb84006355f2021-12-21 10:27:09.196root 11241100x8000000000000000351264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890da7ac47b9c5d22021-12-21 10:27:09.196root 534500x8000000000000000351265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:09.196{ec2b6afe-9233-61c1-c81a-006eee550000}454/lib/systemd/systemd-journaldroot 534500x8000000000000000351266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:09.266{ec2b6afe-9233-61c1-c81a-006eee550000}454/lib/systemd/systemd-journaldroot 23542300x8000000000000000351267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:09.349{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000351268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e741f15a7497ca2021-12-21 10:27:09.693root 11241100x8000000000000000351269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e6ec791e38c7c442021-12-21 10:27:09.693root 11241100x8000000000000000351270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.074cab2c8d721b812021-12-21 10:27:09.693root 11241100x8000000000000000351271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9862dd704fc40dfd2021-12-21 10:27:09.693root 11241100x8000000000000000351272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8aefa07a2c138322021-12-21 10:27:09.693root 11241100x8000000000000000351273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35fe088b4bb024292021-12-21 10:27:09.693root 11241100x8000000000000000351274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4cefde64b5c76712021-12-21 10:27:09.693root 11241100x8000000000000000351275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82149f879b2d32292021-12-21 10:27:09.694root 11241100x8000000000000000351276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32083232f4e0328c2021-12-21 10:27:09.694root 11241100x8000000000000000351277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af9cc25c2ecfad72021-12-21 10:27:09.694root 11241100x8000000000000000351278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78e938b230961962021-12-21 10:27:09.694root 11241100x8000000000000000351279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0240068f8c669b2021-12-21 10:27:09.694root 11241100x8000000000000000351280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02651a7edf6d1a332021-12-21 10:27:09.694root 11241100x8000000000000000351281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b59d1f41248ab92021-12-21 10:27:09.694root 11241100x8000000000000000351282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5367eb7d435425152021-12-21 10:27:09.694root 11241100x8000000000000000351283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12577bde6cf6e6d02021-12-21 10:27:09.694root 11241100x8000000000000000351284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8c7cb68fec86ca2021-12-21 10:27:10.193root 11241100x8000000000000000351285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f382bbcea422be5b2021-12-21 10:27:10.193root 11241100x8000000000000000351286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dff7559f244bf212021-12-21 10:27:10.193root 11241100x8000000000000000351287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526469d2b7dddb662021-12-21 10:27:10.193root 11241100x8000000000000000351288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca8d0505b79beda2021-12-21 10:27:10.194root 11241100x8000000000000000351289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a43e06bcdc64ed32021-12-21 10:27:10.194root 11241100x8000000000000000351290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d6d05bbc9199bc2021-12-21 10:27:10.194root 11241100x8000000000000000351291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4408c9334544d812021-12-21 10:27:10.194root 11241100x8000000000000000351292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edeff93f6f6926c62021-12-21 10:27:10.194root 11241100x8000000000000000351293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f151be0a176ccd972021-12-21 10:27:10.194root 11241100x8000000000000000351294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3ef870919c3a162021-12-21 10:27:10.194root 11241100x8000000000000000351295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2507bcf368dc44ec2021-12-21 10:27:10.194root 11241100x8000000000000000351296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84a4221796ff5752021-12-21 10:27:10.194root 11241100x8000000000000000351297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d877c17078f2c0b2021-12-21 10:27:10.194root 11241100x8000000000000000351298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3adec2a8333b272021-12-21 10:27:10.194root 11241100x8000000000000000351299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f818e1eb94cf7d242021-12-21 10:27:10.194root 11241100x8000000000000000351300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e868a94dde5abd32021-12-21 10:27:10.693root 11241100x8000000000000000351301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d3c899ccd6d8bb2021-12-21 10:27:10.693root 11241100x8000000000000000351302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac932b67bbdbe0e2021-12-21 10:27:10.693root 11241100x8000000000000000351303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062c6257ddd3e2962021-12-21 10:27:10.693root 11241100x8000000000000000351304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b89dd3386e9239c2021-12-21 10:27:10.693root 11241100x8000000000000000351305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced180b31d72fa042021-12-21 10:27:10.693root 11241100x8000000000000000351306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d62c8efd9800752021-12-21 10:27:10.693root 11241100x8000000000000000351307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be978f9e4807ae42021-12-21 10:27:10.694root 11241100x8000000000000000351308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db4d9db08811b6d2021-12-21 10:27:10.694root 11241100x8000000000000000351309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522e9bb00219d00c2021-12-21 10:27:10.694root 11241100x8000000000000000351310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf74ed2d7a481212021-12-21 10:27:10.694root 11241100x8000000000000000351311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c341708691244ba2021-12-21 10:27:10.694root 11241100x8000000000000000351312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadcdc2fbee21c902021-12-21 10:27:10.694root 11241100x8000000000000000351313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b680433eec35de8d2021-12-21 10:27:10.694root 11241100x8000000000000000351314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee4fad72b2d6d372021-12-21 10:27:10.694root 11241100x8000000000000000351315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dea93c761e8f1642021-12-21 10:27:10.695root 354300x8000000000000000351316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.181{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47118-false10.0.1.12-8000- 11241100x8000000000000000351317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.182{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228301ed2e8963952021-12-21 10:27:11.182root 11241100x8000000000000000351318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.182{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d38f2d6eb2a7092021-12-21 10:27:11.182root 11241100x8000000000000000351319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.182{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d9a2363fad80822021-12-21 10:27:11.182root 11241100x8000000000000000351320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.182{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d315bfd88b066aa2021-12-21 10:27:11.182root 11241100x8000000000000000351321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9cc093744e47312021-12-21 10:27:11.183root 11241100x8000000000000000351322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9acdecabba3e2e952021-12-21 10:27:11.183root 11241100x8000000000000000351323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84e9251deb501c52021-12-21 10:27:11.183root 11241100x8000000000000000351324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1348936f1a47f32021-12-21 10:27:11.183root 11241100x8000000000000000351325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85deeae3a3d8d5372021-12-21 10:27:11.183root 11241100x8000000000000000351326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8242530f10055d2021-12-21 10:27:11.183root 11241100x8000000000000000351327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d4f1ad2199673f2021-12-21 10:27:11.183root 11241100x8000000000000000351328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc98977dcd1290ac2021-12-21 10:27:11.183root 11241100x8000000000000000351329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b45a2c5fa2f6d82021-12-21 10:27:11.183root 11241100x8000000000000000351330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31dcbf7f8fbd85c2021-12-21 10:27:11.183root 11241100x8000000000000000351331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc650c708a3fae02021-12-21 10:27:11.184root 11241100x8000000000000000351332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5002abd4b708f5a32021-12-21 10:27:11.184root 11241100x8000000000000000351333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b82f820559d7f702021-12-21 10:27:11.184root 11241100x8000000000000000351334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcaebb9b9935c97d2021-12-21 10:27:11.184root 11241100x8000000000000000351335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099adc712eecce402021-12-21 10:27:11.443root 11241100x8000000000000000351336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7686cea751e851ea2021-12-21 10:27:11.443root 11241100x8000000000000000351337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61eb173d48cc5ae72021-12-21 10:27:11.444root 11241100x8000000000000000351338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120c442174fb5f132021-12-21 10:27:11.444root 11241100x8000000000000000351339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c9624633b566fd2021-12-21 10:27:11.444root 11241100x8000000000000000351340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1044c34863213d262021-12-21 10:27:11.444root 11241100x8000000000000000351341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79296eec90f8dc732021-12-21 10:27:11.444root 11241100x8000000000000000351342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845a8dad8c030c782021-12-21 10:27:11.444root 11241100x8000000000000000351343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c847109f08b6182021-12-21 10:27:11.444root 11241100x8000000000000000351344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b138d5b329db9182021-12-21 10:27:11.444root 11241100x8000000000000000351345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0e3ec30369083662021-12-21 10:27:11.445root 11241100x8000000000000000351346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea166a345d519fb82021-12-21 10:27:11.445root 11241100x8000000000000000351347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dc500cba5f0efb82021-12-21 10:27:11.445root 11241100x8000000000000000351348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78366c31fcca05ca2021-12-21 10:27:11.445root 11241100x8000000000000000351349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9981102de9e07abc2021-12-21 10:27:11.445root 11241100x8000000000000000351350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb431296c8177b152021-12-21 10:27:11.445root 11241100x8000000000000000351351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f622b236a7ce0562021-12-21 10:27:11.445root 11241100x8000000000000000351352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1f1d26e0916dc52021-12-21 10:27:11.943root 11241100x8000000000000000351353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd38ff798f31f54e2021-12-21 10:27:11.943root 11241100x8000000000000000351354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3584ab87da747d52021-12-21 10:27:11.943root 11241100x8000000000000000351355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced4d7ab56e096202021-12-21 10:27:11.943root 11241100x8000000000000000351356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25228e5d31b0bdd2021-12-21 10:27:11.944root 11241100x8000000000000000351357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7cd929c26bd93d2021-12-21 10:27:11.944root 11241100x8000000000000000351358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb032e00b9543ef2021-12-21 10:27:11.944root 11241100x8000000000000000351359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2503daa6c1e76ba2021-12-21 10:27:11.944root 11241100x8000000000000000351360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700622c9868ffc702021-12-21 10:27:11.944root 11241100x8000000000000000351361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8428a000f7a4b562021-12-21 10:27:11.944root 11241100x8000000000000000351362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc3b829409fd6192021-12-21 10:27:11.944root 11241100x8000000000000000351363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.badba6387852cc6a2021-12-21 10:27:11.944root 11241100x8000000000000000351364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163798ea461a07f42021-12-21 10:27:11.944root 11241100x8000000000000000351365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055cd6705fa105fc2021-12-21 10:27:11.944root 11241100x8000000000000000351366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ead8b8876477fd2021-12-21 10:27:11.944root 11241100x8000000000000000351367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31297c5bc8711c92021-12-21 10:27:11.944root 11241100x8000000000000000351368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004c9f20a39ad21d2021-12-21 10:27:11.944root 11241100x8000000000000000351369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4213896e5d52df2021-12-21 10:27:12.443root 11241100x8000000000000000351370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d39d2694f0e79a2021-12-21 10:27:12.444root 11241100x8000000000000000351371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f38736df07df482021-12-21 10:27:12.444root 11241100x8000000000000000351372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b854fd33cc7e2192021-12-21 10:27:12.444root 11241100x8000000000000000351373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f17a85457d68eb342021-12-21 10:27:12.444root 11241100x8000000000000000351374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f1d9f3b9b4162a2021-12-21 10:27:12.444root 11241100x8000000000000000351375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8897ac21915f732021-12-21 10:27:12.444root 11241100x8000000000000000351376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425884777507ebdc2021-12-21 10:27:12.444root 11241100x8000000000000000351377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d11c5435a6b4d42021-12-21 10:27:12.444root 11241100x8000000000000000351378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6141f138e880aec2021-12-21 10:27:12.444root 11241100x8000000000000000351379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f50f3d882ca6e472021-12-21 10:27:12.445root 11241100x8000000000000000351380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d03be51f85f517582021-12-21 10:27:12.445root 11241100x8000000000000000351381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3280a38473dbd54f2021-12-21 10:27:12.445root 11241100x8000000000000000351382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe24d1db9adf6392021-12-21 10:27:12.445root 11241100x8000000000000000351383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09bcd16c9823c2c02021-12-21 10:27:12.445root 11241100x8000000000000000351384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb0d106884705a92021-12-21 10:27:12.445root 11241100x8000000000000000351385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ad0e6c794b3b072021-12-21 10:27:12.445root 11241100x8000000000000000351386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f837677d109d99412021-12-21 10:27:12.943root 11241100x8000000000000000351387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37c78e6b587ab252021-12-21 10:27:12.943root 11241100x8000000000000000351388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf6585057b880d92021-12-21 10:27:12.943root 11241100x8000000000000000351389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9763bd23733552d72021-12-21 10:27:12.943root 11241100x8000000000000000351390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f02fc9cc59b3e62021-12-21 10:27:12.943root 11241100x8000000000000000351391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3d71c2f71ed2572021-12-21 10:27:12.944root 11241100x8000000000000000351392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10d42f28e7b4e9e2021-12-21 10:27:12.944root 11241100x8000000000000000351393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c7b05c8f87887842021-12-21 10:27:12.944root 11241100x8000000000000000351394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3cc83b129081502021-12-21 10:27:12.944root 11241100x8000000000000000351395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa0ccbeef5554662021-12-21 10:27:12.944root 11241100x8000000000000000351396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859dbf9c1e75448c2021-12-21 10:27:12.944root 11241100x8000000000000000351397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371e1ddc5dccb4e02021-12-21 10:27:12.944root 11241100x8000000000000000351398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9df4af52701a9a42021-12-21 10:27:12.944root 11241100x8000000000000000351399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b434e4e0cf22b6502021-12-21 10:27:12.944root 11241100x8000000000000000351400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ed00039ce8178ec2021-12-21 10:27:12.944root 11241100x8000000000000000351401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b387522fc864737f2021-12-21 10:27:12.944root 11241100x8000000000000000351402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d494395b4292bce62021-12-21 10:27:12.944root 11241100x8000000000000000351403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446fce0fef7cc31e2021-12-21 10:27:13.443root 11241100x8000000000000000351404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e07fe4e0d7a4512021-12-21 10:27:13.443root 11241100x8000000000000000351405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2b1862f47536eb2021-12-21 10:27:13.444root 11241100x8000000000000000351406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cde1a4f8fbd88eb2021-12-21 10:27:13.444root 11241100x8000000000000000351407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60cbe41d43a1c952021-12-21 10:27:13.444root 11241100x8000000000000000351408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd313f30c4a13252021-12-21 10:27:13.444root 11241100x8000000000000000351409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a5e19186e93e4a2021-12-21 10:27:13.444root 11241100x8000000000000000351410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35027d527536b4e2021-12-21 10:27:13.444root 11241100x8000000000000000351411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212b149f244dc08d2021-12-21 10:27:13.445root 11241100x8000000000000000351412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02dee87d82675e8a2021-12-21 10:27:13.445root 11241100x8000000000000000351413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ddd5375285e638c2021-12-21 10:27:13.445root 11241100x8000000000000000351414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ce40a2d7025bf22021-12-21 10:27:13.445root 11241100x8000000000000000351415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c581ac2cdd79c12021-12-21 10:27:13.445root 11241100x8000000000000000351416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e0f58400bd1f742021-12-21 10:27:13.445root 11241100x8000000000000000351417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04aa1fbe17786e202021-12-21 10:27:13.446root 11241100x8000000000000000351418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c3e6f46299f3bc2021-12-21 10:27:13.446root 11241100x8000000000000000351419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ecf4975664c4102021-12-21 10:27:13.446root 11241100x8000000000000000351420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5bf32ce892ed8ee2021-12-21 10:27:13.943root 11241100x8000000000000000351421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9bef6160839af332021-12-21 10:27:13.943root 11241100x8000000000000000351422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39f3f1dfd5ae3602021-12-21 10:27:13.943root 11241100x8000000000000000351423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeda44a910cb96e52021-12-21 10:27:13.944root 11241100x8000000000000000351424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42f800d2dc03ae92021-12-21 10:27:13.944root 11241100x8000000000000000351425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05a76ba4baa57652021-12-21 10:27:13.944root 11241100x8000000000000000351426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9509f022df1ffe222021-12-21 10:27:13.944root 11241100x8000000000000000351427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f714822c1a6078942021-12-21 10:27:13.944root 11241100x8000000000000000351428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1299ee850a3f5a92021-12-21 10:27:13.944root 11241100x8000000000000000351429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2746d64f5a5ecac2021-12-21 10:27:13.944root 11241100x8000000000000000351430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a263079128e8aaa2021-12-21 10:27:13.944root 11241100x8000000000000000351431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bca5dafdb48a6b2021-12-21 10:27:13.944root 11241100x8000000000000000351432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31db4b6f33891f642021-12-21 10:27:13.945root 11241100x8000000000000000351433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623b42acb8403eb02021-12-21 10:27:13.945root 11241100x8000000000000000351434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38a4c81b3f5f6782021-12-21 10:27:13.945root 11241100x8000000000000000351435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124a646251bcb0aa2021-12-21 10:27:13.945root 11241100x8000000000000000351436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d70833400429fa2021-12-21 10:27:13.945root 11241100x8000000000000000351437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20df6075cbbe9f682021-12-21 10:27:14.443root 11241100x8000000000000000351438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3161f2dfa2f6699a2021-12-21 10:27:14.443root 11241100x8000000000000000351439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e473f81b51fd4f52021-12-21 10:27:14.443root 11241100x8000000000000000351440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbf700f5b9a32a02021-12-21 10:27:14.443root 11241100x8000000000000000351441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fdb809e769547b32021-12-21 10:27:14.444root 11241100x8000000000000000351442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3cbf5014ed5ea202021-12-21 10:27:14.444root 11241100x8000000000000000351443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8539aae917653e2021-12-21 10:27:14.444root 11241100x8000000000000000351444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d6b789d0717bec2021-12-21 10:27:14.444root 11241100x8000000000000000351445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebedc8b6f7e72652021-12-21 10:27:14.444root 11241100x8000000000000000351446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1873a653e3c869e2021-12-21 10:27:14.444root 11241100x8000000000000000351447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c20f1b49f9b70a12021-12-21 10:27:14.444root 11241100x8000000000000000351448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1dca2e5b31b1ed2021-12-21 10:27:14.445root 11241100x8000000000000000351449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8566e41b078fa2a12021-12-21 10:27:14.445root 11241100x8000000000000000351450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f5d30c342b3a432021-12-21 10:27:14.445root 11241100x8000000000000000351451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74505a0d9da9e7bd2021-12-21 10:27:14.445root 11241100x8000000000000000351452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537d9bd51adcbae72021-12-21 10:27:14.445root 11241100x8000000000000000351453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29522ab6089efddf2021-12-21 10:27:14.445root 11241100x8000000000000000351454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678cf397d80de2952021-12-21 10:27:14.943root 11241100x8000000000000000351455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b8dc61ad5f07272021-12-21 10:27:14.943root 11241100x8000000000000000351456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f7fd9197e24a1e2021-12-21 10:27:14.943root 11241100x8000000000000000351457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7563558d75a96c6f2021-12-21 10:27:14.943root 11241100x8000000000000000351458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79a7de113843d9c2021-12-21 10:27:14.944root 11241100x8000000000000000351459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceda89e0fc17642d2021-12-21 10:27:14.944root 11241100x8000000000000000351460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a977e1fd8ed4252021-12-21 10:27:14.944root 11241100x8000000000000000351461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd97dff2367f7ec52021-12-21 10:27:14.944root 11241100x8000000000000000351462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0827c2602b2a81f2021-12-21 10:27:14.944root 11241100x8000000000000000351463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926c59097c5c6ae92021-12-21 10:27:14.945root 11241100x8000000000000000351464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5944dd9342067b2021-12-21 10:27:14.945root 11241100x8000000000000000351465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace6080d9b38a1bf2021-12-21 10:27:14.945root 11241100x8000000000000000351466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092e6f181497288b2021-12-21 10:27:14.945root 11241100x8000000000000000351467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f69e219e5ebe9f2021-12-21 10:27:14.945root 11241100x8000000000000000351468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46bf30df0742952d2021-12-21 10:27:14.945root 11241100x8000000000000000351469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989d5d4e320607dd2021-12-21 10:27:14.945root 11241100x8000000000000000351470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f491eae95d3dc2e2021-12-21 10:27:14.945root 11241100x8000000000000000351471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11bb4010eb6a0562021-12-21 10:27:15.443root 11241100x8000000000000000351472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f029b8988098bd2021-12-21 10:27:15.443root 11241100x8000000000000000351473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9613ba60f7bb362021-12-21 10:27:15.443root 11241100x8000000000000000351474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289944bcdf0ab8412021-12-21 10:27:15.443root 11241100x8000000000000000351475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5485c6c5ac843e8c2021-12-21 10:27:15.444root 11241100x8000000000000000351476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ad5c51f19d30f72021-12-21 10:27:15.444root 11241100x8000000000000000351477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6382723ab5e9f9142021-12-21 10:27:15.444root 11241100x8000000000000000351478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03da58dd2203069c2021-12-21 10:27:15.444root 11241100x8000000000000000351479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e48d177f26147a82021-12-21 10:27:15.444root 11241100x8000000000000000351480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8ec77c42bea6c32021-12-21 10:27:15.444root 11241100x8000000000000000351481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098ab9c493175d672021-12-21 10:27:15.444root 11241100x8000000000000000351482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6370b0b5131f09b2021-12-21 10:27:15.444root 11241100x8000000000000000351483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91490861550fa4fb2021-12-21 10:27:15.444root 11241100x8000000000000000351484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69c4c85ea38acde2021-12-21 10:27:15.444root 11241100x8000000000000000351485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ae54dc3fff300b2021-12-21 10:27:15.444root 11241100x8000000000000000351486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf936784e9cbe5e2021-12-21 10:27:15.445root 11241100x8000000000000000351487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638979161e49f9322021-12-21 10:27:15.445root 11241100x8000000000000000351488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007458115c8ac6402021-12-21 10:27:15.943root 11241100x8000000000000000351489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f312787cb4c9ca2021-12-21 10:27:15.943root 11241100x8000000000000000351490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f864f82ea07586092021-12-21 10:27:15.943root 11241100x8000000000000000351491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6a00e528ec01022021-12-21 10:27:15.943root 11241100x8000000000000000351492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7074352ac2bb148e2021-12-21 10:27:15.943root 11241100x8000000000000000351493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10018175f6d363e2021-12-21 10:27:15.943root 11241100x8000000000000000351494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b17108a5740539b2021-12-21 10:27:15.944root 11241100x8000000000000000351495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16f0066532b14cb2021-12-21 10:27:15.944root 11241100x8000000000000000351496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d9278ca9cc92f12021-12-21 10:27:15.944root 11241100x8000000000000000351497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.881138e266e1bc102021-12-21 10:27:15.944root 11241100x8000000000000000351498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2550f6a60dd4f4fa2021-12-21 10:27:15.944root 11241100x8000000000000000351499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f104f3e82bdfb6232021-12-21 10:27:15.944root 11241100x8000000000000000351500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.256bb71296800ef62021-12-21 10:27:15.944root 11241100x8000000000000000351501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fe466f23d7e72c2021-12-21 10:27:15.944root 11241100x8000000000000000351502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93f312584c8c1d0e2021-12-21 10:27:15.945root 11241100x8000000000000000351503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c188ab7b62a785452021-12-21 10:27:15.945root 11241100x8000000000000000351504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf3a04543fb47952021-12-21 10:27:15.945root 154100x8000000000000000351505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.077{ec2b6afe-ac04-61c1-6854-95c979550000}5698/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x8000000000000000351506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.088{ec2b6afe-ac04-61c1-6854-95c979550000}5698/bin/psroot 11241100x8000000000000000351507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771d24566340de162021-12-21 10:27:16.443root 11241100x8000000000000000351508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c250673c5c14fdab2021-12-21 10:27:16.443root 11241100x8000000000000000351509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff1cef3c0b33ab12021-12-21 10:27:16.443root 11241100x8000000000000000351510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ddae18214bb3ac2021-12-21 10:27:16.443root 11241100x8000000000000000351511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239d2260be597b122021-12-21 10:27:16.444root 11241100x8000000000000000351512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1909e7ea62f95dea2021-12-21 10:27:16.444root 11241100x8000000000000000351513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dab7ecb3abe7d792021-12-21 10:27:16.444root 11241100x8000000000000000351514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3d6304d67a77712021-12-21 10:27:16.444root 11241100x8000000000000000351515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8786d1bfb6889c2021-12-21 10:27:16.444root 11241100x8000000000000000351516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84a5c7cff04b97d2021-12-21 10:27:16.444root 11241100x8000000000000000351517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddd184d4a6bcd9a2021-12-21 10:27:16.444root 11241100x8000000000000000351518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b324230548887cfd2021-12-21 10:27:16.444root 11241100x8000000000000000351519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd5b9060cb7c09b22021-12-21 10:27:16.444root 11241100x8000000000000000351520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5167c593248cdb2021-12-21 10:27:16.444root 11241100x8000000000000000351521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cbd173be6bec3c92021-12-21 10:27:16.444root 11241100x8000000000000000351522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb624cd598694272021-12-21 10:27:16.444root 11241100x8000000000000000351523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4241c6b26e813fa12021-12-21 10:27:16.444root 11241100x8000000000000000351524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e1aaab431e11fd2021-12-21 10:27:16.444root 11241100x8000000000000000351525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8cc05b4142baf82021-12-21 10:27:16.444root 11241100x8000000000000000351526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee146de0bd48a752021-12-21 10:27:16.943root 11241100x8000000000000000351527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4b46aec9aedefe2021-12-21 10:27:16.943root 11241100x8000000000000000351528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad38fa928c03b482021-12-21 10:27:16.943root 11241100x8000000000000000351529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70517fb26f5902172021-12-21 10:27:16.943root 11241100x8000000000000000351530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9911e1dac9af016a2021-12-21 10:27:16.944root 11241100x8000000000000000351531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2708e00ec6551d4e2021-12-21 10:27:16.944root 11241100x8000000000000000351532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cbb17c370ab76b62021-12-21 10:27:16.944root 11241100x8000000000000000351533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fbff62c44fc79aa2021-12-21 10:27:16.944root 11241100x8000000000000000351534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62022c7623b7ea32021-12-21 10:27:16.944root 11241100x8000000000000000351535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83ccbd5febce5532021-12-21 10:27:16.944root 11241100x8000000000000000351536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a16f8fe662839be2021-12-21 10:27:16.944root 11241100x8000000000000000351537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d68ab77985e687f2021-12-21 10:27:16.944root 11241100x8000000000000000351538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7da59f1f9f3a2f92021-12-21 10:27:16.944root 11241100x8000000000000000351539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc94cfe44f7000342021-12-21 10:27:16.944root 11241100x8000000000000000351540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b15c32a6f390f3c2021-12-21 10:27:16.944root 11241100x8000000000000000351541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa5cebe3bb7bcf22021-12-21 10:27:16.944root 11241100x8000000000000000351542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27157c8cd1cc8afb2021-12-21 10:27:16.944root 11241100x8000000000000000351543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1474bdf2d3565cc02021-12-21 10:27:16.944root 11241100x8000000000000000351544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2a1626f840be572021-12-21 10:27:16.944root 354300x8000000000000000351545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.142{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47120-false10.0.1.12-8000- 11241100x8000000000000000351546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0643af77425b12362021-12-21 10:27:17.443root 11241100x8000000000000000351547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50072459a91f2e252021-12-21 10:27:17.443root 11241100x8000000000000000351548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16bcc591d7840dcb2021-12-21 10:27:17.443root 11241100x8000000000000000351549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc560d1a54eecc692021-12-21 10:27:17.443root 11241100x8000000000000000351550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4441b61af33ab8352021-12-21 10:27:17.443root 11241100x8000000000000000351551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f59075a25016c66a2021-12-21 10:27:17.444root 11241100x8000000000000000351552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed739a47e917fcfc2021-12-21 10:27:17.444root 11241100x8000000000000000351553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd42fa8c23bff01f2021-12-21 10:27:17.444root 11241100x8000000000000000351554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2457833a61bbfb392021-12-21 10:27:17.444root 11241100x8000000000000000351555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68798143e90e22152021-12-21 10:27:17.444root 11241100x8000000000000000351556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95ac88f869821fe2021-12-21 10:27:17.444root 11241100x8000000000000000351557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6acc44a01c3e51e82021-12-21 10:27:17.444root 11241100x8000000000000000351558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdb98fd575412c22021-12-21 10:27:17.444root 11241100x8000000000000000351559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871b6d7be8e7dda92021-12-21 10:27:17.444root 11241100x8000000000000000351560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe6421d2de235532021-12-21 10:27:17.444root 11241100x8000000000000000351561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f5c949e0a2c1212021-12-21 10:27:17.444root 11241100x8000000000000000351562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370af565a6e0b5f52021-12-21 10:27:17.444root 11241100x8000000000000000351563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d4468352020a672021-12-21 10:27:17.444root 11241100x8000000000000000351564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fa13f8787ab2622021-12-21 10:27:17.444root 11241100x8000000000000000351565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8895a4948219e5ba2021-12-21 10:27:17.444root 11241100x8000000000000000351566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf6e354742d38802021-12-21 10:27:17.943root 11241100x8000000000000000351567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8c449c7577a3422021-12-21 10:27:17.943root 11241100x8000000000000000351568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f688ec74c605ef92021-12-21 10:27:17.943root 11241100x8000000000000000351569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c0fa8e617440e12021-12-21 10:27:17.943root 11241100x8000000000000000351570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f677bb621424e52021-12-21 10:27:17.944root 11241100x8000000000000000351571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf473b155ec341752021-12-21 10:27:17.944root 11241100x8000000000000000351572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc48802f849bf542021-12-21 10:27:17.944root 11241100x8000000000000000351573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0f62480c5033612021-12-21 10:27:17.944root 11241100x8000000000000000351574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8c0385aba9738b2021-12-21 10:27:17.944root 11241100x8000000000000000351575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2e1deecca9d6652021-12-21 10:27:17.944root 11241100x8000000000000000351576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c52f7a001ad69872021-12-21 10:27:17.944root 11241100x8000000000000000351577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2fbf73a3bb00c7a2021-12-21 10:27:17.944root 11241100x8000000000000000351578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9770687825147d942021-12-21 10:27:17.944root 11241100x8000000000000000351579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.359aaa6375e6ae7a2021-12-21 10:27:17.944root 11241100x8000000000000000351580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a800b46fa98d5cea2021-12-21 10:27:17.944root 11241100x8000000000000000351581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b7e613e43a92e02021-12-21 10:27:17.944root 11241100x8000000000000000351582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99485b48d5e559ef2021-12-21 10:27:17.944root 11241100x8000000000000000351583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5a6ed7b79dbba42021-12-21 10:27:17.944root 11241100x8000000000000000351584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e20e48627562932021-12-21 10:27:17.944root 11241100x8000000000000000351585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d81c135dfffebf2021-12-21 10:27:17.945root 11241100x8000000000000000351586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e220505a40d87efd2021-12-21 10:27:18.443root 11241100x8000000000000000351587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a37d3856e08e5ba2021-12-21 10:27:18.443root 11241100x8000000000000000351588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff7c6353dbca46f2021-12-21 10:27:18.443root 11241100x8000000000000000351589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6884133d24fa80d42021-12-21 10:27:18.443root 11241100x8000000000000000351590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7dccaba621998f2021-12-21 10:27:18.444root 11241100x8000000000000000351591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d3a08b80abd45e2021-12-21 10:27:18.444root 11241100x8000000000000000351592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0935a267dd40b12021-12-21 10:27:18.444root 11241100x8000000000000000351593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd80a05094417ca2021-12-21 10:27:18.444root 11241100x8000000000000000351594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c722b1305a7540e2021-12-21 10:27:18.444root 11241100x8000000000000000351595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd531236884a5612021-12-21 10:27:18.444root 11241100x8000000000000000351596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0b2b27fd7642c02021-12-21 10:27:18.444root 11241100x8000000000000000351597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b00a0cb1f472a152021-12-21 10:27:18.444root 11241100x8000000000000000351598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cd4446e467fb6202021-12-21 10:27:18.444root 11241100x8000000000000000351599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7fa75ee800e05a02021-12-21 10:27:18.444root 11241100x8000000000000000351600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787893f8c36c32742021-12-21 10:27:18.444root 11241100x8000000000000000351601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb48b15eeebf8b3b2021-12-21 10:27:18.444root 11241100x8000000000000000351602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34825d4d0253ce6a2021-12-21 10:27:18.444root 11241100x8000000000000000351603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bf8fcaf2dee5da2021-12-21 10:27:18.444root 11241100x8000000000000000351604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8013ce2a48046e5c2021-12-21 10:27:18.444root 11241100x8000000000000000351605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89265c13e728585c2021-12-21 10:27:18.444root 11241100x8000000000000000351606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db78bdd3da4ce462021-12-21 10:27:18.943root 11241100x8000000000000000351607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a286dced3704432021-12-21 10:27:18.944root 11241100x8000000000000000351608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8611438f529d527b2021-12-21 10:27:18.944root 11241100x8000000000000000351609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71bf3e219bba95b42021-12-21 10:27:18.944root 11241100x8000000000000000351610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f953f1737760f3bb2021-12-21 10:27:18.944root 11241100x8000000000000000351611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323fd5973d12926c2021-12-21 10:27:18.944root 11241100x8000000000000000351612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5abb512f0cbf67e2021-12-21 10:27:18.944root 11241100x8000000000000000351613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5969b96576ae2242021-12-21 10:27:18.944root 11241100x8000000000000000351614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c79c26158837faa2021-12-21 10:27:18.944root 11241100x8000000000000000351615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9912a9a4c8d735182021-12-21 10:27:18.944root 11241100x8000000000000000351616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0394ad359ac7287a2021-12-21 10:27:18.944root 11241100x8000000000000000351617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b883c18182f1ac32021-12-21 10:27:18.944root 11241100x8000000000000000351618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70245a336b310f3b2021-12-21 10:27:18.944root 11241100x8000000000000000351619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.804d482a5fc69b992021-12-21 10:27:18.944root 11241100x8000000000000000351620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.506b5dadab1265512021-12-21 10:27:18.944root 11241100x8000000000000000351621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a74de29130461262021-12-21 10:27:18.945root 11241100x8000000000000000351622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df16ec2c9d420ea52021-12-21 10:27:18.945root 11241100x8000000000000000351623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb6df330393b1642021-12-21 10:27:18.945root 11241100x8000000000000000351624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.559490c7bc95f8a82021-12-21 10:27:18.945root 11241100x8000000000000000351625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd30c878cbde780f2021-12-21 10:27:18.945root 11241100x8000000000000000351626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e76fd97d2ef0842021-12-21 10:27:19.443root 11241100x8000000000000000351627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b53338b7089fa072021-12-21 10:27:19.443root 11241100x8000000000000000351628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8faf6abb31c27932021-12-21 10:27:19.443root 11241100x8000000000000000351629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfd2db708f922fb2021-12-21 10:27:19.443root 11241100x8000000000000000351630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4810e1a7fd5b7302021-12-21 10:27:19.444root 11241100x8000000000000000351631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2da21d4d085fb382021-12-21 10:27:19.444root 11241100x8000000000000000351632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d5f005b7d819f72021-12-21 10:27:19.444root 11241100x8000000000000000351633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51ac9aa0b6108f32021-12-21 10:27:19.444root 11241100x8000000000000000351634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f6a4ec2a7142982021-12-21 10:27:19.444root 11241100x8000000000000000351635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13582f3a501daf872021-12-21 10:27:19.444root 11241100x8000000000000000351636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c8543436ab0bdb02021-12-21 10:27:19.444root 11241100x8000000000000000351637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c7599d90b7285c2021-12-21 10:27:19.444root 11241100x8000000000000000351638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7735d09633a12ccc2021-12-21 10:27:19.444root 11241100x8000000000000000351639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8a70409db378eb2021-12-21 10:27:19.444root 11241100x8000000000000000351640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5133b802c5c5cb22021-12-21 10:27:19.444root 11241100x8000000000000000351641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff908e674e497452021-12-21 10:27:19.444root 11241100x8000000000000000351642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149001ffc72904992021-12-21 10:27:19.444root 11241100x8000000000000000351643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cbf194567ee8e5e2021-12-21 10:27:19.444root 11241100x8000000000000000351644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf030884c8e34432021-12-21 10:27:19.444root 11241100x8000000000000000351645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1af309ae6c4fa82021-12-21 10:27:19.444root 11241100x8000000000000000351646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ec014e4d84da742021-12-21 10:27:19.943root 11241100x8000000000000000351647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ea4e75b3555c362021-12-21 10:27:19.943root 11241100x8000000000000000351648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb492dece2fac4192021-12-21 10:27:19.943root 11241100x8000000000000000351649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4200409028a484db2021-12-21 10:27:19.943root 11241100x8000000000000000351650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc2abfbe62a4ce1d2021-12-21 10:27:19.943root 11241100x8000000000000000351651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f566606e99ebda2021-12-21 10:27:19.944root 11241100x8000000000000000351652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1deb5e840e0a7a2021-12-21 10:27:19.944root 11241100x8000000000000000351653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612f7ff6c027d7612021-12-21 10:27:19.944root 11241100x8000000000000000351654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f57ea554d8daf1542021-12-21 10:27:19.944root 11241100x8000000000000000351655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55dba185d2e66ee2021-12-21 10:27:19.944root 11241100x8000000000000000351656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.005ee64bd94308d12021-12-21 10:27:19.944root 11241100x8000000000000000351657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14425a6cacde19e2021-12-21 10:27:19.944root 11241100x8000000000000000351658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f9163f00dbb2662021-12-21 10:27:19.944root 11241100x8000000000000000351659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad6a8fc5e0f74362021-12-21 10:27:19.944root 11241100x8000000000000000351660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564d7b33c2bd4d3c2021-12-21 10:27:19.945root 11241100x8000000000000000351661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9b2121cc1dcf5b2021-12-21 10:27:19.945root 11241100x8000000000000000351662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bedfa5dea6dd2c72021-12-21 10:27:19.945root 11241100x8000000000000000351663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293d3d4a2c8334822021-12-21 10:27:19.945root 11241100x8000000000000000351664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1097f3bf01b02c652021-12-21 10:27:19.945root 11241100x8000000000000000351665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b41a868933190e2021-12-21 10:27:19.946root 11241100x8000000000000000351666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ed7684ecce78952021-12-21 10:27:20.443root 11241100x8000000000000000351667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a000a2677f84ba2021-12-21 10:27:20.443root 11241100x8000000000000000351668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e03dc9cbf3dd45f2021-12-21 10:27:20.443root 11241100x8000000000000000351669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd6c8d9403b7f78e2021-12-21 10:27:20.443root 11241100x8000000000000000351670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf34031a12235fd2021-12-21 10:27:20.444root 11241100x8000000000000000351671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264edae0385db6ca2021-12-21 10:27:20.444root 11241100x8000000000000000351672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ceefbb0f728f052021-12-21 10:27:20.444root 11241100x8000000000000000351673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cacce4d494a7dc12021-12-21 10:27:20.444root 11241100x8000000000000000351674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1edf0158f44b7f322021-12-21 10:27:20.444root 11241100x8000000000000000351675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2d99d6c51ef7162021-12-21 10:27:20.444root 11241100x8000000000000000351676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1e3f4196bb8cf82021-12-21 10:27:20.444root 11241100x8000000000000000351677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8505ed969be47fd2021-12-21 10:27:20.444root 11241100x8000000000000000351678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d0915cfddd51cde2021-12-21 10:27:20.444root 11241100x8000000000000000351679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92374856b7de4662021-12-21 10:27:20.444root 11241100x8000000000000000351680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9deeb3f9d168715a2021-12-21 10:27:20.445root 11241100x8000000000000000351681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4be9211e5f4a2862021-12-21 10:27:20.445root 11241100x8000000000000000351682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb8721759441c4402021-12-21 10:27:20.445root 11241100x8000000000000000351683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408c560c788a88862021-12-21 10:27:20.445root 11241100x8000000000000000351684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95680ea66e8a54b22021-12-21 10:27:20.445root 11241100x8000000000000000351685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1841156cabf71ffe2021-12-21 10:27:20.445root 11241100x8000000000000000351686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b5bb560ca6deba2021-12-21 10:27:20.943root 11241100x8000000000000000351687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f8d3c807191dd22021-12-21 10:27:20.943root 11241100x8000000000000000351688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edebca1eef7794512021-12-21 10:27:20.943root 11241100x8000000000000000351689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7bd13523582c2c2021-12-21 10:27:20.943root 11241100x8000000000000000351690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075079f21e4d51a92021-12-21 10:27:20.943root 11241100x8000000000000000351691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddbfbb21e9c089e2021-12-21 10:27:20.944root 11241100x8000000000000000351692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47d078f36d626ad42021-12-21 10:27:20.944root 11241100x8000000000000000351693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109105694e14eb202021-12-21 10:27:20.944root 11241100x8000000000000000351694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50cc5999b5f55072021-12-21 10:27:20.944root 11241100x8000000000000000351695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b259ef7d766ba1b2021-12-21 10:27:20.944root 11241100x8000000000000000351696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c18a8bd8a21f5ff2021-12-21 10:27:20.944root 11241100x8000000000000000351697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23cf1d39d8046bae2021-12-21 10:27:20.944root 11241100x8000000000000000351698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eea7d62c7ebb1732021-12-21 10:27:20.944root 11241100x8000000000000000351699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d5b0c64a8faaa092021-12-21 10:27:20.944root 11241100x8000000000000000351700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0b757e33b9b9bb2021-12-21 10:27:20.944root 11241100x8000000000000000351701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bee072e0ae7a17e62021-12-21 10:27:20.944root 11241100x8000000000000000351702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2440b5327ab0371a2021-12-21 10:27:20.944root 11241100x8000000000000000351703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d10a6e6079dd802021-12-21 10:27:20.944root 11241100x8000000000000000351704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c726a376f06113a52021-12-21 10:27:20.945root 11241100x8000000000000000351705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214cdba29362814a2021-12-21 10:27:20.945root 11241100x8000000000000000351706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3efdaccf3c06502021-12-21 10:27:21.444root 11241100x8000000000000000351707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2615af302ddfe7d52021-12-21 10:27:21.444root 11241100x8000000000000000351708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c19ee148684dfe2021-12-21 10:27:21.445root 11241100x8000000000000000351709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37dcced62144b12b2021-12-21 10:27:21.446root 11241100x8000000000000000351710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f87be52d94a110e2021-12-21 10:27:21.446root 11241100x8000000000000000351711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69c989822ced6002021-12-21 10:27:21.446root 11241100x8000000000000000351712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81354bd85b4a304d2021-12-21 10:27:21.446root 11241100x8000000000000000351713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0da1c985e078cf2021-12-21 10:27:21.446root 11241100x8000000000000000351714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a090dbe9856a2052021-12-21 10:27:21.446root 11241100x8000000000000000351715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331c68353fa6dd0e2021-12-21 10:27:21.446root 11241100x8000000000000000351716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fd8e971731a5792021-12-21 10:27:21.446root 11241100x8000000000000000351717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0881920a6a82d4e2021-12-21 10:27:21.447root 11241100x8000000000000000351718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff45673cd1b34302021-12-21 10:27:21.447root 11241100x8000000000000000351719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9b53cad9991e452021-12-21 10:27:21.447root 11241100x8000000000000000351720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52154bb3e258f3fb2021-12-21 10:27:21.447root 11241100x8000000000000000351721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c780bbb96737f2c42021-12-21 10:27:21.447root 11241100x8000000000000000351722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac3e20b213e86dc2021-12-21 10:27:21.447root 11241100x8000000000000000351723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aecaa8443bbac90d2021-12-21 10:27:21.447root 11241100x8000000000000000351724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b71920a6bcb4ea72021-12-21 10:27:21.447root 11241100x8000000000000000351725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c1a9537deb0c582021-12-21 10:27:21.447root 11241100x8000000000000000351726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f578f12c4f124612021-12-21 10:27:21.943root 11241100x8000000000000000351727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d677e39c8c3157b62021-12-21 10:27:21.943root 11241100x8000000000000000351728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d039db46038e86d72021-12-21 10:27:21.943root 11241100x8000000000000000351729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00067a8119e9a5b52021-12-21 10:27:21.943root 11241100x8000000000000000351730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b740a39e0fc1fcb2021-12-21 10:27:21.944root 11241100x8000000000000000351731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb48910fa98ca222021-12-21 10:27:21.944root 11241100x8000000000000000351732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c649959e8971362021-12-21 10:27:21.944root 11241100x8000000000000000351733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfbc7e276949f102021-12-21 10:27:21.944root 11241100x8000000000000000351734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a76f3a636b7a032021-12-21 10:27:21.944root 11241100x8000000000000000351735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7044133737968c62021-12-21 10:27:21.944root 11241100x8000000000000000351736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc9cda77cfd9dbf2021-12-21 10:27:21.944root 11241100x8000000000000000351737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8684c2f67ff90fe62021-12-21 10:27:21.944root 11241100x8000000000000000351738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d6464b5f9161fb2021-12-21 10:27:21.944root 11241100x8000000000000000351739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7ffa310b3152cb2021-12-21 10:27:21.944root 11241100x8000000000000000351740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d01e498bdf7cf012021-12-21 10:27:21.944root 11241100x8000000000000000351741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d56562ea44c110a2021-12-21 10:27:21.944root 11241100x8000000000000000351742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc78c80db01635862021-12-21 10:27:21.944root 11241100x8000000000000000351743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e61296a6268f8852021-12-21 10:27:21.944root 11241100x8000000000000000351744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6118c0f10bd482ee2021-12-21 10:27:21.945root 11241100x8000000000000000351745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970ce1d225caffdd2021-12-21 10:27:21.945root 11241100x8000000000000000351746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031281e03023adb32021-12-21 10:27:22.443root 11241100x8000000000000000351747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f61595f523b7dc12021-12-21 10:27:22.443root 11241100x8000000000000000351748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ea29fca6cc9cb72021-12-21 10:27:22.444root 11241100x8000000000000000351749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e783c61f72d4a82021-12-21 10:27:22.444root 11241100x8000000000000000351750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4397c91cf04a1b2021-12-21 10:27:22.444root 11241100x8000000000000000351751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3eef98b8d9458742021-12-21 10:27:22.444root 11241100x8000000000000000351752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39283e80472c4b402021-12-21 10:27:22.444root 11241100x8000000000000000351753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb7fc663fbea1622021-12-21 10:27:22.445root 11241100x8000000000000000351754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.359a3784b3862ba72021-12-21 10:27:22.445root 11241100x8000000000000000351755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a135e47fe197945a2021-12-21 10:27:22.445root 11241100x8000000000000000351756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d663a843348392412021-12-21 10:27:22.445root 11241100x8000000000000000351757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd53e2ba7c22d0692021-12-21 10:27:22.445root 11241100x8000000000000000351758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e735821f9b6d8ce2021-12-21 10:27:22.445root 11241100x8000000000000000351759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6441e9f449ed5d72021-12-21 10:27:22.446root 11241100x8000000000000000351760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cebabdb2824e572021-12-21 10:27:22.446root 11241100x8000000000000000351761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265111da08249e042021-12-21 10:27:22.446root 11241100x8000000000000000351762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a066966754d8b8782021-12-21 10:27:22.446root 11241100x8000000000000000351763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0985ea4d1f21d9a2021-12-21 10:27:22.446root 11241100x8000000000000000351764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12be065cff546eae2021-12-21 10:27:22.447root 11241100x8000000000000000351765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6e82eea3e2cd512021-12-21 10:27:22.447root 11241100x8000000000000000351766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c001bc5650609ed32021-12-21 10:27:22.943root 11241100x8000000000000000351767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7f669cfaeaa0f62021-12-21 10:27:22.943root 11241100x8000000000000000351768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934677411c06edba2021-12-21 10:27:22.943root 11241100x8000000000000000351769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d026a43bacd7292021-12-21 10:27:22.944root 11241100x8000000000000000351770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bcb5239627a55092021-12-21 10:27:22.944root 11241100x8000000000000000351771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d681dc36b6668d2021-12-21 10:27:22.944root 11241100x8000000000000000351772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058a8e3da5c34c3a2021-12-21 10:27:22.944root 11241100x8000000000000000351773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d79c26dc4b99b3c2021-12-21 10:27:22.944root 11241100x8000000000000000351774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8564fc13fc3692dd2021-12-21 10:27:22.944root 11241100x8000000000000000351775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0e324e29e570742021-12-21 10:27:22.944root 11241100x8000000000000000351776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d1c95da7b365082021-12-21 10:27:22.944root 11241100x8000000000000000351777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21916574c6b89822021-12-21 10:27:22.944root 11241100x8000000000000000351778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af397f8062a8b2af2021-12-21 10:27:22.944root 11241100x8000000000000000351779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ac8a1835e818942021-12-21 10:27:22.944root 11241100x8000000000000000351780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3e9c4d74ef85612021-12-21 10:27:22.944root 11241100x8000000000000000351781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e64e966fa6b2f5d2021-12-21 10:27:22.944root 11241100x8000000000000000351782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3af25ae5abe96e92021-12-21 10:27:22.944root 11241100x8000000000000000351783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0fedcc9e1e2d2df2021-12-21 10:27:22.944root 11241100x8000000000000000351784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfaf61f565a519cb2021-12-21 10:27:22.944root 11241100x8000000000000000351785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b88d531bececf22021-12-21 10:27:22.945root 354300x8000000000000000351786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.043{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47122-false10.0.1.12-8000- 11241100x8000000000000000351787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4291489b276317282021-12-21 10:27:23.443root 11241100x8000000000000000351788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68a832985145b1222021-12-21 10:27:23.443root 11241100x8000000000000000351789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08462d45b2e56b682021-12-21 10:27:23.443root 11241100x8000000000000000351790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b6c5d5dc6b1a922021-12-21 10:27:23.443root 11241100x8000000000000000351791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec3c0beef5e4cc62021-12-21 10:27:23.444root 11241100x8000000000000000351792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9437c6c0dbe392362021-12-21 10:27:23.444root 11241100x8000000000000000351793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9da1a4dec4ab502021-12-21 10:27:23.444root 11241100x8000000000000000351794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ecd5a2f04c87e12021-12-21 10:27:23.444root 11241100x8000000000000000351795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b58b038f5ded0032021-12-21 10:27:23.444root 11241100x8000000000000000351796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4f9573eb14c035c2021-12-21 10:27:23.444root 11241100x8000000000000000351797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e30f78918977c92021-12-21 10:27:23.444root 11241100x8000000000000000351798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62bcc50a0c936cec2021-12-21 10:27:23.444root 11241100x8000000000000000351799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19d7dba8ea185ce2021-12-21 10:27:23.444root 11241100x8000000000000000351800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa213bdd26239ff2021-12-21 10:27:23.444root 11241100x8000000000000000351801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faba0c11e3ac26362021-12-21 10:27:23.444root 11241100x8000000000000000351802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d5ea84797aa06e2021-12-21 10:27:23.444root 11241100x8000000000000000351803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6621314bd266dd2021-12-21 10:27:23.444root 11241100x8000000000000000351804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d435e0bbb854ebbf2021-12-21 10:27:23.444root 11241100x8000000000000000351805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0460b212cce288972021-12-21 10:27:23.444root 11241100x8000000000000000351806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9eede2857285612021-12-21 10:27:23.444root 11241100x8000000000000000351807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec567fcfb2d15b52021-12-21 10:27:23.445root 11241100x8000000000000000351808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc5d5f66ccee90d2021-12-21 10:27:23.943root 11241100x8000000000000000351809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d296b089e9a3212021-12-21 10:27:23.943root 11241100x8000000000000000351810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d200ed51d17398fc2021-12-21 10:27:23.943root 11241100x8000000000000000351811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade5b917b858c6782021-12-21 10:27:23.943root 11241100x8000000000000000351812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05411e4f2cedafd2021-12-21 10:27:23.944root 11241100x8000000000000000351813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b26ca973eabf90c2021-12-21 10:27:23.944root 11241100x8000000000000000351814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b58d88fe99f67f2021-12-21 10:27:23.944root 11241100x8000000000000000351815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f07abddf23d151f32021-12-21 10:27:23.944root 11241100x8000000000000000351816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fe0d7f54526b602021-12-21 10:27:23.944root 11241100x8000000000000000351817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ecdfc73315f2e82021-12-21 10:27:23.944root 11241100x8000000000000000351818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa49d20735537172021-12-21 10:27:23.944root 11241100x8000000000000000351819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37dac1e1c6156deb2021-12-21 10:27:23.944root 11241100x8000000000000000351820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0badc5e7c8e4ab2021-12-21 10:27:23.944root 11241100x8000000000000000351821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11977dbcee8ad2e82021-12-21 10:27:23.944root 11241100x8000000000000000351822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f920bd150f0e7982021-12-21 10:27:23.944root 11241100x8000000000000000351823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab23c37b6e2a8752021-12-21 10:27:23.944root 11241100x8000000000000000351824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.967da8d30a3dba692021-12-21 10:27:23.944root 11241100x8000000000000000351825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f899913d99055c82021-12-21 10:27:23.944root 11241100x8000000000000000351826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2e07237045f61e42021-12-21 10:27:23.944root 11241100x8000000000000000351827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca781efcc1e23d422021-12-21 10:27:23.944root 11241100x8000000000000000351828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03c06ee7c30f6932021-12-21 10:27:23.945root 11241100x8000000000000000351829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a176ff0c73ba1c2021-12-21 10:27:24.443root 11241100x8000000000000000351830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cab043700f1eca82021-12-21 10:27:24.443root 11241100x8000000000000000351831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642ba6fc33824a8e2021-12-21 10:27:24.443root 11241100x8000000000000000351832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1896f00c59a6434a2021-12-21 10:27:24.444root 11241100x8000000000000000351833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385d5e78d927d15a2021-12-21 10:27:24.444root 11241100x8000000000000000351834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ccff86602cc32d42021-12-21 10:27:24.444root 11241100x8000000000000000351835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93478454ec50ab6b2021-12-21 10:27:24.444root 11241100x8000000000000000351836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e294062db35a5892021-12-21 10:27:24.445root 11241100x8000000000000000351837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8317a8252d126d32021-12-21 10:27:24.445root 11241100x8000000000000000351838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d742a7129c30ea2021-12-21 10:27:24.445root 11241100x8000000000000000351839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7b3d1924fd6b2122021-12-21 10:27:24.445root 11241100x8000000000000000351840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957b7ec33832f2162021-12-21 10:27:24.445root 11241100x8000000000000000351841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b36df2c4dd36e0c2021-12-21 10:27:24.446root 11241100x8000000000000000351842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a016537bab983e2021-12-21 10:27:24.446root 11241100x8000000000000000351843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d3812415d2820d2021-12-21 10:27:24.446root 11241100x8000000000000000351844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8a5104546558282021-12-21 10:27:24.446root 11241100x8000000000000000351845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260ba7366206c8f42021-12-21 10:27:24.447root 11241100x8000000000000000351846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1229771869d1172021-12-21 10:27:24.447root 11241100x8000000000000000351847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef660b608b28d2662021-12-21 10:27:24.447root 11241100x8000000000000000351848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648ca20e68d824e82021-12-21 10:27:24.447root 11241100x8000000000000000351849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ef2dee97859a252021-12-21 10:27:24.448root 11241100x8000000000000000351850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be11ef391fbf8b302021-12-21 10:27:24.448root 11241100x8000000000000000351851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62720aee5d1ebd892021-12-21 10:27:24.448root 11241100x8000000000000000351852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f3714977c1e7932021-12-21 10:27:24.448root 11241100x8000000000000000351853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee1a65243ccc0ac2021-12-21 10:27:24.448root 11241100x8000000000000000351854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fccb93f77f6676372021-12-21 10:27:24.448root 11241100x8000000000000000351855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d48b5b4c4de0b72021-12-21 10:27:24.943root 11241100x8000000000000000351856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9beb2c8bd7c2530e2021-12-21 10:27:24.943root 11241100x8000000000000000351857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9749c0248a59876f2021-12-21 10:27:24.943root 11241100x8000000000000000351858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bbfb8bc42fb6d762021-12-21 10:27:24.943root 11241100x8000000000000000351859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae196d29cbe8e612021-12-21 10:27:24.943root 11241100x8000000000000000351860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6749f295020d87992021-12-21 10:27:24.944root 11241100x8000000000000000351861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9b78aaa55470cac2021-12-21 10:27:24.944root 11241100x8000000000000000351862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d08c996e12d84ea2021-12-21 10:27:24.944root 11241100x8000000000000000351863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f164a77561898ac2021-12-21 10:27:24.944root 11241100x8000000000000000351864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86120630d83c73c42021-12-21 10:27:24.944root 11241100x8000000000000000351865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6451447924f1a77d2021-12-21 10:27:24.944root 11241100x8000000000000000351866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8939e85b40600ac02021-12-21 10:27:24.944root 11241100x8000000000000000351867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134665bd6acf5ef92021-12-21 10:27:24.945root 11241100x8000000000000000351868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27806af8e7d88012021-12-21 10:27:24.945root 11241100x8000000000000000351869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be6bf2886cbf7362021-12-21 10:27:24.945root 11241100x8000000000000000351870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ec549d7e04e3dc2021-12-21 10:27:24.945root 11241100x8000000000000000351871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1a12b3e19ead672021-12-21 10:27:24.945root 11241100x8000000000000000351872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aae584c813c1a272021-12-21 10:27:24.945root 11241100x8000000000000000351873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c99c3bc0e4caf7602021-12-21 10:27:24.945root 11241100x8000000000000000351874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d638a1455d11cd2e2021-12-21 10:27:24.946root 11241100x8000000000000000351875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e30c36db6b43932021-12-21 10:27:24.946root 354300x8000000000000000351876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.101{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-34188-false10.0.1.12-8089- 11241100x8000000000000000351877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e07a573df8b4692021-12-21 10:27:25.443root 11241100x8000000000000000351878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8324d0010b230e2021-12-21 10:27:25.443root 11241100x8000000000000000351879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df7673fb0fa02cf82021-12-21 10:27:25.443root 11241100x8000000000000000351880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b27742bdaad99a2021-12-21 10:27:25.443root 11241100x8000000000000000351881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73313f7a0c6a66e32021-12-21 10:27:25.443root 11241100x8000000000000000351882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7daf2f5ae4793a7d2021-12-21 10:27:25.443root 11241100x8000000000000000351883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95ed227497cc9202021-12-21 10:27:25.443root 11241100x8000000000000000351884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc4f38517ddac6672021-12-21 10:27:25.443root 11241100x8000000000000000351885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db36bbad0a6281042021-12-21 10:27:25.443root 11241100x8000000000000000351886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c918f2e4408be68b2021-12-21 10:27:25.444root 11241100x8000000000000000351887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.251f5f535e5955a12021-12-21 10:27:25.444root 11241100x8000000000000000351888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b60ae813b973ea92021-12-21 10:27:25.444root 11241100x8000000000000000351889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b8f4ea348ec2a92021-12-21 10:27:25.444root 11241100x8000000000000000351890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2928920e7e6f8e352021-12-21 10:27:25.444root 11241100x8000000000000000351891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f16b9448922aa92021-12-21 10:27:25.444root 11241100x8000000000000000351892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0187a5a6c58500c02021-12-21 10:27:25.444root 11241100x8000000000000000351893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a7d2aaf14682342021-12-21 10:27:25.444root 11241100x8000000000000000351894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d9f9c6ff2b346c2021-12-21 10:27:25.444root 11241100x8000000000000000351895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96adff2e5da6f982021-12-21 10:27:25.444root 11241100x8000000000000000351896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a073b9b9c9dda542021-12-21 10:27:25.445root 11241100x8000000000000000351897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a87249bda365cd62021-12-21 10:27:25.445root 11241100x8000000000000000351898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750e9a180fb1d2ee2021-12-21 10:27:25.445root 11241100x8000000000000000351899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.363fff7c65ff43032021-12-21 10:27:25.445root 11241100x8000000000000000351900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72dd97ea4458fb792021-12-21 10:27:25.445root 11241100x8000000000000000351901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ae92f60cd3a3ec2021-12-21 10:27:25.445root 11241100x8000000000000000351902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6370997afb608ee02021-12-21 10:27:25.445root 11241100x8000000000000000351903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e9353275065cca2021-12-21 10:27:25.445root 11241100x8000000000000000351904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1d3d43d87ac8762021-12-21 10:27:25.445root 11241100x8000000000000000351905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7632f8fc010fa22021-12-21 10:27:25.445root 11241100x8000000000000000351906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.805ecaa8440446d42021-12-21 10:27:25.445root 11241100x8000000000000000351907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d0a07e683d729a2021-12-21 10:27:25.446root 11241100x8000000000000000351908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f9ab82bd889ac72021-12-21 10:27:25.446root 11241100x8000000000000000351909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee8c6917c7b41d022021-12-21 10:27:25.446root 11241100x8000000000000000351910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419270bc8df9063a2021-12-21 10:27:25.446root 11241100x8000000000000000351911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211dd94df7d2e1bb2021-12-21 10:27:25.446root 11241100x8000000000000000351912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67baa1fb52f1854a2021-12-21 10:27:25.446root 11241100x8000000000000000351913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6d8eb540662cd72021-12-21 10:27:25.447root 11241100x8000000000000000351914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448bb9ca22e650d62021-12-21 10:27:25.447root 11241100x8000000000000000351915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcabf5de417038102021-12-21 10:27:25.447root 11241100x8000000000000000351916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7555f3af1e4deb732021-12-21 10:27:25.447root 11241100x8000000000000000351917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5bd1fdb0efa4782021-12-21 10:27:25.447root 11241100x8000000000000000351918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8daa620cd25d36ce2021-12-21 10:27:25.448root 11241100x8000000000000000351919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7338bd512245a532021-12-21 10:27:25.448root 11241100x8000000000000000351920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e475dd34768ad12021-12-21 10:27:25.448root 11241100x8000000000000000351921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c7050267bbddb32021-12-21 10:27:25.448root 11241100x8000000000000000351922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40f7cd12bf50b982021-12-21 10:27:25.449root 11241100x8000000000000000351923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46842a28085dba6c2021-12-21 10:27:25.449root 11241100x8000000000000000351924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82daf9cd964d679e2021-12-21 10:27:25.449root 11241100x8000000000000000351925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a02b756800067a52021-12-21 10:27:25.449root 11241100x8000000000000000351926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782f1093adc204a62021-12-21 10:27:25.449root 11241100x8000000000000000351927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a271bc6067a836dd2021-12-21 10:27:25.943root 11241100x8000000000000000351928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b35fe9e03169b82021-12-21 10:27:25.943root 11241100x8000000000000000351929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a62b75121d2f7ec42021-12-21 10:27:25.944root 11241100x8000000000000000351930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793c4f0ee737824d2021-12-21 10:27:25.944root 11241100x8000000000000000351931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d82aff33c9491f2021-12-21 10:27:25.944root 11241100x8000000000000000351932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67aab3d6e71ca762021-12-21 10:27:25.944root 11241100x8000000000000000351933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30e4f8bba98450582021-12-21 10:27:25.944root 11241100x8000000000000000351934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2cb0ac9b250f7e62021-12-21 10:27:25.944root 11241100x8000000000000000351935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d703c562cfeba5d22021-12-21 10:27:25.944root 11241100x8000000000000000351936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec11d500d0397c6c2021-12-21 10:27:25.944root 11241100x8000000000000000351937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0438037b40adee22021-12-21 10:27:25.944root 11241100x8000000000000000351938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728618a2b9ac6d252021-12-21 10:27:25.945root 11241100x8000000000000000351939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc27c49d56bf2c162021-12-21 10:27:25.945root 11241100x8000000000000000351940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23075de8eb99ee52021-12-21 10:27:25.945root 11241100x8000000000000000351941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc0f3cb0bcaf4a62021-12-21 10:27:25.945root 11241100x8000000000000000351942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a3a8ea036d2ce42021-12-21 10:27:25.945root 11241100x8000000000000000351943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550b68fc3bccbb9e2021-12-21 10:27:25.945root 11241100x8000000000000000351944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f2f1573a2fa0f062021-12-21 10:27:25.945root 11241100x8000000000000000351945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c06dda4100c4e172021-12-21 10:27:25.945root 11241100x8000000000000000351946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13550191889de96b2021-12-21 10:27:25.945root 11241100x8000000000000000351947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0f8c1d5322a8312021-12-21 10:27:25.945root 11241100x8000000000000000351948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b3be2cf1357c982021-12-21 10:27:25.945root 11241100x8000000000000000351949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d04dc4a011e75702021-12-21 10:27:25.946root 11241100x8000000000000000351950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d0e8865e61a03c2021-12-21 10:27:25.946root 11241100x8000000000000000351951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5ed5879cc9fa782021-12-21 10:27:26.443root 11241100x8000000000000000351952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7924a97ef2318172021-12-21 10:27:26.443root 11241100x8000000000000000351953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b485d7942a997a92021-12-21 10:27:26.443root 11241100x8000000000000000351954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e15b71ffff6b1df22021-12-21 10:27:26.443root 11241100x8000000000000000351955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e58b22bdc98c752021-12-21 10:27:26.443root 11241100x8000000000000000351956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f85124557a4f8512021-12-21 10:27:26.443root 11241100x8000000000000000351957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe0409d9d2275982021-12-21 10:27:26.444root 11241100x8000000000000000351958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.740810f20bea11c62021-12-21 10:27:26.444root 11241100x8000000000000000351959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0593272ad2e604792021-12-21 10:27:26.444root 11241100x8000000000000000351960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a556942ee139d7252021-12-21 10:27:26.444root 11241100x8000000000000000351961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4d66ee0ebf28032021-12-21 10:27:26.444root 11241100x8000000000000000351962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32667896a085030f2021-12-21 10:27:26.444root 11241100x8000000000000000351963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383d5071f91b587f2021-12-21 10:27:26.444root 11241100x8000000000000000351964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33cc7392da70964f2021-12-21 10:27:26.444root 11241100x8000000000000000351965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faec1f35b37297dc2021-12-21 10:27:26.444root 11241100x8000000000000000351966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb2de8ad9f9a7d42021-12-21 10:27:26.445root 11241100x8000000000000000351967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb70db6a66ce49d2021-12-21 10:27:26.445root 11241100x8000000000000000351968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99af78b9fe5a06c12021-12-21 10:27:26.445root 11241100x8000000000000000351969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85999d60a22fb99f2021-12-21 10:27:26.445root 11241100x8000000000000000351970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1209493025d63e82021-12-21 10:27:26.445root 11241100x8000000000000000351971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b6ee0aa63770fb2021-12-21 10:27:26.446root 11241100x8000000000000000351972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a381d6301ac40212021-12-21 10:27:26.446root 11241100x8000000000000000351973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987b09926001e22b2021-12-21 10:27:26.943root 11241100x8000000000000000351974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e961186c401d828a2021-12-21 10:27:26.943root 11241100x8000000000000000351975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e5c07a6db461e62021-12-21 10:27:26.944root 11241100x8000000000000000351976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb94ecd6844d21bc2021-12-21 10:27:26.944root 11241100x8000000000000000351977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8a235d60ab50cc2021-12-21 10:27:26.944root 11241100x8000000000000000351978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4403188bf57fd92021-12-21 10:27:26.944root 11241100x8000000000000000351979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25f14c5c91d91b32021-12-21 10:27:26.944root 11241100x8000000000000000351980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943d6a229da652bc2021-12-21 10:27:26.945root 11241100x8000000000000000351981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23954255cf4702252021-12-21 10:27:26.945root 11241100x8000000000000000351982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d27ab47007a957a2021-12-21 10:27:26.945root 11241100x8000000000000000351983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063390d0000377bf2021-12-21 10:27:26.945root 11241100x8000000000000000351984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d783c808d2e5ff2021-12-21 10:27:26.945root 11241100x8000000000000000351985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd56ffda709cb7ec2021-12-21 10:27:26.945root 11241100x8000000000000000351986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89256fef402985d22021-12-21 10:27:26.945root 11241100x8000000000000000351987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61ca25262c855c02021-12-21 10:27:26.945root 11241100x8000000000000000351988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0659151499d1752021-12-21 10:27:26.945root 11241100x8000000000000000351989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2194f23c0c7247662021-12-21 10:27:26.945root 11241100x8000000000000000351990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a619263a3c26c9de2021-12-21 10:27:26.945root 11241100x8000000000000000351991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98561c9aae6c5502021-12-21 10:27:26.946root 11241100x8000000000000000351992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117fee601ec90cd12021-12-21 10:27:26.946root 11241100x8000000000000000351993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52c45d8428fae9c2021-12-21 10:27:26.946root 11241100x8000000000000000351994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8dd5462e86e76f2021-12-21 10:27:26.946root 11241100x8000000000000000351995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7128377e2ae44cc2021-12-21 10:27:27.443root 11241100x8000000000000000351996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f7b821478e9bf92021-12-21 10:27:27.443root 11241100x8000000000000000351997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4863e1c91afff32021-12-21 10:27:27.444root 11241100x8000000000000000351998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06cde9f550ef88ba2021-12-21 10:27:27.444root 11241100x8000000000000000351999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80a645d82bdc5082021-12-21 10:27:27.444root 11241100x8000000000000000352000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4208c63b224cfbdc2021-12-21 10:27:27.444root 11241100x8000000000000000352001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ea6fe7f3ed4a722021-12-21 10:27:27.444root 11241100x8000000000000000352002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d245c659888336202021-12-21 10:27:27.444root 11241100x8000000000000000352003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc379ca988135a872021-12-21 10:27:27.444root 11241100x8000000000000000352004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b6ca2b522085b52021-12-21 10:27:27.444root 11241100x8000000000000000352005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc557119ed66c272021-12-21 10:27:27.444root 11241100x8000000000000000352006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4503b1f7e9d3e86d2021-12-21 10:27:27.444root 11241100x8000000000000000352007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a047bf6c1de09c812021-12-21 10:27:27.444root 11241100x8000000000000000352008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d9475e326d9ca7f2021-12-21 10:27:27.444root 11241100x8000000000000000352009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcdfb80f63da72162021-12-21 10:27:27.444root 11241100x8000000000000000352010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e00beabdd5458552021-12-21 10:27:27.444root 11241100x8000000000000000352011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11748b04c822ffd72021-12-21 10:27:27.444root 11241100x8000000000000000352012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08e01fbb3f238052021-12-21 10:27:27.445root 11241100x8000000000000000352013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70ff65e301af647b2021-12-21 10:27:27.445root 11241100x8000000000000000352014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f709a8fbf1440e022021-12-21 10:27:27.445root 11241100x8000000000000000352015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062da595c23fa2e62021-12-21 10:27:27.445root 11241100x8000000000000000352016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a9be66f5fbf1cf2021-12-21 10:27:27.445root 11241100x8000000000000000352017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9442d73350f871952021-12-21 10:27:27.943root 11241100x8000000000000000352018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb4e9e2b5c98d722021-12-21 10:27:27.944root 11241100x8000000000000000352019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8c0d31ac8e20652021-12-21 10:27:27.944root 11241100x8000000000000000352020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227c61ef451cb77b2021-12-21 10:27:27.944root 11241100x8000000000000000352021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1124a38cd8119e442021-12-21 10:27:27.944root 11241100x8000000000000000352022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c983c442b574a12021-12-21 10:27:27.945root 11241100x8000000000000000352023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c81483edcb9490192021-12-21 10:27:27.945root 11241100x8000000000000000352024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ddd0a179728c1052021-12-21 10:27:27.945root 11241100x8000000000000000352025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5487db78e21e01382021-12-21 10:27:27.945root 11241100x8000000000000000352026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d237fce64ffbb6f2021-12-21 10:27:27.945root 11241100x8000000000000000352027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b62adfec25515d22021-12-21 10:27:27.945root 11241100x8000000000000000352028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52083d881e23f4942021-12-21 10:27:27.945root 11241100x8000000000000000352029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2bc5047d25b3422021-12-21 10:27:27.945root 11241100x8000000000000000352030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7438f61453b9cea2021-12-21 10:27:27.946root 11241100x8000000000000000352031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45cdde6d6cce77702021-12-21 10:27:27.946root 11241100x8000000000000000352032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fad29e92103521c2021-12-21 10:27:27.946root 11241100x8000000000000000352033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e466bb8f86534f202021-12-21 10:27:27.946root 11241100x8000000000000000352034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e98e44666b2f242021-12-21 10:27:27.946root 11241100x8000000000000000352035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b646bfbe092ec9182021-12-21 10:27:27.946root 11241100x8000000000000000352036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a73601a62b7ad1e2021-12-21 10:27:27.946root 11241100x8000000000000000352037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a59df81b246928612021-12-21 10:27:27.946root 11241100x8000000000000000352038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:27.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4062c89eb28002c2021-12-21 10:27:27.947root 354300x8000000000000000352039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.062{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47126-false10.0.1.12-8000- 11241100x8000000000000000352040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f89faa1ac5fb9d22021-12-21 10:27:28.443root 11241100x8000000000000000352041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9404bfce4aca26d72021-12-21 10:27:28.443root 11241100x8000000000000000352042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f76ead2323eed82021-12-21 10:27:28.443root 11241100x8000000000000000352043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ddea5dcc72a0f782021-12-21 10:27:28.443root 11241100x8000000000000000352044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d48875c422f01b2021-12-21 10:27:28.443root 11241100x8000000000000000352045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794c44173a3a02a92021-12-21 10:27:28.443root 11241100x8000000000000000352046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51fe45377bd7fcff2021-12-21 10:27:28.444root 11241100x8000000000000000352047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afac773422c1b28c2021-12-21 10:27:28.444root 11241100x8000000000000000352048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef92c3dc47a8428d2021-12-21 10:27:28.444root 11241100x8000000000000000352049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e656c7467271cef2021-12-21 10:27:28.444root 11241100x8000000000000000352050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7729f199992431f82021-12-21 10:27:28.444root 11241100x8000000000000000352051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b14534761e8e2a92021-12-21 10:27:28.445root 11241100x8000000000000000352052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e14511406ffd592021-12-21 10:27:28.445root 11241100x8000000000000000352053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5811055793091c92021-12-21 10:27:28.445root 11241100x8000000000000000352054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd7aa795a85933612021-12-21 10:27:28.445root 11241100x8000000000000000352055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db57337bc8d8cfe2021-12-21 10:27:28.445root 11241100x8000000000000000352056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2622564f7319d1df2021-12-21 10:27:28.445root 11241100x8000000000000000352057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a95af77e74bd5f42021-12-21 10:27:28.446root 11241100x8000000000000000352058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4126d3826b7e559e2021-12-21 10:27:28.446root 11241100x8000000000000000352059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96404e626ea77e402021-12-21 10:27:28.446root 11241100x8000000000000000352060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a0e8c9f0211b1602021-12-21 10:27:28.446root 11241100x8000000000000000352061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd358b8079b96f2d2021-12-21 10:27:28.446root 11241100x8000000000000000352062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9ecd76332f1eb62021-12-21 10:27:28.446root 11241100x8000000000000000352063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4d04856d50b3f82021-12-21 10:27:28.942root 11241100x8000000000000000352064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9573edc58cad43f12021-12-21 10:27:28.943root 11241100x8000000000000000352065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0a1e1486d5e5a92021-12-21 10:27:28.943root 11241100x8000000000000000352066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0bfcd4969c628f2021-12-21 10:27:28.943root 11241100x8000000000000000352067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373305f68ad11a7b2021-12-21 10:27:28.943root 11241100x8000000000000000352068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6508e3427fd3c2292021-12-21 10:27:28.944root 11241100x8000000000000000352069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ef13479df46cc52021-12-21 10:27:28.944root 11241100x8000000000000000352070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8618c51d4385ef762021-12-21 10:27:28.944root 11241100x8000000000000000352071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8020e51c6b5e2442021-12-21 10:27:28.944root 11241100x8000000000000000352072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48fa645554494cf72021-12-21 10:27:28.945root 11241100x8000000000000000352073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214939b580a348f02021-12-21 10:27:28.945root 11241100x8000000000000000352074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc833830b003bbe2021-12-21 10:27:28.945root 11241100x8000000000000000352075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e0554cdef8d307e2021-12-21 10:27:28.945root 11241100x8000000000000000352076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d0b6ab85cb72f02021-12-21 10:27:28.946root 11241100x8000000000000000352077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7211a4f2d27939212021-12-21 10:27:28.946root 11241100x8000000000000000352078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50bded4334814702021-12-21 10:27:28.946root 11241100x8000000000000000352079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d382b1250d7b632021-12-21 10:27:28.947root 11241100x8000000000000000352080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de799dd5a5b6470f2021-12-21 10:27:28.947root 11241100x8000000000000000352081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e012c6d02ac4f1da2021-12-21 10:27:28.947root 11241100x8000000000000000352082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c840d9bc546d6f2021-12-21 10:27:28.947root 11241100x8000000000000000352083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889adcaf2dac959f2021-12-21 10:27:28.947root 11241100x8000000000000000352084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3d634f57ce5f6132021-12-21 10:27:28.947root 11241100x8000000000000000352085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f9cee8b8b734c22021-12-21 10:27:28.947root 11241100x8000000000000000352086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52be261cbdf4f0cb2021-12-21 10:27:28.948root 11241100x8000000000000000352087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02846001eefa1e282021-12-21 10:27:28.948root 11241100x8000000000000000352088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae57db06f961ce12021-12-21 10:27:28.948root 11241100x8000000000000000352089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8deeb2f42842a7332021-12-21 10:27:28.948root 11241100x8000000000000000352090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693e23d644705e4d2021-12-21 10:27:28.948root 11241100x8000000000000000352091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa992dce5e5e8f42021-12-21 10:27:28.949root 11241100x8000000000000000352092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:28.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6b3faa9f4549d42021-12-21 10:27:28.949root 11241100x8000000000000000352093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797505b8a456cb132021-12-21 10:27:29.443root 11241100x8000000000000000352094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a433ae893a3e5f8e2021-12-21 10:27:29.443root 11241100x8000000000000000352095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20e1f26b8b9a1352021-12-21 10:27:29.443root 11241100x8000000000000000352096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f01b0b95ee50722021-12-21 10:27:29.443root 11241100x8000000000000000352097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0e042c01b8b74f2021-12-21 10:27:29.444root 11241100x8000000000000000352098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5050d1675d99f5b92021-12-21 10:27:29.444root 11241100x8000000000000000352099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1946d264f54640e02021-12-21 10:27:29.444root 11241100x8000000000000000352100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3582471f9692318d2021-12-21 10:27:29.444root 11241100x8000000000000000352101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4d89b31c84c3aa2021-12-21 10:27:29.444root 11241100x8000000000000000352102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4523eec536081c2021-12-21 10:27:29.444root 11241100x8000000000000000352103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac45bc207ec42d3f2021-12-21 10:27:29.444root 11241100x8000000000000000352104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81bb2977ef13ea62021-12-21 10:27:29.444root 11241100x8000000000000000352105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cddda70d0e508d2021-12-21 10:27:29.444root 11241100x8000000000000000352106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54e62883b7eb6f22021-12-21 10:27:29.444root 11241100x8000000000000000352107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98130779d148ce12021-12-21 10:27:29.444root 11241100x8000000000000000352108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788a284a499187b02021-12-21 10:27:29.444root 11241100x8000000000000000352109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b10819bf25e69472021-12-21 10:27:29.444root 11241100x8000000000000000352110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebcbaa6f0d0851f82021-12-21 10:27:29.444root 11241100x8000000000000000352111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4567ca506c737f2021-12-21 10:27:29.445root 11241100x8000000000000000352112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6228d50b83f0dbdc2021-12-21 10:27:29.445root 11241100x8000000000000000352113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e4915c138323512021-12-21 10:27:29.445root 11241100x8000000000000000352114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc3c4f1a24e03442021-12-21 10:27:29.445root 11241100x8000000000000000352115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39b5e077b8a89932021-12-21 10:27:29.445root 11241100x8000000000000000352116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3495a811f6e676fc2021-12-21 10:27:29.943root 11241100x8000000000000000352117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bddbda9821d06c22021-12-21 10:27:29.943root 11241100x8000000000000000352118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7ef97aba136afcc2021-12-21 10:27:29.944root 11241100x8000000000000000352119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457e17a9075de6ab2021-12-21 10:27:29.944root 11241100x8000000000000000352120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db31f93a45c2c3182021-12-21 10:27:29.944root 11241100x8000000000000000352121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd5efc9a94ca5a92021-12-21 10:27:29.944root 11241100x8000000000000000352122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bf5d2308ff8a9d2021-12-21 10:27:29.945root 11241100x8000000000000000352123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fdfc51a0d78f5fe2021-12-21 10:27:29.945root 11241100x8000000000000000352124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2eec95607091592021-12-21 10:27:29.945root 11241100x8000000000000000352125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037e25e9f6d193462021-12-21 10:27:29.945root 11241100x8000000000000000352126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdcc48e7930b1e702021-12-21 10:27:29.946root 11241100x8000000000000000352127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d305489e712358232021-12-21 10:27:29.946root 11241100x8000000000000000352128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b844bdd7bec1c92021-12-21 10:27:29.946root 11241100x8000000000000000352129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69e181ec45551ce2021-12-21 10:27:29.946root 11241100x8000000000000000352130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0435a29fb64b3e102021-12-21 10:27:29.946root 11241100x8000000000000000352131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e1beba582273992021-12-21 10:27:29.946root 11241100x8000000000000000352132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12e8a27ed3ed2092021-12-21 10:27:29.946root 11241100x8000000000000000352133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5e1f17419187d32021-12-21 10:27:29.946root 11241100x8000000000000000352134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c45006581fb04462021-12-21 10:27:29.946root 11241100x8000000000000000352135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a2995f3474cd402021-12-21 10:27:29.947root 11241100x8000000000000000352136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb6db4afc8097982021-12-21 10:27:29.947root 11241100x8000000000000000352137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1e81ffde95dc082021-12-21 10:27:29.947root 11241100x8000000000000000352138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:29.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33b9daba30036c22021-12-21 10:27:29.947root 11241100x8000000000000000352139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350d5c83059a0d1e2021-12-21 10:27:30.443root 11241100x8000000000000000352140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a710759db05ceb72021-12-21 10:27:30.443root 11241100x8000000000000000352141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8244ba37e188362021-12-21 10:27:30.444root 11241100x8000000000000000352142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314323109247ceca2021-12-21 10:27:30.444root 11241100x8000000000000000352143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108813e4796b45052021-12-21 10:27:30.444root 11241100x8000000000000000352144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4084ba0792a1218e2021-12-21 10:27:30.444root 11241100x8000000000000000352145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9cebb49d236b2502021-12-21 10:27:30.444root 11241100x8000000000000000352146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b931087fe7d7fb5c2021-12-21 10:27:30.444root 11241100x8000000000000000352147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6dfb3c8eef291e42021-12-21 10:27:30.445root 11241100x8000000000000000352148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1969dbc5ead9ab02021-12-21 10:27:30.445root 11241100x8000000000000000352149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8ad47cdfea4ca072021-12-21 10:27:30.445root 11241100x8000000000000000352150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de00a3a1b38719e62021-12-21 10:27:30.445root 11241100x8000000000000000352151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443fd01b921122e92021-12-21 10:27:30.446root 11241100x8000000000000000352152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a68d0c4eeafb36f2021-12-21 10:27:30.446root 11241100x8000000000000000352153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e3c62a60ad92c612021-12-21 10:27:30.446root 11241100x8000000000000000352154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d42c44390aa0062021-12-21 10:27:30.446root 11241100x8000000000000000352155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0be6067b45371332021-12-21 10:27:30.446root 11241100x8000000000000000352156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9532782647668b2021-12-21 10:27:30.446root 11241100x8000000000000000352157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4df367fcedf5f072021-12-21 10:27:30.448root 11241100x8000000000000000352158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61533d304ab1b8422021-12-21 10:27:30.448root 11241100x8000000000000000352159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be9392e652589ef2021-12-21 10:27:30.448root 11241100x8000000000000000352160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f35e670ec38917f2021-12-21 10:27:30.448root 11241100x8000000000000000352161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8717e67e13cfaa512021-12-21 10:27:30.448root 11241100x8000000000000000352162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213477577db6eb4b2021-12-21 10:27:30.943root 11241100x8000000000000000352163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c9c445049052022021-12-21 10:27:30.943root 11241100x8000000000000000352164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0f56fd3c8637a22021-12-21 10:27:30.943root 11241100x8000000000000000352165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c315eca2bb156ad2021-12-21 10:27:30.943root 11241100x8000000000000000352166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a151bf46007d813e2021-12-21 10:27:30.943root 11241100x8000000000000000352167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2246aac7d6ce8892021-12-21 10:27:30.943root 11241100x8000000000000000352168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637aea69175e63bf2021-12-21 10:27:30.944root 11241100x8000000000000000352169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c742f3e9d1f40ae02021-12-21 10:27:30.944root 11241100x8000000000000000352170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37431ba80322a312021-12-21 10:27:30.944root 11241100x8000000000000000352171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7ada43df9db2102021-12-21 10:27:30.944root 11241100x8000000000000000352172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2af134dfe9f88032021-12-21 10:27:30.944root 11241100x8000000000000000352173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52c5d8e7db2f2262021-12-21 10:27:30.944root 11241100x8000000000000000352174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6c50581976caf42021-12-21 10:27:30.944root 11241100x8000000000000000352175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ede51d7c093ac12021-12-21 10:27:30.944root 11241100x8000000000000000352176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7035d35dcfd4fc472021-12-21 10:27:30.945root 11241100x8000000000000000352177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6615ebdf8fe07ee2021-12-21 10:27:30.945root 11241100x8000000000000000352178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b80d62a8fee5f8e2021-12-21 10:27:30.945root 11241100x8000000000000000352179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2c31e8fdda5e992021-12-21 10:27:30.945root 11241100x8000000000000000352180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca84c6afdb443c0a2021-12-21 10:27:30.945root 11241100x8000000000000000352181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2f1e3ceac43e2b2021-12-21 10:27:30.945root 11241100x8000000000000000352182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047683aefb57ab882021-12-21 10:27:30.945root 11241100x8000000000000000352183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833a13a9a08251962021-12-21 10:27:30.945root 11241100x8000000000000000352184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2088030008cc27d72021-12-21 10:27:30.947root 11241100x8000000000000000352185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22823047ca1a15062021-12-21 10:27:30.947root 11241100x8000000000000000352186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2922b1b874268bf2021-12-21 10:27:30.947root 11241100x8000000000000000352187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76df93725a8d4a8c2021-12-21 10:27:30.947root 11241100x8000000000000000352188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63da9480b8560ede2021-12-21 10:27:30.947root 11241100x8000000000000000352189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf394410d61c8d6c2021-12-21 10:27:30.957root 11241100x8000000000000000352190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbe1e932e808ab02021-12-21 10:27:30.957root 11241100x8000000000000000352191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5708ee2ff9d56d892021-12-21 10:27:30.958root 11241100x8000000000000000352192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:30.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80d502b597352412021-12-21 10:27:30.958root 11241100x8000000000000000352193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eaea514a3b883af2021-12-21 10:27:31.443root 11241100x8000000000000000352194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d12da6533aa41e922021-12-21 10:27:31.443root 11241100x8000000000000000352195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93929e565b43ce302021-12-21 10:27:31.444root 11241100x8000000000000000352196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc4bda8d174d16aa2021-12-21 10:27:31.444root 11241100x8000000000000000352197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06e594c589eb0442021-12-21 10:27:31.444root 11241100x8000000000000000352198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b903238d18ce2ac32021-12-21 10:27:31.444root 11241100x8000000000000000352199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e580a3c7bf589eb42021-12-21 10:27:31.445root 11241100x8000000000000000352200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58502cabb3bebab62021-12-21 10:27:31.445root 11241100x8000000000000000352201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1562c9353a4acf2021-12-21 10:27:31.445root 11241100x8000000000000000352202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf64dd6fd421f952021-12-21 10:27:31.446root 11241100x8000000000000000352203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7ab9c9cabbec872021-12-21 10:27:31.447root 11241100x8000000000000000352204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3656ac83f6c5ce2021-12-21 10:27:31.447root 11241100x8000000000000000352205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f67c0857162a702021-12-21 10:27:31.447root 11241100x8000000000000000352206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c71e7571b50de92021-12-21 10:27:31.447root 11241100x8000000000000000352207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb3c8cf5d26429b2021-12-21 10:27:31.447root 11241100x8000000000000000352208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abda262d8cf999c02021-12-21 10:27:31.447root 11241100x8000000000000000352209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833005f9387253c42021-12-21 10:27:31.447root 11241100x8000000000000000352210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a55745c9d2b0bf92021-12-21 10:27:31.447root 11241100x8000000000000000352211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71bec4bd040a26c62021-12-21 10:27:31.448root 11241100x8000000000000000352212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b802c041477e0af92021-12-21 10:27:31.448root 11241100x8000000000000000352213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26787e9b22702a592021-12-21 10:27:31.448root 11241100x8000000000000000352214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07ef5db938c6d392021-12-21 10:27:31.448root 11241100x8000000000000000352215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac0a3e156f474ec2021-12-21 10:27:31.448root 11241100x8000000000000000352216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad9edf8f974b8a332021-12-21 10:27:31.943root 11241100x8000000000000000352217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246217ddcbd85f092021-12-21 10:27:31.943root 11241100x8000000000000000352218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2985fa6c0a146d12021-12-21 10:27:31.944root 11241100x8000000000000000352219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1ed93eee481af32021-12-21 10:27:31.944root 11241100x8000000000000000352220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb877880cacec0072021-12-21 10:27:31.944root 11241100x8000000000000000352221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d84ab82477df632021-12-21 10:27:31.945root 11241100x8000000000000000352222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a668c6c0b87ba45e2021-12-21 10:27:31.945root 11241100x8000000000000000352223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14eb7c5f95bfc87d2021-12-21 10:27:31.945root 11241100x8000000000000000352224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74fb37b15dbdbc72021-12-21 10:27:31.945root 11241100x8000000000000000352225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2992e73b091bb7382021-12-21 10:27:31.946root 11241100x8000000000000000352226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5d1386b6cedec92021-12-21 10:27:31.946root 11241100x8000000000000000352227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d021f629d49b43542021-12-21 10:27:31.946root 11241100x8000000000000000352228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811506222c291f2b2021-12-21 10:27:31.946root 11241100x8000000000000000352229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1275b523b44821862021-12-21 10:27:31.946root 11241100x8000000000000000352230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b0b88d808f653e2021-12-21 10:27:31.947root 11241100x8000000000000000352231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217de228358ed1322021-12-21 10:27:31.947root 11241100x8000000000000000352232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a873a3710585a6d2021-12-21 10:27:31.947root 11241100x8000000000000000352233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed3069fa13e0c152021-12-21 10:27:31.947root 11241100x8000000000000000352234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf71f5d4281c37b62021-12-21 10:27:31.948root 11241100x8000000000000000352235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d368e7252804e02021-12-21 10:27:31.948root 11241100x8000000000000000352236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3372da9479d538a2021-12-21 10:27:31.948root 11241100x8000000000000000352237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1deda8e2225cc5ef2021-12-21 10:27:31.948root 11241100x8000000000000000352238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd1d2fdea6ceeee2021-12-21 10:27:31.949root 11241100x8000000000000000352239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbf92cf1bc4bc9032021-12-21 10:27:32.443root 11241100x8000000000000000352240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0528947aafabc0482021-12-21 10:27:32.443root 11241100x8000000000000000352241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac5afe1ec0501eb2021-12-21 10:27:32.443root 11241100x8000000000000000352242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabfa5781ccd9e782021-12-21 10:27:32.443root 11241100x8000000000000000352243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6caebebf71551b5b2021-12-21 10:27:32.444root 11241100x8000000000000000352244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d62e9909fcb5b9092021-12-21 10:27:32.444root 11241100x8000000000000000352245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b029230c5c9460c72021-12-21 10:27:32.444root 11241100x8000000000000000352246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72552d9239814a692021-12-21 10:27:32.444root 11241100x8000000000000000352247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a9b2503a91265f2021-12-21 10:27:32.444root 11241100x8000000000000000352248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49c631332a532b92021-12-21 10:27:32.444root 11241100x8000000000000000352249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5901b6889846ace92021-12-21 10:27:32.444root 11241100x8000000000000000352250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2249e71126da5ebb2021-12-21 10:27:32.444root 11241100x8000000000000000352251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fcc238b0634514f2021-12-21 10:27:32.444root 11241100x8000000000000000352252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acce0ae9b24fe5352021-12-21 10:27:32.444root 11241100x8000000000000000352253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e77e4cd7675b452021-12-21 10:27:32.444root 11241100x8000000000000000352254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81e2a2d8a0a1fbb12021-12-21 10:27:32.444root 11241100x8000000000000000352255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a1ef9b5e9597312021-12-21 10:27:32.444root 11241100x8000000000000000352256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557af67e9229721d2021-12-21 10:27:32.444root 11241100x8000000000000000352257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed9919890854c6e2021-12-21 10:27:32.444root 11241100x8000000000000000352258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda3f54847a5b2f52021-12-21 10:27:32.444root 11241100x8000000000000000352259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87e51209324df052021-12-21 10:27:32.445root 11241100x8000000000000000352260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ee869b3747dc922021-12-21 10:27:32.445root 11241100x8000000000000000352261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dab15dd61574bb72021-12-21 10:27:32.445root 11241100x8000000000000000352262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b981cad074ce342021-12-21 10:27:32.943root 11241100x8000000000000000352263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2a1a950528beed2021-12-21 10:27:32.943root 11241100x8000000000000000352264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d7aa2afdd1c6a62021-12-21 10:27:32.944root 11241100x8000000000000000352265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a9dd8310aaed0f2021-12-21 10:27:32.944root 11241100x8000000000000000352266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b09b415e9c68af02021-12-21 10:27:32.944root 11241100x8000000000000000352267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695ea1804e4f77512021-12-21 10:27:32.944root 11241100x8000000000000000352268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444170b0d25d39812021-12-21 10:27:32.944root 11241100x8000000000000000352269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0619689ac8fa1d192021-12-21 10:27:32.944root 11241100x8000000000000000352270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cd7ecc2f45761d2021-12-21 10:27:32.944root 11241100x8000000000000000352271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45c80d5bfeaa2132021-12-21 10:27:32.944root 11241100x8000000000000000352272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0d8c234ac837632021-12-21 10:27:32.944root 11241100x8000000000000000352273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3f8e752eedd99d2021-12-21 10:27:32.944root 11241100x8000000000000000352274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580f65bdf03caa322021-12-21 10:27:32.944root 11241100x8000000000000000352275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333089138850a52a2021-12-21 10:27:32.944root 11241100x8000000000000000352276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ea635435c5151e2021-12-21 10:27:32.945root 11241100x8000000000000000352277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b1b041cca9adde2021-12-21 10:27:32.945root 11241100x8000000000000000352278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966ce243897f525e2021-12-21 10:27:32.945root 11241100x8000000000000000352279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e47752eed00acb02021-12-21 10:27:32.945root 11241100x8000000000000000352280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52dd30e0478d01dd2021-12-21 10:27:32.945root 11241100x8000000000000000352281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c2ee71c353c763a2021-12-21 10:27:32.945root 11241100x8000000000000000352282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4bcb4c5e99bbbe72021-12-21 10:27:32.945root 11241100x8000000000000000352283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ffa093679bdbd152021-12-21 10:27:32.945root 11241100x8000000000000000352284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758838fdcdd326b12021-12-21 10:27:32.945root 11241100x8000000000000000352285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5efea752e180b8022021-12-21 10:27:33.443root 11241100x8000000000000000352286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1c78092bf808f52021-12-21 10:27:33.443root 11241100x8000000000000000352287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81a4334c58e2cd02021-12-21 10:27:33.444root 11241100x8000000000000000352288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72550d176e6aedb72021-12-21 10:27:33.444root 11241100x8000000000000000352289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0843a979be2d5ac2021-12-21 10:27:33.444root 11241100x8000000000000000352290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f12ad3a39641392021-12-21 10:27:33.444root 11241100x8000000000000000352291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d639e9b05a19c932021-12-21 10:27:33.445root 11241100x8000000000000000352292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170e8e9a942aaa352021-12-21 10:27:33.445root 11241100x8000000000000000352293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51cfb9c87a9ff4652021-12-21 10:27:33.445root 11241100x8000000000000000352294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95314627b4e95a22021-12-21 10:27:33.446root 11241100x8000000000000000352295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd2877af0d89be52021-12-21 10:27:33.446root 11241100x8000000000000000352296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa7ca5b472edb812021-12-21 10:27:33.446root 11241100x8000000000000000352297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871edc529e5a944e2021-12-21 10:27:33.447root 11241100x8000000000000000352298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046c564a2e6f9b132021-12-21 10:27:33.447root 11241100x8000000000000000352299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cb1e350bf9768c2021-12-21 10:27:33.448root 11241100x8000000000000000352300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2c51cfd1e703bde2021-12-21 10:27:33.448root 11241100x8000000000000000352301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc00ed54af2cb732021-12-21 10:27:33.448root 11241100x8000000000000000352302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6db681e4c6cda5542021-12-21 10:27:33.448root 11241100x8000000000000000352303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1243f290a5cb55ae2021-12-21 10:27:33.449root 11241100x8000000000000000352304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.954031511e7f440d2021-12-21 10:27:33.449root 11241100x8000000000000000352305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a103b23a73e7bfb2021-12-21 10:27:33.450root 11241100x8000000000000000352306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837340be59b851d92021-12-21 10:27:33.450root 11241100x8000000000000000352307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8aa696f956f6292021-12-21 10:27:33.451root 11241100x8000000000000000352308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc1b1c5e626c5892021-12-21 10:27:33.943root 11241100x8000000000000000352309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b8cf41103c52412021-12-21 10:27:33.943root 11241100x8000000000000000352310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305c4bf869402d0c2021-12-21 10:27:33.943root 11241100x8000000000000000352311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8a434ee095df2c2021-12-21 10:27:33.943root 11241100x8000000000000000352312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.952deb8ec009e2ac2021-12-21 10:27:33.944root 11241100x8000000000000000352313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f8b4986ae07e842021-12-21 10:27:33.944root 11241100x8000000000000000352314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5cf9c1f07a38d7a2021-12-21 10:27:33.944root 11241100x8000000000000000352315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d217be2eae59032021-12-21 10:27:33.944root 11241100x8000000000000000352316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e15be4bfdc25f82021-12-21 10:27:33.944root 11241100x8000000000000000352317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b46ce0f341137f2021-12-21 10:27:33.944root 11241100x8000000000000000352318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f2540df9fd07762021-12-21 10:27:33.944root 11241100x8000000000000000352319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f0fd29c4a953bb2021-12-21 10:27:33.944root 11241100x8000000000000000352320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523205c5b0a53ee32021-12-21 10:27:33.944root 11241100x8000000000000000352321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf579a4c25e00192021-12-21 10:27:33.944root 11241100x8000000000000000352322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e264c701eedb332021-12-21 10:27:33.944root 11241100x8000000000000000352323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823763b9322c5ae52021-12-21 10:27:33.944root 11241100x8000000000000000352324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd8d2bef0eb6d0d2021-12-21 10:27:33.944root 11241100x8000000000000000352325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37778fe02ae144032021-12-21 10:27:33.944root 11241100x8000000000000000352326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf23013fd24b0332021-12-21 10:27:33.945root 11241100x8000000000000000352327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d15b4a5db421052021-12-21 10:27:33.945root 11241100x8000000000000000352328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df769e96cd07b492021-12-21 10:27:33.945root 11241100x8000000000000000352329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5690b802953ee63a2021-12-21 10:27:33.945root 11241100x8000000000000000352330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7f1a32a2683eaf2021-12-21 10:27:33.945root 354300x8000000000000000352331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.012{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47128-false10.0.1.12-8000- 11241100x8000000000000000352332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b48fcca0c558582021-12-21 10:27:34.443root 11241100x8000000000000000352333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ce3bbf7086bf8c2021-12-21 10:27:34.443root 11241100x8000000000000000352334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d2a1ff9c3b9ec12021-12-21 10:27:34.443root 11241100x8000000000000000352335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58e1e95c09af0322021-12-21 10:27:34.443root 11241100x8000000000000000352336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b2bdde46a330962021-12-21 10:27:34.443root 11241100x8000000000000000352337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1cf190c3cafaf652021-12-21 10:27:34.444root 11241100x8000000000000000352338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec3461eeb50746b2021-12-21 10:27:34.444root 11241100x8000000000000000352339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7317e7e80b930cb62021-12-21 10:27:34.444root 11241100x8000000000000000352340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f255a717bb73f64e2021-12-21 10:27:34.444root 11241100x8000000000000000352341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f8809a1e52f2922021-12-21 10:27:34.444root 11241100x8000000000000000352342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b1d84159336f35a2021-12-21 10:27:34.444root 11241100x8000000000000000352343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cbf025a0e35bb072021-12-21 10:27:34.444root 11241100x8000000000000000352344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1685d6225776ca632021-12-21 10:27:34.444root 11241100x8000000000000000352345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a3380bd21d553b2021-12-21 10:27:34.444root 11241100x8000000000000000352346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ad9b93c770fecf2021-12-21 10:27:34.444root 11241100x8000000000000000352347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d9363b58825cf12021-12-21 10:27:34.445root 11241100x8000000000000000352348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d323781fa46f112021-12-21 10:27:34.445root 11241100x8000000000000000352349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368e2f9ad80ba9ad2021-12-21 10:27:34.445root 11241100x8000000000000000352350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5ce50ac35072202021-12-21 10:27:34.445root 11241100x8000000000000000352351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2d0e83cf1748f22021-12-21 10:27:34.446root 11241100x8000000000000000352352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5585b66d32c41bfa2021-12-21 10:27:34.446root 11241100x8000000000000000352353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84bbfcaac374d7ed2021-12-21 10:27:34.446root 11241100x8000000000000000352354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f2396e1182b9b22021-12-21 10:27:34.446root 11241100x8000000000000000352355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e489c1f5041d08b2021-12-21 10:27:34.447root 11241100x8000000000000000352356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abba474234c7c862021-12-21 10:27:34.447root 11241100x8000000000000000352357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85fee9cd953ce90e2021-12-21 10:27:34.942root 11241100x8000000000000000352358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b33c17fadaa1172021-12-21 10:27:34.943root 11241100x8000000000000000352359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2fa1ef097c74c42021-12-21 10:27:34.943root 11241100x8000000000000000352360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e11895741f11182021-12-21 10:27:34.943root 11241100x8000000000000000352361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7436b74d838930a2021-12-21 10:27:34.944root 11241100x8000000000000000352362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f04bac820fa6152021-12-21 10:27:34.944root 11241100x8000000000000000352363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2d0dc1a72582be2021-12-21 10:27:34.944root 11241100x8000000000000000352364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989099cde59079262021-12-21 10:27:34.944root 11241100x8000000000000000352365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86bcdd3e4ccffae2021-12-21 10:27:34.944root 11241100x8000000000000000352366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b797e061f06ff32021-12-21 10:27:34.945root 11241100x8000000000000000352367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3393a555ddbac9b2021-12-21 10:27:34.945root 11241100x8000000000000000352368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48669448ff002082021-12-21 10:27:34.945root 11241100x8000000000000000352369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e2866d92ad02c42021-12-21 10:27:34.945root 11241100x8000000000000000352370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfdad6d54bd11fd2021-12-21 10:27:34.946root 11241100x8000000000000000352371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a1e8a64a29c2f42021-12-21 10:27:34.946root 11241100x8000000000000000352372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeb2d2b371e439c52021-12-21 10:27:34.946root 11241100x8000000000000000352373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53836c7b3036d822021-12-21 10:27:34.946root 11241100x8000000000000000352374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f64301c599042832021-12-21 10:27:34.946root 11241100x8000000000000000352375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f818ddf0cb3d2b8f2021-12-21 10:27:34.947root 11241100x8000000000000000352376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e27bb2b46e47d52021-12-21 10:27:34.947root 11241100x8000000000000000352377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1783ab344c23ab452021-12-21 10:27:34.947root 11241100x8000000000000000352378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565496b151276faa2021-12-21 10:27:34.947root 11241100x8000000000000000352379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8229383c4bf4736f2021-12-21 10:27:34.947root 11241100x8000000000000000352380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24dc8d713170c23b2021-12-21 10:27:34.947root 11241100x8000000000000000352381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa10c541bd4620a2021-12-21 10:27:34.948root 11241100x8000000000000000352382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9fb7ff0f03560bf2021-12-21 10:27:34.948root 11241100x8000000000000000352383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0907f95430530f3b2021-12-21 10:27:34.948root 11241100x8000000000000000352384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bdd84e758c657f2021-12-21 10:27:34.948root 11241100x8000000000000000352385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02962e55765062642021-12-21 10:27:34.948root 11241100x8000000000000000352386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be2a47651da68aa2021-12-21 10:27:34.948root 11241100x8000000000000000352387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a22f3376be209f72021-12-21 10:27:34.948root 11241100x8000000000000000352388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62d4284da06dc232021-12-21 10:27:35.443root 11241100x8000000000000000352389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6c081b5e6b24e12021-12-21 10:27:35.443root 11241100x8000000000000000352390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9cec4878399d4602021-12-21 10:27:35.443root 11241100x8000000000000000352391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331176f5163315d92021-12-21 10:27:35.443root 11241100x8000000000000000352392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ac191ae1c82e1c2021-12-21 10:27:35.444root 11241100x8000000000000000352393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fecbbd8397f4903e2021-12-21 10:27:35.444root 11241100x8000000000000000352394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb192827e5f698f2021-12-21 10:27:35.444root 11241100x8000000000000000352395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaecc2a15a039f152021-12-21 10:27:35.444root 11241100x8000000000000000352396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e54121873498322021-12-21 10:27:35.444root 11241100x8000000000000000352397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453e2dbfeab8fb052021-12-21 10:27:35.444root 11241100x8000000000000000352398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc29de40231faf392021-12-21 10:27:35.444root 11241100x8000000000000000352399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ece5ff67f5cba52021-12-21 10:27:35.444root 11241100x8000000000000000352400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35bb579b67cb47822021-12-21 10:27:35.444root 11241100x8000000000000000352401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287695639af6b0532021-12-21 10:27:35.444root 11241100x8000000000000000352402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efb06d84aa978c2e2021-12-21 10:27:35.445root 11241100x8000000000000000352403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9acc3a50f53054d22021-12-21 10:27:35.445root 11241100x8000000000000000352404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e49012afe4b6ca2021-12-21 10:27:35.445root 11241100x8000000000000000352405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c09c88285d92772021-12-21 10:27:35.445root 11241100x8000000000000000352406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2355b12715cb45262021-12-21 10:27:35.445root 11241100x8000000000000000352407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b02481ef6aa2d192021-12-21 10:27:35.445root 11241100x8000000000000000352408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f909d7a2c558c982021-12-21 10:27:35.445root 11241100x8000000000000000352409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f260fd89f68028f2021-12-21 10:27:35.445root 11241100x8000000000000000352410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a187b8750045f92021-12-21 10:27:35.446root 11241100x8000000000000000352411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155d98abe2d6b42f2021-12-21 10:27:35.446root 11241100x8000000000000000352412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32750c5237b17272021-12-21 10:27:35.943root 11241100x8000000000000000352413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85e977b9e9786572021-12-21 10:27:35.943root 11241100x8000000000000000352414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff50c70db22a11902021-12-21 10:27:35.943root 11241100x8000000000000000352415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff611b7d874f45a2021-12-21 10:27:35.943root 11241100x8000000000000000352416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9460578cb1b9b82021-12-21 10:27:35.944root 11241100x8000000000000000352417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.657c704bfa8e16dc2021-12-21 10:27:35.944root 11241100x8000000000000000352418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25edb87d3ac712a92021-12-21 10:27:35.944root 11241100x8000000000000000352419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21521a9716cf2d3e2021-12-21 10:27:35.944root 11241100x8000000000000000352420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28ecc1f870d71a6a2021-12-21 10:27:35.944root 11241100x8000000000000000352421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08917901a1b79d5d2021-12-21 10:27:35.944root 11241100x8000000000000000352422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.317bbc5be746d6c42021-12-21 10:27:35.944root 11241100x8000000000000000352423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44c465937d179e202021-12-21 10:27:35.944root 11241100x8000000000000000352424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5785cbba25631522021-12-21 10:27:35.944root 11241100x8000000000000000352425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a704f6e8a0fa3d2021-12-21 10:27:35.944root 11241100x8000000000000000352426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fa65e1cb21680f62021-12-21 10:27:35.944root 11241100x8000000000000000352427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03063effd011571b2021-12-21 10:27:35.944root 11241100x8000000000000000352428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c8812c802601442021-12-21 10:27:35.944root 11241100x8000000000000000352429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d6b848f089029572021-12-21 10:27:35.944root 11241100x8000000000000000352430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2cf9255ea5d0c12021-12-21 10:27:35.944root 11241100x8000000000000000352431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb26b1c776554a102021-12-21 10:27:35.944root 11241100x8000000000000000352432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdef108da31049952021-12-21 10:27:35.945root 11241100x8000000000000000352433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c21da4a3ba5e162021-12-21 10:27:35.945root 11241100x8000000000000000352434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18835f695a7a5df2021-12-21 10:27:35.945root 11241100x8000000000000000352435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:35.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4306531c3cee5bb32021-12-21 10:27:35.945root 11241100x8000000000000000352436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.348{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:27:36.348root 11241100x8000000000000000352437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ac26528370db182021-12-21 10:27:36.349root 11241100x8000000000000000352438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7453e92db8d2bea2021-12-21 10:27:36.350root 11241100x8000000000000000352439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf542a54af07a31f2021-12-21 10:27:36.350root 11241100x8000000000000000352440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3161f5fa0268b82021-12-21 10:27:36.351root 11241100x8000000000000000352441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de9a5ba65a9a88a72021-12-21 10:27:36.351root 11241100x8000000000000000352442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe3f8f7e8ff88e2b2021-12-21 10:27:36.352root 11241100x8000000000000000352443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7d42ce0b158afa2021-12-21 10:27:36.354root 11241100x8000000000000000352444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ad5c3d9ededb6f2021-12-21 10:27:36.355root 11241100x8000000000000000352445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac7aceb9c7938bf2021-12-21 10:27:36.355root 11241100x8000000000000000352446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9e60b1b61faab22021-12-21 10:27:36.355root 11241100x8000000000000000352447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923a839feb8821672021-12-21 10:27:36.355root 11241100x8000000000000000352448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8669282a0bc87dca2021-12-21 10:27:36.355root 11241100x8000000000000000352449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a13f4a2b7c238462021-12-21 10:27:36.355root 11241100x8000000000000000352450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7beef4aecad1272021-12-21 10:27:36.355root 11241100x8000000000000000352451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b59c8f64108f2792021-12-21 10:27:36.355root 11241100x8000000000000000352452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.146ab6f5cfb09d452021-12-21 10:27:36.355root 11241100x8000000000000000352453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e90b25b295588ffa2021-12-21 10:27:36.355root 11241100x8000000000000000352454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196c96b6b94982842021-12-21 10:27:36.355root 11241100x8000000000000000352455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203dfefd585388232021-12-21 10:27:36.355root 11241100x8000000000000000352456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de65ec4a942451ef2021-12-21 10:27:36.355root 11241100x8000000000000000352457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7e8848b8549f9c2021-12-21 10:27:36.356root 11241100x8000000000000000352458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ad9aeb9471fdde2021-12-21 10:27:36.356root 11241100x8000000000000000352459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbbcbe87d0d86d32021-12-21 10:27:36.356root 11241100x8000000000000000352460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5da4e16a398d992021-12-21 10:27:36.356root 11241100x8000000000000000352461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91955921d72a9a42021-12-21 10:27:36.356root 11241100x8000000000000000352462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a9e176834bdd5b2021-12-21 10:27:36.356root 11241100x8000000000000000352463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f904716b7974735c2021-12-21 10:27:36.356root 11241100x8000000000000000352464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57584be126ec05762021-12-21 10:27:36.356root 11241100x8000000000000000352465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77106304cf8221e2021-12-21 10:27:36.356root 11241100x8000000000000000352466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081b61afb6d7688c2021-12-21 10:27:36.356root 11241100x8000000000000000352467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296877a7e10d39662021-12-21 10:27:36.356root 11241100x8000000000000000352468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ade94779a2c0412021-12-21 10:27:36.693root 11241100x8000000000000000352469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a575d5546039cfe82021-12-21 10:27:36.693root 11241100x8000000000000000352470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f86910c754c86ba2021-12-21 10:27:36.693root 11241100x8000000000000000352471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bedbfc65d9bf3e12021-12-21 10:27:36.694root 11241100x8000000000000000352472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f87ceebd206f28e2021-12-21 10:27:36.694root 11241100x8000000000000000352473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85152c3795f4f5152021-12-21 10:27:36.694root 11241100x8000000000000000352474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7538745cc53b33372021-12-21 10:27:36.695root 11241100x8000000000000000352475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24c55d1f65ad51b2021-12-21 10:27:36.695root 11241100x8000000000000000352476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07aa8b3f83f895122021-12-21 10:27:36.695root 11241100x8000000000000000352477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ea5e4bf1e4b7f12021-12-21 10:27:36.696root 11241100x8000000000000000352478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb18b4bd92ded4a2021-12-21 10:27:36.696root 11241100x8000000000000000352479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8e0bb6153918c12021-12-21 10:27:36.698root 11241100x8000000000000000352480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e40142a1f5ea4c2021-12-21 10:27:36.698root 11241100x8000000000000000352481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3fc1b0376061ad32021-12-21 10:27:36.698root 11241100x8000000000000000352482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4861375b81749c5e2021-12-21 10:27:36.699root 11241100x8000000000000000352483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e9e2458d6b99c7e2021-12-21 10:27:36.699root 11241100x8000000000000000352484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f0c434971de6be22021-12-21 10:27:36.699root 11241100x8000000000000000352485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0169e410fa1ca9c2021-12-21 10:27:36.701root 11241100x8000000000000000352486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cba0a92eab75392021-12-21 10:27:36.701root 11241100x8000000000000000352487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7caa85fbe93c2132021-12-21 10:27:36.701root 11241100x8000000000000000352488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.828ec775d55cafd22021-12-21 10:27:36.702root 11241100x8000000000000000352489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b1cccc555ba7c12021-12-21 10:27:36.702root 11241100x8000000000000000352490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0160da211ab0eee52021-12-21 10:27:36.703root 11241100x8000000000000000352491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b65cc834eff654092021-12-21 10:27:36.703root 11241100x8000000000000000352492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c03e3469291ca1f2021-12-21 10:27:36.703root 11241100x8000000000000000352493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040ad017750d1cae2021-12-21 10:27:36.704root 11241100x8000000000000000352494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:36.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5335666f7a81712021-12-21 10:27:36.705root 11241100x8000000000000000352495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f4062de6aeb9782021-12-21 10:27:37.193root 11241100x8000000000000000352496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfbee9fd9c6d3a192021-12-21 10:27:37.193root 11241100x8000000000000000352497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1e72e72f2ab2cb2021-12-21 10:27:37.193root 11241100x8000000000000000352498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8304142d526bbf602021-12-21 10:27:37.194root 11241100x8000000000000000352499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48d1c1938e2b91c2021-12-21 10:27:37.194root 11241100x8000000000000000352500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96513b81259da48c2021-12-21 10:27:37.194root 11241100x8000000000000000352501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85e885f7bb2ff662021-12-21 10:27:37.194root 11241100x8000000000000000352502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0894dfdfaa3a26532021-12-21 10:27:37.195root 11241100x8000000000000000352503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18bad7c973f56cbe2021-12-21 10:27:37.195root 11241100x8000000000000000352504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5e6acd93ba39022021-12-21 10:27:37.195root 11241100x8000000000000000352505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8a5649b9bc8c342021-12-21 10:27:37.195root 11241100x8000000000000000352506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc62358bd908f862021-12-21 10:27:37.196root 11241100x8000000000000000352507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b7617216d314cb2021-12-21 10:27:37.196root 11241100x8000000000000000352508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7b6b7a0a3939d62021-12-21 10:27:37.196root 11241100x8000000000000000352509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40054e121190d65e2021-12-21 10:27:37.197root 11241100x8000000000000000352510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991eb06bf794ffc12021-12-21 10:27:37.197root 11241100x8000000000000000352511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e967cf1b82faffa32021-12-21 10:27:37.197root 11241100x8000000000000000352512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711eb8c186186fdd2021-12-21 10:27:37.197root 11241100x8000000000000000352513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bee48398fe3babf2021-12-21 10:27:37.198root 11241100x8000000000000000352514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4951a2d695adbcf92021-12-21 10:27:37.198root 11241100x8000000000000000352515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd717f9a61d9d13f2021-12-21 10:27:37.198root 11241100x8000000000000000352516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a509c5076d6c90e2021-12-21 10:27:37.198root 11241100x8000000000000000352517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f6e864e2bad9812021-12-21 10:27:37.199root 11241100x8000000000000000352518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c36b11f6a4acc92021-12-21 10:27:37.199root 11241100x8000000000000000352519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3cb78bab94a9a32021-12-21 10:27:37.199root 11241100x8000000000000000352520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438234e428a4210d2021-12-21 10:27:37.199root 11241100x8000000000000000352521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3f1eb38602a7a92021-12-21 10:27:37.199root 11241100x8000000000000000352522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3c11a5d83153792021-12-21 10:27:37.694root 11241100x8000000000000000352523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acff9184c2dc4c0d2021-12-21 10:27:37.694root 11241100x8000000000000000352524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca81bc2061c8cd3f2021-12-21 10:27:37.694root 11241100x8000000000000000352525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9feb1fcbc63767572021-12-21 10:27:37.695root 11241100x8000000000000000352526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.876a6da6ab7674922021-12-21 10:27:37.695root 11241100x8000000000000000352527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23858838b0f4c692021-12-21 10:27:37.695root 11241100x8000000000000000352528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793bc693f9a3e4d82021-12-21 10:27:37.695root 11241100x8000000000000000352529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e2cd22aadeefd42021-12-21 10:27:37.696root 11241100x8000000000000000352530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aee5d9bb947d5822021-12-21 10:27:37.696root 11241100x8000000000000000352531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3e11cc2d1fd2542021-12-21 10:27:37.696root 11241100x8000000000000000352532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d0fe4aee6ff92c12021-12-21 10:27:37.697root 11241100x8000000000000000352533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81088669c6dcea8f2021-12-21 10:27:37.697root 11241100x8000000000000000352534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e465557a676235e2021-12-21 10:27:37.697root 11241100x8000000000000000352535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3169333ed2748e882021-12-21 10:27:37.698root 11241100x8000000000000000352536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3af93aaacccb162021-12-21 10:27:37.698root 11241100x8000000000000000352537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16ea745867f2d872021-12-21 10:27:37.698root 11241100x8000000000000000352538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.242534236beaf7242021-12-21 10:27:37.698root 11241100x8000000000000000352539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39e5e4549ec27482021-12-21 10:27:37.698root 11241100x8000000000000000352540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa34e7c57bac502d2021-12-21 10:27:37.698root 11241100x8000000000000000352541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9462933ae703058b2021-12-21 10:27:37.698root 11241100x8000000000000000352542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe90d497d8d17842021-12-21 10:27:37.698root 11241100x8000000000000000352543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9265c4ce81634b2021-12-21 10:27:37.698root 11241100x8000000000000000352544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e470131991970de52021-12-21 10:27:37.699root 11241100x8000000000000000352545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac79e084fd9921b2021-12-21 10:27:37.699root 11241100x8000000000000000352546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc21db25b34a1752021-12-21 10:27:37.699root 11241100x8000000000000000352547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf2ee43e788e4f52021-12-21 10:27:38.193root 11241100x8000000000000000352548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a181831399ba31912021-12-21 10:27:38.193root 11241100x8000000000000000352549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e906e021e6cd99b32021-12-21 10:27:38.193root 11241100x8000000000000000352550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4641371bbe6b06972021-12-21 10:27:38.193root 11241100x8000000000000000352551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e27a2382231212c82021-12-21 10:27:38.193root 11241100x8000000000000000352552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed58164dbb1174c2021-12-21 10:27:38.193root 11241100x8000000000000000352553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8832337235a60f792021-12-21 10:27:38.193root 11241100x8000000000000000352554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3255ba99db3f4ad82021-12-21 10:27:38.193root 11241100x8000000000000000352555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf8a2ad2f1a64e162021-12-21 10:27:38.193root 11241100x8000000000000000352556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffdd304fa510ac82021-12-21 10:27:38.194root 11241100x8000000000000000352557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee7195c901dcd7e2021-12-21 10:27:38.194root 11241100x8000000000000000352558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d5c0236fec2cad2021-12-21 10:27:38.194root 11241100x8000000000000000352559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dccd1db18e7e57e22021-12-21 10:27:38.194root 11241100x8000000000000000352560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12fb089434fef9df2021-12-21 10:27:38.194root 11241100x8000000000000000352561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d8dfe05de1c8602021-12-21 10:27:38.194root 11241100x8000000000000000352562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cb3e70826de9ae92021-12-21 10:27:38.195root 11241100x8000000000000000352563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27a7fd0d00b1b262021-12-21 10:27:38.195root 11241100x8000000000000000352564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f839e85d2f5547c2021-12-21 10:27:38.195root 11241100x8000000000000000352565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b615b4737d91af2021-12-21 10:27:38.196root 11241100x8000000000000000352566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1578a50e947e05ab2021-12-21 10:27:38.196root 11241100x8000000000000000352567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400f564ce09e24462021-12-21 10:27:38.196root 11241100x8000000000000000352568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20f95d72a8839c22021-12-21 10:27:38.196root 11241100x8000000000000000352569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bcec6750d21d77d2021-12-21 10:27:38.196root 11241100x8000000000000000352570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45a2057756e86e72021-12-21 10:27:38.197root 11241100x8000000000000000352571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26b1414a63651282021-12-21 10:27:38.197root 11241100x8000000000000000352572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e170cb100ba7357c2021-12-21 10:27:38.197root 11241100x8000000000000000352573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034399327c91b6042021-12-21 10:27:38.197root 11241100x8000000000000000352574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9afb5c3c4f5c8f2021-12-21 10:27:38.197root 11241100x8000000000000000352575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72de2f760b9a56b2021-12-21 10:27:38.197root 11241100x8000000000000000352576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d38f63c1f7568b52021-12-21 10:27:38.197root 11241100x8000000000000000352577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd5443472a9ae562021-12-21 10:27:38.198root 11241100x8000000000000000352578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23c8a02e45cc15cd2021-12-21 10:27:38.198root 11241100x8000000000000000352579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbb784df2d2afc72021-12-21 10:27:38.198root 11241100x8000000000000000352580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2ed5a63b36e6e42021-12-21 10:27:38.198root 11241100x8000000000000000352581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2747a841f1ecfbe92021-12-21 10:27:38.198root 11241100x8000000000000000352582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3149188e93b94fda2021-12-21 10:27:38.198root 11241100x8000000000000000352583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f895d1f39755fe22021-12-21 10:27:38.198root 11241100x8000000000000000352584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36cd299aeefc421b2021-12-21 10:27:38.198root 11241100x8000000000000000352585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ffcdbcdce1f7db2021-12-21 10:27:38.198root 11241100x8000000000000000352586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e78be973e19a212021-12-21 10:27:38.199root 11241100x8000000000000000352587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bde125e7ebad402021-12-21 10:27:38.692root 11241100x8000000000000000352588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266122cd83800a452021-12-21 10:27:38.693root 11241100x8000000000000000352589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62387affb68d97f32021-12-21 10:27:38.693root 11241100x8000000000000000352590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa805e7965b12c22021-12-21 10:27:38.693root 11241100x8000000000000000352591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cdde1c2643244022021-12-21 10:27:38.694root 11241100x8000000000000000352592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80674ff6394c76222021-12-21 10:27:38.694root 11241100x8000000000000000352593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6223f3d623f2a0d42021-12-21 10:27:38.694root 11241100x8000000000000000352594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eea46311b7eaba42021-12-21 10:27:38.694root 11241100x8000000000000000352595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b457765a25ed0b72021-12-21 10:27:38.694root 11241100x8000000000000000352596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd72618ea5721982021-12-21 10:27:38.695root 11241100x8000000000000000352597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8422db2c1f3a8ed2021-12-21 10:27:38.695root 11241100x8000000000000000352598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6426f5115cc2fb332021-12-21 10:27:38.695root 11241100x8000000000000000352599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e12593e12ef52c2021-12-21 10:27:38.695root 11241100x8000000000000000352600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995705c78cad2fdf2021-12-21 10:27:38.695root 11241100x8000000000000000352601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47739817fd59e94e2021-12-21 10:27:38.695root 11241100x8000000000000000352602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016a57bca88b12b72021-12-21 10:27:38.696root 11241100x8000000000000000352603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f93babe30188a592021-12-21 10:27:38.696root 11241100x8000000000000000352604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc29f60acabf2d42021-12-21 10:27:38.696root 11241100x8000000000000000352605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d96f9fa51c98262021-12-21 10:27:38.696root 11241100x8000000000000000352606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94172a84e6c90182021-12-21 10:27:38.696root 11241100x8000000000000000352607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c01184b8781aed2021-12-21 10:27:38.696root 11241100x8000000000000000352608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f93e5725c54da82021-12-21 10:27:38.697root 11241100x8000000000000000352609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9aad7a26cbaa4c42021-12-21 10:27:38.697root 11241100x8000000000000000352610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37f9a47961394a902021-12-21 10:27:38.697root 11241100x8000000000000000352611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c91417548e55aa72021-12-21 10:27:38.697root 11241100x8000000000000000352612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1cc0af33ba8c582021-12-21 10:27:38.697root 11241100x8000000000000000352613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be42e9c8832e1d392021-12-21 10:27:38.697root 11241100x8000000000000000352614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71a0c6310f73e5f2021-12-21 10:27:38.697root 11241100x8000000000000000352615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2f4ca119dd879e62021-12-21 10:27:38.697root 11241100x8000000000000000352616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea806cde40e65b82021-12-21 10:27:38.697root 11241100x8000000000000000352617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:38.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646eef5b861528e12021-12-21 10:27:38.697root 354300x8000000000000000352618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.091{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47130-false10.0.1.12-8000- 11241100x8000000000000000352619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.092{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d6d4083c6c701e2021-12-21 10:27:39.092root 11241100x8000000000000000352620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee41172a1e0c794d2021-12-21 10:27:39.093root 11241100x8000000000000000352621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc17e83cd37e0aca2021-12-21 10:27:39.093root 11241100x8000000000000000352622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f32abf65d9613d92021-12-21 10:27:39.093root 11241100x8000000000000000352623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46778e96448625422021-12-21 10:27:39.093root 11241100x8000000000000000352624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c93ece0891b4502021-12-21 10:27:39.093root 11241100x8000000000000000352625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35097b0ab162baf2021-12-21 10:27:39.093root 11241100x8000000000000000352626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ed637dc3c0b3022021-12-21 10:27:39.093root 11241100x8000000000000000352627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c57282fc9a157b2021-12-21 10:27:39.093root 11241100x8000000000000000352628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.093{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d008e7287a8f56952021-12-21 10:27:39.093root 11241100x8000000000000000352629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4801d43c2c92f72021-12-21 10:27:39.094root 11241100x8000000000000000352630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6120cb8170740ae2021-12-21 10:27:39.094root 11241100x8000000000000000352631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f62db3e41232bbd62021-12-21 10:27:39.094root 11241100x8000000000000000352632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f60c6b47f8e9a0b2021-12-21 10:27:39.094root 11241100x8000000000000000352633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46576824fd576662021-12-21 10:27:39.094root 11241100x8000000000000000352634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3881f0951acd112021-12-21 10:27:39.094root 11241100x8000000000000000352635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbdef9f00bc20ed62021-12-21 10:27:39.094root 11241100x8000000000000000352636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7a48367ea644af2021-12-21 10:27:39.094root 11241100x8000000000000000352637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.730bcfdb879b19ed2021-12-21 10:27:39.094root 11241100x8000000000000000352638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.094{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec9efe9a9beed2f2021-12-21 10:27:39.094root 11241100x8000000000000000352639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117687af8e33a0742021-12-21 10:27:39.095root 11241100x8000000000000000352640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab112f4b72fae162021-12-21 10:27:39.095root 11241100x8000000000000000352641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c77c30ac824267f2021-12-21 10:27:39.095root 11241100x8000000000000000352642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c735409f61e2da2021-12-21 10:27:39.095root 11241100x8000000000000000352643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c4bcae556b238b2021-12-21 10:27:39.095root 11241100x8000000000000000352644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b15da94b4d55acb92021-12-21 10:27:39.095root 11241100x8000000000000000352645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c8033b326af2ce2021-12-21 10:27:39.095root 11241100x8000000000000000352646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.095{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35490601ad87b4202021-12-21 10:27:39.095root 11241100x8000000000000000352647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db464757df269c92021-12-21 10:27:39.096root 11241100x8000000000000000352648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a14edc84867bb72021-12-21 10:27:39.096root 11241100x8000000000000000352649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313f44e4a8245b0f2021-12-21 10:27:39.096root 11241100x8000000000000000352650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecdd19bed37b2a452021-12-21 10:27:39.096root 11241100x8000000000000000352651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b9e7ebb1a048872021-12-21 10:27:39.096root 11241100x8000000000000000352652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a92c8b6beced1272021-12-21 10:27:39.096root 11241100x8000000000000000352653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd2ecbf24f55cfc2021-12-21 10:27:39.096root 11241100x8000000000000000352654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d77281c38f53f502021-12-21 10:27:39.096root 11241100x8000000000000000352655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b316db81970969b12021-12-21 10:27:39.096root 11241100x8000000000000000352656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683c9341260049ca2021-12-21 10:27:39.096root 11241100x8000000000000000352657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.096{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411338b00297fadf2021-12-21 10:27:39.096root 11241100x8000000000000000352658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0b839a50629f3b92021-12-21 10:27:39.097root 11241100x8000000000000000352659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e23bd275fb55ad2021-12-21 10:27:39.097root 11241100x8000000000000000352660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d330595bb3383f2021-12-21 10:27:39.097root 11241100x8000000000000000352661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07eb49c1f220454e2021-12-21 10:27:39.097root 11241100x8000000000000000352662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1203494927149ab32021-12-21 10:27:39.097root 11241100x8000000000000000352663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.097{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e004a979fafdf4372021-12-21 10:27:39.097root 23542300x8000000000000000352664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.350{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000352665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2efae7fb301c2c1f2021-12-21 10:27:39.350root 11241100x8000000000000000352666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dcf94286e60117a2021-12-21 10:27:39.350root 11241100x8000000000000000352667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393254036dcc98642021-12-21 10:27:39.351root 11241100x8000000000000000352668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6e3bce357f7fd92021-12-21 10:27:39.351root 11241100x8000000000000000352669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e254d53f994d42c2021-12-21 10:27:39.351root 11241100x8000000000000000352670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f53c9af4b597daa2021-12-21 10:27:39.351root 11241100x8000000000000000352671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a689d090becd5c0c2021-12-21 10:27:39.351root 11241100x8000000000000000352672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b11335fce6e5e82021-12-21 10:27:39.351root 11241100x8000000000000000352673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c5e25ce965fd5b2021-12-21 10:27:39.351root 11241100x8000000000000000352674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a442240ecc89c7e2021-12-21 10:27:39.351root 11241100x8000000000000000352675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d22c701dc1fef52021-12-21 10:27:39.351root 11241100x8000000000000000352676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.480fb1edba48759d2021-12-21 10:27:39.351root 11241100x8000000000000000352677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4db3ae9fd7ec354c2021-12-21 10:27:39.351root 11241100x8000000000000000352678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8720240ae18c74642021-12-21 10:27:39.351root 11241100x8000000000000000352679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8160f56eb3fe542021-12-21 10:27:39.351root 11241100x8000000000000000352680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac643763110a5172021-12-21 10:27:39.351root 11241100x8000000000000000352681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7185bde7d0717ab2021-12-21 10:27:39.351root 11241100x8000000000000000352682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59e56e00c6c86ee52021-12-21 10:27:39.351root 11241100x8000000000000000352683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45fc2985bde1f35d2021-12-21 10:27:39.352root 11241100x8000000000000000352684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd73a5c578c0dd672021-12-21 10:27:39.352root 11241100x8000000000000000352685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda07dc35bb9cd4f2021-12-21 10:27:39.352root 11241100x8000000000000000352686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40f1098329f35ffe2021-12-21 10:27:39.352root 11241100x8000000000000000352687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.254603a2442aa20b2021-12-21 10:27:39.352root 11241100x8000000000000000352688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7185f7336831126d2021-12-21 10:27:39.352root 11241100x8000000000000000352689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2be7d6a3bed00ce2021-12-21 10:27:39.352root 11241100x8000000000000000352690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716ef0b1f4b9a0ce2021-12-21 10:27:39.352root 11241100x8000000000000000352691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c248ac3e85de7d7a2021-12-21 10:27:39.352root 11241100x8000000000000000352692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498f33d7df47a0122021-12-21 10:27:39.693root 11241100x8000000000000000352693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a27c82cec9ebd592021-12-21 10:27:39.695root 11241100x8000000000000000352694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9906d5009583302021-12-21 10:27:39.695root 11241100x8000000000000000352695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20f78d3b820d0b612021-12-21 10:27:39.695root 11241100x8000000000000000352696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8565a3c9fafb902021-12-21 10:27:39.695root 11241100x8000000000000000352697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9606709c1b01f332021-12-21 10:27:39.695root 11241100x8000000000000000352698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446bd8ac885d016f2021-12-21 10:27:39.695root 11241100x8000000000000000352699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05c84624d1664ad42021-12-21 10:27:39.695root 11241100x8000000000000000352700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3149daa033f836a2021-12-21 10:27:39.695root 11241100x8000000000000000352701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1e6a8631f3228e2021-12-21 10:27:39.695root 11241100x8000000000000000352702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.759f569c5d812caa2021-12-21 10:27:39.696root 11241100x8000000000000000352703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af6297e5ebe81132021-12-21 10:27:39.696root 11241100x8000000000000000352704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd996c50c619ef32021-12-21 10:27:39.696root 11241100x8000000000000000352705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7b5a174e74c5fb2021-12-21 10:27:39.696root 11241100x8000000000000000352706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87c153b48c43a5262021-12-21 10:27:39.696root 11241100x8000000000000000352707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160ae71be968903d2021-12-21 10:27:39.696root 11241100x8000000000000000352708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e55698c63cf9af2021-12-21 10:27:39.697root 11241100x8000000000000000352709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7d53e277fcc9592021-12-21 10:27:39.697root 11241100x8000000000000000352710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a1317bff33064d2021-12-21 10:27:39.697root 11241100x8000000000000000352711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27898635891660e42021-12-21 10:27:39.697root 11241100x8000000000000000352712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e300eb03ab234ad2021-12-21 10:27:39.697root 11241100x8000000000000000352713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437bc6251c9483f92021-12-21 10:27:39.697root 11241100x8000000000000000352714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cddc9a1a8c3ccde2021-12-21 10:27:39.697root 11241100x8000000000000000352715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99849b12d31c24bd2021-12-21 10:27:39.697root 11241100x8000000000000000352716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da64e130054cefd42021-12-21 10:27:39.698root 11241100x8000000000000000352717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1b51a95685e3db2021-12-21 10:27:39.698root 11241100x8000000000000000352718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019b8094193e1f5d2021-12-21 10:27:39.698root 11241100x8000000000000000352719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:39.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae52b45320887e32021-12-21 10:27:39.698root 11241100x8000000000000000352720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fe31e32e459e6d02021-12-21 10:27:40.193root 11241100x8000000000000000352721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1425d43052cee3dc2021-12-21 10:27:40.194root 11241100x8000000000000000352722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79d456a7dc616112021-12-21 10:27:40.194root 11241100x8000000000000000352723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393989da9ceead952021-12-21 10:27:40.194root 11241100x8000000000000000352724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c566b827f9517c32021-12-21 10:27:40.194root 11241100x8000000000000000352725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a891b6bdd7a5ed162021-12-21 10:27:40.194root 11241100x8000000000000000352726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89974f735dc68bdc2021-12-21 10:27:40.194root 11241100x8000000000000000352727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4308b6c30238b82021-12-21 10:27:40.194root 11241100x8000000000000000352728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbcf521a0bcc61ec2021-12-21 10:27:40.194root 11241100x8000000000000000352729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c189983c97123a092021-12-21 10:27:40.194root 11241100x8000000000000000352730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed18017932b9cedb2021-12-21 10:27:40.195root 11241100x8000000000000000352731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291330f7e885df112021-12-21 10:27:40.195root 11241100x8000000000000000352732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daff53ecee1ed53e2021-12-21 10:27:40.195root 11241100x8000000000000000352733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a676e2e004fbc6242021-12-21 10:27:40.195root 11241100x8000000000000000352734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2bfd50c99cb8c22021-12-21 10:27:40.195root 11241100x8000000000000000352735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c223e8563226bc2021-12-21 10:27:40.195root 11241100x8000000000000000352736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c00b67e2e801f12021-12-21 10:27:40.195root 11241100x8000000000000000352737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a150c8904ef255002021-12-21 10:27:40.195root 11241100x8000000000000000352738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c46a7d661a8534012021-12-21 10:27:40.195root 11241100x8000000000000000352739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ca62a143ffa80f2021-12-21 10:27:40.195root 11241100x8000000000000000352740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6048f354d409ad0b2021-12-21 10:27:40.196root 11241100x8000000000000000352741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dccd590b6d063972021-12-21 10:27:40.196root 11241100x8000000000000000352742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c350ff74ae9435b22021-12-21 10:27:40.196root 11241100x8000000000000000352743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f83513565dabe402021-12-21 10:27:40.196root 11241100x8000000000000000352744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89b811daaf29a652021-12-21 10:27:40.196root 11241100x8000000000000000352745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675aab71b8546d542021-12-21 10:27:40.196root 11241100x8000000000000000352746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8128249c8275362021-12-21 10:27:40.197root 11241100x8000000000000000352747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.291d07f4daec7b5b2021-12-21 10:27:40.693root 11241100x8000000000000000352748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4437fa61def10a0c2021-12-21 10:27:40.693root 11241100x8000000000000000352749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f965b10b3c279362021-12-21 10:27:40.693root 11241100x8000000000000000352750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86bd014156959712021-12-21 10:27:40.693root 11241100x8000000000000000352751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3b226224a441392021-12-21 10:27:40.693root 11241100x8000000000000000352752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dbff834dbfaa8392021-12-21 10:27:40.693root 11241100x8000000000000000352753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ad00dc4701ca92b2021-12-21 10:27:40.694root 11241100x8000000000000000352754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2be362fc535120d2021-12-21 10:27:40.694root 11241100x8000000000000000352755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c544a700b0a0da642021-12-21 10:27:40.694root 11241100x8000000000000000352756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a53c1489949a5f2021-12-21 10:27:40.694root 11241100x8000000000000000352757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6957f48d1fe947042021-12-21 10:27:40.694root 11241100x8000000000000000352758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121630a7ef97a8012021-12-21 10:27:40.694root 11241100x8000000000000000352759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a217d7adbbeb32932021-12-21 10:27:40.694root 11241100x8000000000000000352760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7c4176f45b61952021-12-21 10:27:40.694root 11241100x8000000000000000352761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190cc0a7344b55892021-12-21 10:27:40.694root 11241100x8000000000000000352762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0947589aa6b824182021-12-21 10:27:40.694root 11241100x8000000000000000352763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c8d704bbae20b92021-12-21 10:27:40.694root 11241100x8000000000000000352764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6f9e58cc49b71e2021-12-21 10:27:40.694root 11241100x8000000000000000352765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f76a4d77e6f16622021-12-21 10:27:40.694root 11241100x8000000000000000352766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94cd141f122ab9e72021-12-21 10:27:40.695root 11241100x8000000000000000352767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5f43ed3c6e15bd2021-12-21 10:27:40.695root 11241100x8000000000000000352768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad43549c75407b42021-12-21 10:27:40.695root 11241100x8000000000000000352769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3bdfc19b84c7172021-12-21 10:27:40.695root 11241100x8000000000000000352770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6080bd56cad8f792021-12-21 10:27:40.695root 11241100x8000000000000000352771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a93bf68053ecb12021-12-21 10:27:40.695root 11241100x8000000000000000352772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f53ba0f387ab792b2021-12-21 10:27:40.695root 11241100x8000000000000000352773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d329952e5cf8c86a2021-12-21 10:27:40.695root 11241100x8000000000000000352774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efdc5e0e54479202021-12-21 10:27:40.695root 11241100x8000000000000000352775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8767f1562391f82021-12-21 10:27:41.193root 11241100x8000000000000000352776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f846362ba34076d02021-12-21 10:27:41.193root 11241100x8000000000000000352777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6ffd010d7cbeb12021-12-21 10:27:41.193root 11241100x8000000000000000352778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c89a97a39691082021-12-21 10:27:41.193root 11241100x8000000000000000352779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace6d6c8ee1f40582021-12-21 10:27:41.194root 11241100x8000000000000000352780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7574e411dbdb900f2021-12-21 10:27:41.194root 11241100x8000000000000000352781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b03c57c7e3419a32021-12-21 10:27:41.194root 11241100x8000000000000000352782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a389381c86f0e89b2021-12-21 10:27:41.194root 11241100x8000000000000000352783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6b4405b064df2ff2021-12-21 10:27:41.194root 11241100x8000000000000000352784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6886c9f777e2b07a2021-12-21 10:27:41.194root 11241100x8000000000000000352785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665237e092098d5e2021-12-21 10:27:41.194root 11241100x8000000000000000352786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620788d90d279b3b2021-12-21 10:27:41.194root 11241100x8000000000000000352787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32fbe9b5d5ab6222021-12-21 10:27:41.194root 11241100x8000000000000000352788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90cbfbd668ac122d2021-12-21 10:27:41.194root 11241100x8000000000000000352789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60dda503922846f2021-12-21 10:27:41.194root 11241100x8000000000000000352790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6eb3d48b9494f9a2021-12-21 10:27:41.195root 11241100x8000000000000000352791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db67ed960439441d2021-12-21 10:27:41.195root 11241100x8000000000000000352792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b9177307382d922021-12-21 10:27:41.195root 11241100x8000000000000000352793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ae106fd28a8a952021-12-21 10:27:41.195root 11241100x8000000000000000352794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d5aead1d5ea3812021-12-21 10:27:41.195root 11241100x8000000000000000352795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29513c908cdfdef2021-12-21 10:27:41.195root 11241100x8000000000000000352796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0361025cdcefe892021-12-21 10:27:41.195root 11241100x8000000000000000352797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b170176129fe9db2021-12-21 10:27:41.196root 11241100x8000000000000000352798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa6df1be7dcdf052021-12-21 10:27:41.196root 11241100x8000000000000000352799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8557f39e5ffb80e62021-12-21 10:27:41.196root 11241100x8000000000000000352800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b9bdc2c60a60202021-12-21 10:27:41.196root 11241100x8000000000000000352801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18a92b5e6839dc12021-12-21 10:27:41.196root 11241100x8000000000000000352802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec43ef147c4ccdf52021-12-21 10:27:41.196root 11241100x8000000000000000352803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0657c7f7aefb0c2021-12-21 10:27:41.196root 11241100x8000000000000000352804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d27102335cd4072021-12-21 10:27:41.693root 11241100x8000000000000000352805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d2e4142dd1a55c2021-12-21 10:27:41.693root 11241100x8000000000000000352806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b56ceaf7562e194f2021-12-21 10:27:41.693root 11241100x8000000000000000352807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4fd764ce30a8c52021-12-21 10:27:41.693root 11241100x8000000000000000352808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faef40f38e2a0fd62021-12-21 10:27:41.693root 11241100x8000000000000000352809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f95073ca4240302021-12-21 10:27:41.693root 11241100x8000000000000000352810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65efd95506d3849a2021-12-21 10:27:41.694root 11241100x8000000000000000352811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059fb5e6a73c11112021-12-21 10:27:41.694root 11241100x8000000000000000352812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed18e2e4dc08fa92021-12-21 10:27:41.694root 11241100x8000000000000000352813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38670c151ae9b3ee2021-12-21 10:27:41.694root 11241100x8000000000000000352814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b43c49e2df3483b72021-12-21 10:27:41.694root 11241100x8000000000000000352815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14bf8aeec1352b4c2021-12-21 10:27:41.694root 11241100x8000000000000000352816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d2e66b1d567a2ca2021-12-21 10:27:41.694root 11241100x8000000000000000352817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391052fbd386a3822021-12-21 10:27:41.694root 11241100x8000000000000000352818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b50dd7cbc86cd92021-12-21 10:27:41.694root 11241100x8000000000000000352819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303928e4363165c22021-12-21 10:27:41.694root 11241100x8000000000000000352820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb2d1df1d1deedd2021-12-21 10:27:41.695root 11241100x8000000000000000352821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e44e1e0c15d328d2021-12-21 10:27:41.695root 11241100x8000000000000000352822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3df5fa5f5f704f2021-12-21 10:27:41.695root 11241100x8000000000000000352823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175f526993b068652021-12-21 10:27:41.695root 11241100x8000000000000000352824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e01b53c6db80102021-12-21 10:27:41.695root 11241100x8000000000000000352825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75e636be1485f3a2021-12-21 10:27:41.695root 11241100x8000000000000000352826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af13dbc88e00be392021-12-21 10:27:41.695root 11241100x8000000000000000352827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a68675a2f2a2790c2021-12-21 10:27:41.695root 11241100x8000000000000000352828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474995fc1a94cb462021-12-21 10:27:41.695root 11241100x8000000000000000352829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd3c5288287a6072021-12-21 10:27:41.695root 11241100x8000000000000000352830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34db9e1341bbee02021-12-21 10:27:41.696root 11241100x8000000000000000352831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08cf449e7a0ecfb2021-12-21 10:27:42.193root 11241100x8000000000000000352832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e471277817bbea22021-12-21 10:27:42.193root 11241100x8000000000000000352833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a20708f0c64c6c2021-12-21 10:27:42.193root 11241100x8000000000000000352834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56792fbe212a77f52021-12-21 10:27:42.193root 11241100x8000000000000000352835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9210b57a2a4972bb2021-12-21 10:27:42.193root 11241100x8000000000000000352836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a5830fa078daca72021-12-21 10:27:42.194root 11241100x8000000000000000352837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427500d62c88180a2021-12-21 10:27:42.194root 11241100x8000000000000000352838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55d64d42041760fa2021-12-21 10:27:42.194root 11241100x8000000000000000352839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46fcf94c67b674602021-12-21 10:27:42.194root 11241100x8000000000000000352840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f4ce60ee63c3ca2021-12-21 10:27:42.194root 11241100x8000000000000000352841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74c6335143776e52021-12-21 10:27:42.194root 11241100x8000000000000000352842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb6c515b378e0282021-12-21 10:27:42.194root 11241100x8000000000000000352843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c3e3d47fe0e1072021-12-21 10:27:42.194root 11241100x8000000000000000352844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a219bd8c7bfd0e2021-12-21 10:27:42.194root 11241100x8000000000000000352845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c047b2e822009a7e2021-12-21 10:27:42.194root 11241100x8000000000000000352846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01cd77b2009fdee2021-12-21 10:27:42.194root 11241100x8000000000000000352847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185bd632b674a3d72021-12-21 10:27:42.194root 11241100x8000000000000000352848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabdb71c401aedd92021-12-21 10:27:42.194root 11241100x8000000000000000352849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b796f4e99e862f4f2021-12-21 10:27:42.195root 11241100x8000000000000000352850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb72e76bb646ea272021-12-21 10:27:42.195root 11241100x8000000000000000352851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc7fd607ca5074b2021-12-21 10:27:42.195root 11241100x8000000000000000352852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca15fceddef575162021-12-21 10:27:42.195root 11241100x8000000000000000352853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23dafaaeb26be4d12021-12-21 10:27:42.195root 11241100x8000000000000000352854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae85a5aac36812a2021-12-21 10:27:42.195root 11241100x8000000000000000352855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40834cbfd6fd5472021-12-21 10:27:42.195root 11241100x8000000000000000352856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe01d79db0069c842021-12-21 10:27:42.195root 11241100x8000000000000000352857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e25c9084a082e02021-12-21 10:27:42.195root 11241100x8000000000000000352858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4725fd8136c5c3e02021-12-21 10:27:42.195root 11241100x8000000000000000352859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd4ae778a9ecc9a2021-12-21 10:27:42.195root 11241100x8000000000000000352860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67bbd6d61381b092021-12-21 10:27:42.692root 11241100x8000000000000000352861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc341a102dbd36b2021-12-21 10:27:42.693root 11241100x8000000000000000352862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7bf60f9afe686a2021-12-21 10:27:42.693root 11241100x8000000000000000352863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c825a04b5045922021-12-21 10:27:42.693root 11241100x8000000000000000352864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72afc6ea1c07be992021-12-21 10:27:42.693root 11241100x8000000000000000352865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ce06b9e043b7422021-12-21 10:27:42.693root 11241100x8000000000000000352866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc3c113c402ddd72021-12-21 10:27:42.693root 11241100x8000000000000000352867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d23c838e80f14782021-12-21 10:27:42.693root 11241100x8000000000000000352868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae083296ab769eaa2021-12-21 10:27:42.693root 11241100x8000000000000000352869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8f4ba55cd8b6482021-12-21 10:27:42.694root 11241100x8000000000000000352870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56949c0dd5c4569b2021-12-21 10:27:42.694root 11241100x8000000000000000352871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02696d35a4e9f502021-12-21 10:27:42.694root 11241100x8000000000000000352872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38de81b4474e53172021-12-21 10:27:42.694root 11241100x8000000000000000352873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7c0b9308c60df32021-12-21 10:27:42.694root 11241100x8000000000000000352874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9697eb67619fe82021-12-21 10:27:42.694root 11241100x8000000000000000352875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5683e1a300aed942021-12-21 10:27:42.694root 11241100x8000000000000000352876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8a40139c44d4502021-12-21 10:27:42.694root 11241100x8000000000000000352877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901c3ef7da9e377a2021-12-21 10:27:42.694root 11241100x8000000000000000352878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45fbc203354b7b42021-12-21 10:27:42.694root 11241100x8000000000000000352879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba69af7ec7d036d82021-12-21 10:27:42.694root 11241100x8000000000000000352880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e55c6b132eb902b2021-12-21 10:27:42.695root 11241100x8000000000000000352881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e2e2e6b09226062021-12-21 10:27:42.695root 11241100x8000000000000000352882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab887f665e952d8d2021-12-21 10:27:42.695root 11241100x8000000000000000352883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0810f7d466ef7ef22021-12-21 10:27:42.695root 11241100x8000000000000000352884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e687d9d496cc762021-12-21 10:27:42.695root 11241100x8000000000000000352885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b434b2cbf65f8012021-12-21 10:27:42.695root 11241100x8000000000000000352886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc0ca78fb018cb42021-12-21 10:27:42.695root 11241100x8000000000000000352887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f195c2b97606e2782021-12-21 10:27:42.696root 11241100x8000000000000000352888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21745782521cc752021-12-21 10:27:42.696root 11241100x8000000000000000352889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380c0dd5d480a9382021-12-21 10:27:42.696root 11241100x8000000000000000352890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f549aaacfe42adaa2021-12-21 10:27:42.696root 11241100x8000000000000000352891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e734926789020a0c2021-12-21 10:27:42.696root 11241100x8000000000000000352892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b00932d4d6a75782021-12-21 10:27:42.696root 11241100x8000000000000000352893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9eabb5f156eb3462021-12-21 10:27:42.696root 11241100x8000000000000000352894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca975a33c66c9a42021-12-21 10:27:42.696root 11241100x8000000000000000352895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f86c449a62008752021-12-21 10:27:42.696root 11241100x8000000000000000352896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8119ea535f37577b2021-12-21 10:27:43.193root 11241100x8000000000000000352897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba07f55000bd9d192021-12-21 10:27:43.194root 11241100x8000000000000000352898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac000e05c0386422021-12-21 10:27:43.194root 11241100x8000000000000000352899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f279f604a2d8da2021-12-21 10:27:43.194root 11241100x8000000000000000352900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104b4eef100115152021-12-21 10:27:43.194root 11241100x8000000000000000352901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df259b055ac5d21e2021-12-21 10:27:43.194root 11241100x8000000000000000352902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e2e93ef27263832021-12-21 10:27:43.194root 11241100x8000000000000000352903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868cc5e3f97b19032021-12-21 10:27:43.194root 11241100x8000000000000000352904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6cda4452d11ef952021-12-21 10:27:43.194root 11241100x8000000000000000352905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d3d3373924bb9d2021-12-21 10:27:43.194root 11241100x8000000000000000352906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4029efed5b32fcbd2021-12-21 10:27:43.194root 11241100x8000000000000000352907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef30f046c7b61882021-12-21 10:27:43.195root 11241100x8000000000000000352908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9a48092fa869f642021-12-21 10:27:43.195root 11241100x8000000000000000352909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0478c4c343eaa1a32021-12-21 10:27:43.195root 11241100x8000000000000000352910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4096c4fda61caf2021-12-21 10:27:43.195root 11241100x8000000000000000352911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5d22e13ffd61b922021-12-21 10:27:43.195root 11241100x8000000000000000352912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c19c7da20d827382021-12-21 10:27:43.195root 11241100x8000000000000000352913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d0c39d72409b272021-12-21 10:27:43.195root 11241100x8000000000000000352914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdceaca7a02e1cff2021-12-21 10:27:43.196root 11241100x8000000000000000352915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b330a902932b69ee2021-12-21 10:27:43.196root 11241100x8000000000000000352916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc7c12729bc42a62021-12-21 10:27:43.196root 11241100x8000000000000000352917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c776a5c15a00912021-12-21 10:27:43.196root 11241100x8000000000000000352918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410cf7060f8c35022021-12-21 10:27:43.196root 11241100x8000000000000000352919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8129d8caad923772021-12-21 10:27:43.196root 11241100x8000000000000000352920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b7eaafe95af69c2021-12-21 10:27:43.196root 11241100x8000000000000000352921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a87304a5937b542021-12-21 10:27:43.197root 11241100x8000000000000000352922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a96ffd5274b0e32021-12-21 10:27:43.197root 11241100x8000000000000000352923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b49f7c9ec8960e62021-12-21 10:27:43.693root 11241100x8000000000000000352924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e839f7f09e4db632021-12-21 10:27:43.693root 11241100x8000000000000000352925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36864ae23cd54fe2021-12-21 10:27:43.694root 11241100x8000000000000000352926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152dc124a464957f2021-12-21 10:27:43.694root 11241100x8000000000000000352927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5564a361dfff3bd62021-12-21 10:27:43.694root 11241100x8000000000000000352928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b65afe8398cb5b2021-12-21 10:27:43.694root 11241100x8000000000000000352929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4b3e838efbdf48e2021-12-21 10:27:43.694root 11241100x8000000000000000352930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c94fcbbca4781b62021-12-21 10:27:43.694root 11241100x8000000000000000352931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c604363030647a22021-12-21 10:27:43.694root 11241100x8000000000000000352932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b38d2b4028e7eccd2021-12-21 10:27:43.694root 11241100x8000000000000000352933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.befbf66151767c032021-12-21 10:27:43.694root 11241100x8000000000000000352934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ae6cca6032d6622021-12-21 10:27:43.694root 11241100x8000000000000000352935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046123d513318f762021-12-21 10:27:43.695root 11241100x8000000000000000352936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0a6a5a344c31dd2021-12-21 10:27:43.695root 11241100x8000000000000000352937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a161cb9cf57de292021-12-21 10:27:43.695root 11241100x8000000000000000352938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1fe5fe4db9a6f622021-12-21 10:27:43.695root 11241100x8000000000000000352939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f93c14cd88272432021-12-21 10:27:43.695root 11241100x8000000000000000352940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da58d34fcf12ac7f2021-12-21 10:27:43.695root 11241100x8000000000000000352941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce8ad82aa9d02942021-12-21 10:27:43.695root 11241100x8000000000000000352942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf18b32e9511a9642021-12-21 10:27:43.695root 11241100x8000000000000000352943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1010ae8d9ae457d02021-12-21 10:27:43.696root 11241100x8000000000000000352944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45b681d4ae0b8aa2021-12-21 10:27:43.696root 11241100x8000000000000000352945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b50cbe2003ed5d2021-12-21 10:27:43.696root 11241100x8000000000000000352946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1394c1367758276e2021-12-21 10:27:43.696root 11241100x8000000000000000352947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74b737f5451a9942021-12-21 10:27:43.696root 11241100x8000000000000000352948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4720dade85409e2021-12-21 10:27:43.696root 11241100x8000000000000000352949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06bf61cc9ac6c06d2021-12-21 10:27:43.697root 11241100x8000000000000000352950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435947f565eab9732021-12-21 10:27:43.697root 11241100x8000000000000000352951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33f98691b67a9392021-12-21 10:27:43.697root 11241100x8000000000000000352952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f07429fabd903b12021-12-21 10:27:43.697root 11241100x8000000000000000352953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cce4894c82d5d492021-12-21 10:27:43.697root 354300x8000000000000000352954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.102{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47132-false10.0.1.12-8000- 11241100x8000000000000000352955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.103{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e13fc65a85334d5b2021-12-21 10:27:44.103root 11241100x8000000000000000352956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.103{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27fdca8f436a74382021-12-21 10:27:44.103root 11241100x8000000000000000352957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.103{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.247cdd5a1b0948172021-12-21 10:27:44.103root 11241100x8000000000000000352958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.104{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a73b4f8069b25342021-12-21 10:27:44.104root 11241100x8000000000000000352959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.104{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e405cdca0a7e752021-12-21 10:27:44.104root 11241100x8000000000000000352960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.105{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9fdc36ddb54dbc2021-12-21 10:27:44.105root 11241100x8000000000000000352961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.105{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd561a1210a79882021-12-21 10:27:44.105root 11241100x8000000000000000352962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.105{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e925abea1f4e212021-12-21 10:27:44.105root 11241100x8000000000000000352963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.105{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b7ae037e4545d22021-12-21 10:27:44.105root 11241100x8000000000000000352964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.106{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12d8e1ea0ccdab32021-12-21 10:27:44.106root 11241100x8000000000000000352965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.107{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c57034daf42c0312021-12-21 10:27:44.107root 11241100x8000000000000000352966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.107{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4300a548de6fe6b2021-12-21 10:27:44.107root 11241100x8000000000000000352967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.107{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54328fcae69b40dc2021-12-21 10:27:44.107root 11241100x8000000000000000352968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956a1cc494325e0c2021-12-21 10:27:44.109root 11241100x8000000000000000352969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ca2f071bb2072c2021-12-21 10:27:44.109root 11241100x8000000000000000352970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d6e64d8115319c2021-12-21 10:27:44.109root 11241100x8000000000000000352971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ba93154953337c2021-12-21 10:27:44.109root 11241100x8000000000000000352972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46cccdf574f267682021-12-21 10:27:44.109root 11241100x8000000000000000352973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.109{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f304a62107a0b242021-12-21 10:27:44.109root 11241100x8000000000000000352974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.110{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ca48a1b82e815a2021-12-21 10:27:44.110root 11241100x8000000000000000352975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265ec3187e92d06e2021-12-21 10:27:44.111root 11241100x8000000000000000352976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b94629a3de516b2021-12-21 10:27:44.111root 11241100x8000000000000000352977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf636c26e4d2a6b2021-12-21 10:27:44.111root 11241100x8000000000000000352978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c4110b496f21f82021-12-21 10:27:44.111root 11241100x8000000000000000352979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837d13a6ac4953042021-12-21 10:27:44.111root 11241100x8000000000000000352980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.964df66b8bb8ab6e2021-12-21 10:27:44.111root 11241100x8000000000000000352981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57b5c964c56e7e62021-12-21 10:27:44.111root 11241100x8000000000000000352982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.111{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63bf6f3669e85f5a2021-12-21 10:27:44.111root 11241100x8000000000000000352983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76fac3c5220378bd2021-12-21 10:27:44.112root 11241100x8000000000000000352984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4484baf9bde40e062021-12-21 10:27:44.112root 11241100x8000000000000000352985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be05b89902aea3792021-12-21 10:27:44.112root 11241100x8000000000000000352986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d88496bad1df21cd2021-12-21 10:27:44.112root 11241100x8000000000000000352987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.112{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37da8adf70f07602021-12-21 10:27:44.112root 11241100x8000000000000000352988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665b305924c599862021-12-21 10:27:44.113root 11241100x8000000000000000352989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78350c16d5e401572021-12-21 10:27:44.113root 11241100x8000000000000000352990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.113{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4740148c3b969b52021-12-21 10:27:44.113root 11241100x8000000000000000352991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.114{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a47435cf366d0f12021-12-21 10:27:44.114root 11241100x8000000000000000352992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.007c173da781d2182021-12-21 10:27:44.443root 11241100x8000000000000000352993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d4ac5e45e07ce52021-12-21 10:27:44.443root 11241100x8000000000000000352994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c925dffeaabee312021-12-21 10:27:44.443root 11241100x8000000000000000352995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c562ef9d0ab3f6b2021-12-21 10:27:44.443root 11241100x8000000000000000352996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c5cff0443f0c2b2021-12-21 10:27:44.444root 11241100x8000000000000000352997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f68bbcf7b4a4db2021-12-21 10:27:44.444root 11241100x8000000000000000352998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d5c2c7f2a650ca2021-12-21 10:27:44.444root 11241100x8000000000000000352999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693800889e9262d32021-12-21 10:27:44.444root 11241100x8000000000000000353000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e8e735c39f46542021-12-21 10:27:44.444root 11241100x8000000000000000353001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4479c73cdf7a6652021-12-21 10:27:44.444root 11241100x8000000000000000353002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27b10780a37af6472021-12-21 10:27:44.444root 11241100x8000000000000000353003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47237775b572bd72021-12-21 10:27:44.444root 11241100x8000000000000000353004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2416b5b5a22805c42021-12-21 10:27:44.444root 11241100x8000000000000000353005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28688a15d7e0106f2021-12-21 10:27:44.444root 11241100x8000000000000000353006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a70fc973abb20682021-12-21 10:27:44.444root 11241100x8000000000000000353007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc546d500d4d6ca92021-12-21 10:27:44.444root 11241100x8000000000000000353008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68daa010becd86b92021-12-21 10:27:44.444root 11241100x8000000000000000353009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3750be6d93db8c2021-12-21 10:27:44.444root 11241100x8000000000000000353010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ade0abdb4507bb72021-12-21 10:27:44.444root 11241100x8000000000000000353011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c883b18818a31d2021-12-21 10:27:44.445root 11241100x8000000000000000353012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3788a397171127f2021-12-21 10:27:44.445root 11241100x8000000000000000353013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d463264982c31e192021-12-21 10:27:44.445root 11241100x8000000000000000353014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1100ebf158e624cf2021-12-21 10:27:44.445root 11241100x8000000000000000353015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99711a4be6337732021-12-21 10:27:44.445root 11241100x8000000000000000353016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96301b7c9670a632021-12-21 10:27:44.445root 11241100x8000000000000000353017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2bf96f689eec7c2021-12-21 10:27:44.445root 11241100x8000000000000000353018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2caeafeb62c567292021-12-21 10:27:44.445root 11241100x8000000000000000353019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7efecd9392a5bc22021-12-21 10:27:44.445root 11241100x8000000000000000353020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6a43cb6a45dd402021-12-21 10:27:44.943root 11241100x8000000000000000353021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55cfe9786829c7302021-12-21 10:27:44.943root 11241100x8000000000000000353022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0517cd28631fed1c2021-12-21 10:27:44.943root 11241100x8000000000000000353023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6e9091cc391e082021-12-21 10:27:44.943root 11241100x8000000000000000353024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ed64bdb754aff082021-12-21 10:27:44.943root 11241100x8000000000000000353025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ea8bed4ae21f9b2021-12-21 10:27:44.943root 11241100x8000000000000000353026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6972923fb5f2649f2021-12-21 10:27:44.944root 11241100x8000000000000000353027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e4bec6e750b3642021-12-21 10:27:44.944root 11241100x8000000000000000353028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb3daa6123241db2021-12-21 10:27:44.944root 11241100x8000000000000000353029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d526ea1718ac7b712021-12-21 10:27:44.945root 11241100x8000000000000000353030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c0d0424339844f2021-12-21 10:27:44.945root 11241100x8000000000000000353031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21fc1d7d042b08ae2021-12-21 10:27:44.945root 11241100x8000000000000000353032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4005426f212ad9c82021-12-21 10:27:44.945root 11241100x8000000000000000353033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc464e376fd0431d2021-12-21 10:27:44.945root 11241100x8000000000000000353034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd81dd9a80776d592021-12-21 10:27:44.945root 11241100x8000000000000000353035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f1ca631155ecf22021-12-21 10:27:44.945root 11241100x8000000000000000353036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d82c5af7f2d8862021-12-21 10:27:44.945root 11241100x8000000000000000353037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504d41ae437e46752021-12-21 10:27:44.945root 11241100x8000000000000000353038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab511709573159a2021-12-21 10:27:44.946root 11241100x8000000000000000353039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d94fee3c72c34512021-12-21 10:27:44.946root 11241100x8000000000000000353040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74d7bd501b1cf222021-12-21 10:27:44.946root 11241100x8000000000000000353041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe3ad8ce2d34fae2021-12-21 10:27:44.946root 11241100x8000000000000000353042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49f2a18ccc383ad2021-12-21 10:27:44.946root 11241100x8000000000000000353043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b13dc28090a4c552021-12-21 10:27:44.946root 11241100x8000000000000000353044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2af943c2db8e7d2021-12-21 10:27:44.946root 11241100x8000000000000000353045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b211716555ce0ae32021-12-21 10:27:44.946root 11241100x8000000000000000353046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f08fbf6f8dd52ebf2021-12-21 10:27:44.946root 11241100x8000000000000000353047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0597a28e43ef0e0b2021-12-21 10:27:44.946root 11241100x8000000000000000353048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5c674933038aa52021-12-21 10:27:45.443root 11241100x8000000000000000353049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e1ddf40674794e2021-12-21 10:27:45.443root 11241100x8000000000000000353050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85ce4185fd174e62021-12-21 10:27:45.444root 11241100x8000000000000000353051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa7115f9175fcfb2021-12-21 10:27:45.444root 11241100x8000000000000000353052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543509e9c566375d2021-12-21 10:27:45.444root 11241100x8000000000000000353053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2fcb9087cac10c2021-12-21 10:27:45.444root 11241100x8000000000000000353054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a1e7c8c7c66b8ab2021-12-21 10:27:45.444root 11241100x8000000000000000353055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e63cc66d1d3b022021-12-21 10:27:45.444root 11241100x8000000000000000353056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbf605c88d97057e2021-12-21 10:27:45.444root 11241100x8000000000000000353057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c1a787f90231052021-12-21 10:27:45.444root 11241100x8000000000000000353058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be290b20965a5f32021-12-21 10:27:45.444root 11241100x8000000000000000353059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0b73bd086601282021-12-21 10:27:45.444root 11241100x8000000000000000353060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7460d30ea9fd2ca2021-12-21 10:27:45.444root 11241100x8000000000000000353061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93359bb9fde7c8e72021-12-21 10:27:45.444root 11241100x8000000000000000353062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e6da89333f87f22021-12-21 10:27:45.444root 11241100x8000000000000000353063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0af4ce6bb921932021-12-21 10:27:45.444root 11241100x8000000000000000353064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ff4ebcd78aae972021-12-21 10:27:45.445root 11241100x8000000000000000353065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b43a2f4d54deab62021-12-21 10:27:45.445root 11241100x8000000000000000353066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a785c0119217012d2021-12-21 10:27:45.445root 11241100x8000000000000000353067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15684923cb55a0dc2021-12-21 10:27:45.445root 11241100x8000000000000000353068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4325d6bab31211032021-12-21 10:27:45.445root 11241100x8000000000000000353069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4c01079c8a3d5c2021-12-21 10:27:45.445root 11241100x8000000000000000353070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32e043bb49a490c2021-12-21 10:27:45.445root 11241100x8000000000000000353071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd137bc9d3340d312021-12-21 10:27:45.445root 11241100x8000000000000000353072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.716661e31b9ed1f92021-12-21 10:27:45.445root 11241100x8000000000000000353073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30b169c573f52a32021-12-21 10:27:45.445root 11241100x8000000000000000353074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629af73dbb0e63a22021-12-21 10:27:45.445root 11241100x8000000000000000353075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90713c97d3c9b4092021-12-21 10:27:45.445root 11241100x8000000000000000353076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3223c2d3361f3acc2021-12-21 10:27:45.943root 11241100x8000000000000000353077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3381b867cebc275d2021-12-21 10:27:45.943root 11241100x8000000000000000353078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345b8e78a42d5e6a2021-12-21 10:27:45.943root 11241100x8000000000000000353079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a007473abb2516a32021-12-21 10:27:45.943root 11241100x8000000000000000353080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf36613f24221182021-12-21 10:27:45.944root 11241100x8000000000000000353081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326be3804cd3fdf62021-12-21 10:27:45.944root 11241100x8000000000000000353082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6200dc77fdae1dc2021-12-21 10:27:45.944root 11241100x8000000000000000353083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd613279f76fac92021-12-21 10:27:45.944root 11241100x8000000000000000353084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86d934da6fb764e2021-12-21 10:27:45.944root 11241100x8000000000000000353085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429967a6a8ec53d02021-12-21 10:27:45.944root 11241100x8000000000000000353086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817675a8c109f0bc2021-12-21 10:27:45.944root 11241100x8000000000000000353087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451bdaeac566fa792021-12-21 10:27:45.944root 11241100x8000000000000000353088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4de6cb918b98ce2021-12-21 10:27:45.944root 11241100x8000000000000000353089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9392ab5b5fc8b5532021-12-21 10:27:45.944root 11241100x8000000000000000353090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a8e63c50845ce02021-12-21 10:27:45.945root 11241100x8000000000000000353091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c456fd962a1bd08f2021-12-21 10:27:45.945root 11241100x8000000000000000353092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147c0bc4538d27002021-12-21 10:27:45.945root 11241100x8000000000000000353093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8b466afb28569e2021-12-21 10:27:45.945root 11241100x8000000000000000353094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5b93aba39f81a82021-12-21 10:27:45.945root 11241100x8000000000000000353095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6741548d14abad82021-12-21 10:27:45.945root 11241100x8000000000000000353096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a14783c3a7f9cd2021-12-21 10:27:45.945root 11241100x8000000000000000353097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b29bf0b8b7ec0c32021-12-21 10:27:45.945root 11241100x8000000000000000353098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a158b3f2e5281eb2021-12-21 10:27:45.946root 11241100x8000000000000000353099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354bd591d235cd412021-12-21 10:27:45.946root 11241100x8000000000000000353100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37f264f720b44802021-12-21 10:27:45.946root 11241100x8000000000000000353101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf8cdd3fbaf95412021-12-21 10:27:45.946root 11241100x8000000000000000353102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f24ec3fa51a9e1792021-12-21 10:27:45.946root 11241100x8000000000000000353103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a795676dae3972c22021-12-21 10:27:45.946root 11241100x8000000000000000353104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930e5d034d359d692021-12-21 10:27:45.946root 11241100x8000000000000000353105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1edb44dd34e036412021-12-21 10:27:46.443root 11241100x8000000000000000353106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b508b6aefc1b532021-12-21 10:27:46.444root 11241100x8000000000000000353107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a4d40d178f1ef12021-12-21 10:27:46.445root 11241100x8000000000000000353108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5829f2e207f563a2021-12-21 10:27:46.445root 11241100x8000000000000000353109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d6a7c52f23037d2021-12-21 10:27:46.446root 11241100x8000000000000000353110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7652eb323bff6cc82021-12-21 10:27:46.446root 11241100x8000000000000000353111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf78221b58a07002021-12-21 10:27:46.446root 11241100x8000000000000000353112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21bb1efa51fecf52021-12-21 10:27:46.447root 11241100x8000000000000000353113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49cf96a7e59fa4d62021-12-21 10:27:46.447root 11241100x8000000000000000353114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59af7a487bf2b0582021-12-21 10:27:46.447root 11241100x8000000000000000353115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db10512f02f64e52021-12-21 10:27:46.447root 11241100x8000000000000000353116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60fd68d3bb7ac7032021-12-21 10:27:46.447root 11241100x8000000000000000353117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96dc1b16cdfeae0d2021-12-21 10:27:46.447root 11241100x8000000000000000353118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf67d8ed9a9364792021-12-21 10:27:46.447root 11241100x8000000000000000353119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faeed2c100cb01622021-12-21 10:27:46.447root 11241100x8000000000000000353120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3b6a26f936c9cb2021-12-21 10:27:46.447root 11241100x8000000000000000353121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.babaa5cbaf7d100a2021-12-21 10:27:46.447root 11241100x8000000000000000353122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f53e36c4ce09d502021-12-21 10:27:46.447root 11241100x8000000000000000353123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e2ffd64c6f831f62021-12-21 10:27:46.447root 11241100x8000000000000000353124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5587d5dbdae28ea32021-12-21 10:27:46.448root 11241100x8000000000000000353125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54323086c0e05142021-12-21 10:27:46.448root 11241100x8000000000000000353126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1f0e0759b2ac962021-12-21 10:27:46.448root 11241100x8000000000000000353127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6105f102af811ade2021-12-21 10:27:46.448root 11241100x8000000000000000353128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f474d4b26a1dc32021-12-21 10:27:46.448root 11241100x8000000000000000353129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e081a749d9085e2021-12-21 10:27:46.448root 11241100x8000000000000000353130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0c3fc3a7f7f5da2021-12-21 10:27:46.448root 11241100x8000000000000000353131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a2c319e5a679c92021-12-21 10:27:46.448root 11241100x8000000000000000353132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abed46a81f681162021-12-21 10:27:46.448root 11241100x8000000000000000353133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c95f3a087c5291e2021-12-21 10:27:46.943root 11241100x8000000000000000353134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607f62e97046bfde2021-12-21 10:27:46.943root 11241100x8000000000000000353135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2708cf4b409cdec62021-12-21 10:27:46.944root 11241100x8000000000000000353136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a22e523dea94ae902021-12-21 10:27:46.944root 11241100x8000000000000000353137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3690774614c48a572021-12-21 10:27:46.944root 11241100x8000000000000000353138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b97caae16b79d7c2021-12-21 10:27:46.944root 11241100x8000000000000000353139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba00f6c23787b852021-12-21 10:27:46.944root 11241100x8000000000000000353140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66ff9ec58eb7098f2021-12-21 10:27:46.944root 11241100x8000000000000000353141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50e8408e3eaae9e2021-12-21 10:27:46.945root 11241100x8000000000000000353142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378f82ce08c7a73f2021-12-21 10:27:46.945root 11241100x8000000000000000353143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c01869861173223b2021-12-21 10:27:46.945root 11241100x8000000000000000353144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea33e2619c2f02422021-12-21 10:27:46.945root 11241100x8000000000000000353145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d989a54c3a478fd2021-12-21 10:27:46.945root 11241100x8000000000000000353146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a6d8206da2077f2021-12-21 10:27:46.945root 11241100x8000000000000000353147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de4ad1bcace7ab4b2021-12-21 10:27:46.945root 11241100x8000000000000000353148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d974bb576aed8c2021-12-21 10:27:46.946root 11241100x8000000000000000353149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dce4509536b641d2021-12-21 10:27:46.946root 11241100x8000000000000000353150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af7e5cceaf05d542021-12-21 10:27:46.946root 11241100x8000000000000000353151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22da3da610779812021-12-21 10:27:46.946root 11241100x8000000000000000353152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c60dacc76151522021-12-21 10:27:46.946root 11241100x8000000000000000353153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f952624d9e0fd46f2021-12-21 10:27:46.946root 11241100x8000000000000000353154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d17e1988e7a05a12021-12-21 10:27:46.946root 11241100x8000000000000000353155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1713e16473a18172021-12-21 10:27:46.946root 11241100x8000000000000000353156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6bd0453538ecff2021-12-21 10:27:46.946root 11241100x8000000000000000353157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b68655c6be7c6b2021-12-21 10:27:46.946root 11241100x8000000000000000353158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4681fe84f970582021-12-21 10:27:46.947root 11241100x8000000000000000353159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18792a17cc6b2d12021-12-21 10:27:46.947root 11241100x8000000000000000353160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ff595ba80f7ee32021-12-21 10:27:46.947root 11241100x8000000000000000353161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:46.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f5a196e8bb69a02021-12-21 10:27:46.947root 11241100x8000000000000000353162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218d35ea128d9caa2021-12-21 10:27:47.443root 11241100x8000000000000000353163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb3c38c492836a12021-12-21 10:27:47.443root 11241100x8000000000000000353164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663843f87dd1fb7f2021-12-21 10:27:47.443root 11241100x8000000000000000353165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69818747b3e152e72021-12-21 10:27:47.443root 11241100x8000000000000000353166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546f2bb444aea95c2021-12-21 10:27:47.443root 11241100x8000000000000000353167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.916aec0fbae1f7b62021-12-21 10:27:47.443root 11241100x8000000000000000353168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.230b94bed1a49e692021-12-21 10:27:47.443root 11241100x8000000000000000353169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4388bc207c473b2021-12-21 10:27:47.443root 11241100x8000000000000000353170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8334f98aaa7e3c2021-12-21 10:27:47.443root 11241100x8000000000000000353171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f13547fd80a04392021-12-21 10:27:47.444root 11241100x8000000000000000353172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aacb2e061c94fb92021-12-21 10:27:47.444root 11241100x8000000000000000353173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061126f7974e210b2021-12-21 10:27:47.444root 11241100x8000000000000000353174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78d0ef7a1df64e12021-12-21 10:27:47.444root 11241100x8000000000000000353175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.421018ccbfbc9c752021-12-21 10:27:47.444root 11241100x8000000000000000353176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e384f02d49bdabe52021-12-21 10:27:47.444root 11241100x8000000000000000353177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eaed3aab57f9cf12021-12-21 10:27:47.444root 11241100x8000000000000000353178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2637af8aba03e42021-12-21 10:27:47.444root 11241100x8000000000000000353179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d19096b10b9e2012021-12-21 10:27:47.444root 11241100x8000000000000000353180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e258fc48349257182021-12-21 10:27:47.445root 11241100x8000000000000000353181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a13ff0ef73984962021-12-21 10:27:47.445root 11241100x8000000000000000353182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67b05cc4809773b2021-12-21 10:27:47.445root 11241100x8000000000000000353183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2c21f73b498ae52021-12-21 10:27:47.445root 11241100x8000000000000000353184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c34ef49a45a397b2021-12-21 10:27:47.445root 11241100x8000000000000000353185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796c03c3708806682021-12-21 10:27:47.445root 11241100x8000000000000000353186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6cc09f7efa988182021-12-21 10:27:47.445root 11241100x8000000000000000353187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0116456d2b47ace02021-12-21 10:27:47.445root 11241100x8000000000000000353188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa948fc8ca5c45f12021-12-21 10:27:47.445root 11241100x8000000000000000353189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33b3b58c424175c2021-12-21 10:27:47.445root 11241100x8000000000000000353190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4edc75d281e740f32021-12-21 10:27:47.446root 11241100x8000000000000000353191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743959fee341ea022021-12-21 10:27:47.446root 11241100x8000000000000000353192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35411f0c629d64a2021-12-21 10:27:47.446root 11241100x8000000000000000353193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac0158c4a90c98222021-12-21 10:27:47.446root 11241100x8000000000000000353194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57230b84fa0758d62021-12-21 10:27:47.446root 11241100x8000000000000000353195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd181b7ef8f5c612021-12-21 10:27:47.446root 11241100x8000000000000000353196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e73514c0d7a3c352021-12-21 10:27:47.446root 11241100x8000000000000000353197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88106566d689b3782021-12-21 10:27:47.446root 11241100x8000000000000000353198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ca28b420818bd92021-12-21 10:27:47.447root 11241100x8000000000000000353199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62fdceec2025fc2e2021-12-21 10:27:47.447root 11241100x8000000000000000353200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7491f04e90c8544f2021-12-21 10:27:47.447root 11241100x8000000000000000353201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d904892799e676e2021-12-21 10:27:47.447root 11241100x8000000000000000353202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67f34b5c393985d92021-12-21 10:27:47.447root 11241100x8000000000000000353203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f63b7a2e192bf72021-12-21 10:27:47.447root 11241100x8000000000000000353204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9478a52be98c4fc32021-12-21 10:27:47.447root 11241100x8000000000000000353205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2a6fc7798466cc2021-12-21 10:27:47.447root 11241100x8000000000000000353206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f7a1241d92effd2021-12-21 10:27:47.447root 11241100x8000000000000000353207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33d4a9933f05ac62021-12-21 10:27:47.447root 11241100x8000000000000000353208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0408b6eef3b2421b2021-12-21 10:27:47.448root 11241100x8000000000000000353209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af0cf3be797a99f2021-12-21 10:27:47.448root 11241100x8000000000000000353210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b7ce2c48fbe9aa2021-12-21 10:27:47.448root 11241100x8000000000000000353211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93f640bcda060252021-12-21 10:27:47.448root 11241100x8000000000000000353212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b211a2d7cd1811f2021-12-21 10:27:47.448root 11241100x8000000000000000353213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b6f4be36b2042f2021-12-21 10:27:47.448root 11241100x8000000000000000353214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cafeeaee10994f982021-12-21 10:27:47.448root 11241100x8000000000000000353215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d193969f879d23932021-12-21 10:27:47.448root 11241100x8000000000000000353216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6509ef7dd512de502021-12-21 10:27:47.449root 11241100x8000000000000000353217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcc57aecc189aff2021-12-21 10:27:47.449root 11241100x8000000000000000353218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a197fa26b569482021-12-21 10:27:47.449root 11241100x8000000000000000353219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be50adea057d7fe2021-12-21 10:27:47.943root 11241100x8000000000000000353220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0518f8038a936ae22021-12-21 10:27:47.943root 11241100x8000000000000000353221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6f2c41eec8736f2021-12-21 10:27:47.943root 11241100x8000000000000000353222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3520fb56b6ae7cc82021-12-21 10:27:47.943root 11241100x8000000000000000353223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b3fc00dde534672021-12-21 10:27:47.943root 11241100x8000000000000000353224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48798ee6accb53eb2021-12-21 10:27:47.944root 11241100x8000000000000000353225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c11877782eb2ca22021-12-21 10:27:47.944root 11241100x8000000000000000353226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c13c439671770c2021-12-21 10:27:47.944root 11241100x8000000000000000353227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325045e065f50b5b2021-12-21 10:27:47.944root 11241100x8000000000000000353228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a27f13b5d04754e2021-12-21 10:27:47.944root 11241100x8000000000000000353229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314420b03f4d97fd2021-12-21 10:27:47.944root 11241100x8000000000000000353230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d80f8f5bb9e96762021-12-21 10:27:47.944root 11241100x8000000000000000353231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05e58624358848282021-12-21 10:27:47.944root 11241100x8000000000000000353232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ab3692bab8adff2021-12-21 10:27:47.944root 11241100x8000000000000000353233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade07d8a3fd6de852021-12-21 10:27:47.945root 11241100x8000000000000000353234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8910aa4b28adc8082021-12-21 10:27:47.945root 11241100x8000000000000000353235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.816b8af3d9665aab2021-12-21 10:27:47.945root 11241100x8000000000000000353236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a551a5d11d4be84e2021-12-21 10:27:47.945root 11241100x8000000000000000353237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ed78f1f402f01092021-12-21 10:27:47.946root 11241100x8000000000000000353238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053a29f19f5ca3e62021-12-21 10:27:47.946root 11241100x8000000000000000353239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6d0594738937c32021-12-21 10:27:47.946root 11241100x8000000000000000353240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa0c844a7309f8c2021-12-21 10:27:47.946root 11241100x8000000000000000353241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4640056bc2815c2021-12-21 10:27:47.947root 11241100x8000000000000000353242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108c9e2958fbb1f92021-12-21 10:27:47.947root 11241100x8000000000000000353243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418f530cb9756d492021-12-21 10:27:47.947root 11241100x8000000000000000353244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f704318a2322b81a2021-12-21 10:27:47.947root 11241100x8000000000000000353245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cb4b152eedec202021-12-21 10:27:47.947root 11241100x8000000000000000353246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9136e3088586032021-12-21 10:27:47.948root 11241100x8000000000000000353247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980d523465e2f9e82021-12-21 10:27:47.948root 11241100x8000000000000000353248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b311f91ca079ceb2021-12-21 10:27:47.948root 11241100x8000000000000000353249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:47.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a0bdb18e4306182021-12-21 10:27:47.948root 11241100x8000000000000000353250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2869841020032fd72021-12-21 10:27:48.443root 11241100x8000000000000000353251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2e10743c87fb722021-12-21 10:27:48.443root 11241100x8000000000000000353252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb59314fc1de0e412021-12-21 10:27:48.443root 11241100x8000000000000000353253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f3da373488739f2021-12-21 10:27:48.443root 11241100x8000000000000000353254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88dc52c5767635fd2021-12-21 10:27:48.444root 11241100x8000000000000000353255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1541bf2758aec32021-12-21 10:27:48.444root 11241100x8000000000000000353256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4194e5b0111a6832021-12-21 10:27:48.444root 11241100x8000000000000000353257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cee2104badd0f62021-12-21 10:27:48.444root 11241100x8000000000000000353258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b5d93a789d4a782021-12-21 10:27:48.444root 11241100x8000000000000000353259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.481daedcdb4ebf492021-12-21 10:27:48.444root 11241100x8000000000000000353260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d1491e121971062021-12-21 10:27:48.444root 11241100x8000000000000000353261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884b53a2eff1e5462021-12-21 10:27:48.444root 11241100x8000000000000000353262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499ebd43a0226cba2021-12-21 10:27:48.444root 11241100x8000000000000000353263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.696e0f6611d8ebb12021-12-21 10:27:48.444root 11241100x8000000000000000353264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e803e19828b8ce622021-12-21 10:27:48.444root 11241100x8000000000000000353265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ccb2771fafb35852021-12-21 10:27:48.445root 11241100x8000000000000000353266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7c2a9d542c9e342021-12-21 10:27:48.445root 11241100x8000000000000000353267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0fc362cc5b2e3af2021-12-21 10:27:48.445root 11241100x8000000000000000353268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b97b877b7a08cd92021-12-21 10:27:48.445root 11241100x8000000000000000353269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07bcc093986ecf5d2021-12-21 10:27:48.445root 11241100x8000000000000000353270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba94ba7695334922021-12-21 10:27:48.445root 11241100x8000000000000000353271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62bffd423288728e2021-12-21 10:27:48.445root 11241100x8000000000000000353272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.663f6dc4d3a184db2021-12-21 10:27:48.445root 11241100x8000000000000000353273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb7e3bb2bcf7b932021-12-21 10:27:48.445root 11241100x8000000000000000353274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810018085f738d2b2021-12-21 10:27:48.445root 11241100x8000000000000000353275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429e7e95d90dba682021-12-21 10:27:48.446root 11241100x8000000000000000353276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e9a892ffd1a2262021-12-21 10:27:48.446root 11241100x8000000000000000353277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00eeacc92e4ed67f2021-12-21 10:27:48.446root 11241100x8000000000000000353278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f9e9e0897db9032021-12-21 10:27:48.943root 11241100x8000000000000000353279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92113ac6b2815e12021-12-21 10:27:48.943root 11241100x8000000000000000353280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ccf239bf3ebbb62021-12-21 10:27:48.943root 11241100x8000000000000000353281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318e22fbbf8484172021-12-21 10:27:48.943root 11241100x8000000000000000353282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1061fecdda98312021-12-21 10:27:48.943root 11241100x8000000000000000353283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ae688a532791de2021-12-21 10:27:48.943root 11241100x8000000000000000353284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c843fabd835ae29c2021-12-21 10:27:48.943root 11241100x8000000000000000353285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c422a4015d0957f02021-12-21 10:27:48.943root 11241100x8000000000000000353286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b368ec37d37bed2021-12-21 10:27:48.943root 11241100x8000000000000000353287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e8fda07997a7162021-12-21 10:27:48.944root 11241100x8000000000000000353288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431f3eec96c7c6e32021-12-21 10:27:48.944root 11241100x8000000000000000353289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a084252957b5c942021-12-21 10:27:48.944root 11241100x8000000000000000353290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3492f04fcb51bf7e2021-12-21 10:27:48.944root 11241100x8000000000000000353291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953d243546ee735e2021-12-21 10:27:48.944root 11241100x8000000000000000353292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd2cac798492c952021-12-21 10:27:48.944root 11241100x8000000000000000353293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38494d3e47e71f162021-12-21 10:27:48.944root 11241100x8000000000000000353294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797662fa691fc7402021-12-21 10:27:48.944root 11241100x8000000000000000353295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c684b554fc9cd22021-12-21 10:27:48.944root 11241100x8000000000000000353296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9cb073702432b1a2021-12-21 10:27:48.944root 11241100x8000000000000000353297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f00a64df312e3b82021-12-21 10:27:48.944root 11241100x8000000000000000353298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f872a11d13c3d2e72021-12-21 10:27:48.944root 11241100x8000000000000000353299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d21edcaef650262021-12-21 10:27:48.944root 11241100x8000000000000000353300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ad5e492142c65e2021-12-21 10:27:48.944root 11241100x8000000000000000353301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1e3b18bac9b7b12021-12-21 10:27:48.944root 11241100x8000000000000000353302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.953b48d6ac58d6732021-12-21 10:27:48.945root 11241100x8000000000000000353303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a1f6aad2ab09d7d2021-12-21 10:27:48.945root 11241100x8000000000000000353304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd30f0043470dcc2021-12-21 10:27:48.945root 11241100x8000000000000000353305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3adf24412672dc312021-12-21 10:27:48.945root 11241100x8000000000000000353306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31269a5e00f50862021-12-21 10:27:48.945root 11241100x8000000000000000353307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157202852fbe15712021-12-21 10:27:48.945root 11241100x8000000000000000353308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ac7938b56271122021-12-21 10:27:48.945root 11241100x8000000000000000353309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5d3b658182dc232021-12-21 10:27:48.946root 11241100x8000000000000000353310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1fdce1258739bbd2021-12-21 10:27:48.946root 11241100x8000000000000000353311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682ec7b70f8dd3dc2021-12-21 10:27:49.443root 11241100x8000000000000000353312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339ccac16c84b2902021-12-21 10:27:49.443root 11241100x8000000000000000353313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19192dbc51a14fc32021-12-21 10:27:49.443root 11241100x8000000000000000353314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f17eb2dae77eccc2021-12-21 10:27:49.443root 11241100x8000000000000000353315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d68736f3fabe90fd2021-12-21 10:27:49.443root 11241100x8000000000000000353316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd446b37ca424b52021-12-21 10:27:49.443root 11241100x8000000000000000353317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08345ae9a3f9b2c32021-12-21 10:27:49.443root 11241100x8000000000000000353318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51fe369a2a201e302021-12-21 10:27:49.444root 11241100x8000000000000000353319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b48c32b2cdc8393c2021-12-21 10:27:49.444root 11241100x8000000000000000353320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6bc4c1ca0b3ec72021-12-21 10:27:49.444root 11241100x8000000000000000353321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04fa1973881ef802021-12-21 10:27:49.444root 11241100x8000000000000000353322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff19c8b1059a76b92021-12-21 10:27:49.444root 11241100x8000000000000000353323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14ab5db5c203986b2021-12-21 10:27:49.444root 11241100x8000000000000000353324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e881d2e59ee7dd712021-12-21 10:27:49.444root 11241100x8000000000000000353325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c487c00e96548a2021-12-21 10:27:49.445root 11241100x8000000000000000353326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9015d1ce04af2b2021-12-21 10:27:49.445root 11241100x8000000000000000353327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770e30aab583fcb52021-12-21 10:27:49.445root 11241100x8000000000000000353328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bd9efc3fcaf13172021-12-21 10:27:49.445root 11241100x8000000000000000353329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c496de90da578c02021-12-21 10:27:49.445root 11241100x8000000000000000353330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16001d7f00901f532021-12-21 10:27:49.445root 11241100x8000000000000000353331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a9d00ccf9273962021-12-21 10:27:49.446root 11241100x8000000000000000353332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6aa42553120b58a2021-12-21 10:27:49.446root 11241100x8000000000000000353333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8783b725465ae12021-12-21 10:27:49.446root 11241100x8000000000000000353334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fecfe02335d8592021-12-21 10:27:49.447root 11241100x8000000000000000353335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e4b0895c68bbae2021-12-21 10:27:49.447root 11241100x8000000000000000353336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45501225e3c059222021-12-21 10:27:49.447root 11241100x8000000000000000353337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e0ee13fecbcee02021-12-21 10:27:49.447root 11241100x8000000000000000353338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd147b0d07735b42021-12-21 10:27:49.448root 11241100x8000000000000000353339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69da0cac6b9d30592021-12-21 10:27:49.448root 11241100x8000000000000000353340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ff09b04a265f9c2021-12-21 10:27:49.448root 11241100x8000000000000000353341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63c7c4b83fb43722021-12-21 10:27:49.448root 11241100x8000000000000000353342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85329da1dc2596502021-12-21 10:27:49.449root 11241100x8000000000000000353343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71e7abba6cf6dbef2021-12-21 10:27:49.449root 11241100x8000000000000000353344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04da6e9f183adf3c2021-12-21 10:27:49.449root 11241100x8000000000000000353345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0619a7f7aedf7f3a2021-12-21 10:27:49.449root 11241100x8000000000000000353346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bb6e61cc3bd7b92021-12-21 10:27:49.450root 11241100x8000000000000000353347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307265cd0ad396372021-12-21 10:27:49.450root 11241100x8000000000000000353348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad60e6326aacfef2021-12-21 10:27:49.450root 11241100x8000000000000000353349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20edbc9349b8adec2021-12-21 10:27:49.450root 11241100x8000000000000000353350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06487d5e893212d92021-12-21 10:27:49.450root 11241100x8000000000000000353351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03cb36013fd7de112021-12-21 10:27:49.450root 11241100x8000000000000000353352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628dfc17e175d9442021-12-21 10:27:49.450root 11241100x8000000000000000353353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30152e42bfa0e872021-12-21 10:27:49.451root 11241100x8000000000000000353354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e8b98c9e027d6f2021-12-21 10:27:49.451root 11241100x8000000000000000353355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a086d09a95d65732021-12-21 10:27:49.451root 11241100x8000000000000000353356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322b78919e71af5c2021-12-21 10:27:49.451root 11241100x8000000000000000353357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b82eae2d3645e0c2021-12-21 10:27:49.451root 11241100x8000000000000000353358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235b387d31c363f82021-12-21 10:27:49.943root 11241100x8000000000000000353359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6777a11e3f1abc802021-12-21 10:27:49.943root 11241100x8000000000000000353360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5592976ccd34ec3b2021-12-21 10:27:49.944root 11241100x8000000000000000353361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cfeb972e77da80e2021-12-21 10:27:49.944root 11241100x8000000000000000353362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996f6a08797490d82021-12-21 10:27:49.944root 11241100x8000000000000000353363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f19152a12046622021-12-21 10:27:49.944root 11241100x8000000000000000353364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf627969484406d2021-12-21 10:27:49.944root 11241100x8000000000000000353365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a76971684a335f72021-12-21 10:27:49.945root 11241100x8000000000000000353366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643a855b677530802021-12-21 10:27:49.945root 11241100x8000000000000000353367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af1a752521703b82021-12-21 10:27:49.945root 11241100x8000000000000000353368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc1d8e25fd0192a2021-12-21 10:27:49.945root 11241100x8000000000000000353369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac9d3ff313875702021-12-21 10:27:49.946root 11241100x8000000000000000353370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30fca626ea589802021-12-21 10:27:49.946root 11241100x8000000000000000353371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.827e36b3abe0b2a52021-12-21 10:27:49.947root 11241100x8000000000000000353372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7699277df9e3052021-12-21 10:27:49.947root 11241100x8000000000000000353373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963a65e7ed2774d62021-12-21 10:27:49.947root 11241100x8000000000000000353374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aacefce26efeec732021-12-21 10:27:49.948root 11241100x8000000000000000353375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927ff4a837c2814b2021-12-21 10:27:49.949root 11241100x8000000000000000353376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7070b69538398bcd2021-12-21 10:27:49.949root 11241100x8000000000000000353377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63bc1946e95ad75e2021-12-21 10:27:49.949root 11241100x8000000000000000353378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9fcdda7c5a0de92021-12-21 10:27:49.950root 11241100x8000000000000000353379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ea3d7449bdf1b172021-12-21 10:27:49.950root 11241100x8000000000000000353380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc19658db2e1b002021-12-21 10:27:49.950root 11241100x8000000000000000353381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1179f7126ab39e2021-12-21 10:27:49.950root 11241100x8000000000000000353382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e0e343bf1894a612021-12-21 10:27:49.951root 11241100x8000000000000000353383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527691d6c97fb2372021-12-21 10:27:49.951root 11241100x8000000000000000353384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3613d52efece865c2021-12-21 10:27:49.951root 11241100x8000000000000000353385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a404ed7ac60a942021-12-21 10:27:49.951root 11241100x8000000000000000353386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75b75df7f0309712021-12-21 10:27:49.951root 11241100x8000000000000000353387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da80e5f54a92d462021-12-21 10:27:49.952root 11241100x8000000000000000353388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:49.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a7bfda54cc82d02021-12-21 10:27:49.952root 354300x8000000000000000353389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.037{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47134-false10.0.1.12-8000- 154100x8000000000000000353390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.167{ec2b6afe-ac26-61c1-e846-291853560000}5699/bin/ls-----ls --color=auto/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash-bashubuntu 534500x8000000000000000353391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.170{ec2b6afe-ac26-61c1-e846-291853560000}5699/bin/lsubuntu 11241100x8000000000000000353392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d4f5ac9d89379fa2021-12-21 10:27:50.443root 11241100x8000000000000000353393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f990e30bae7f853f2021-12-21 10:27:50.443root 11241100x8000000000000000353394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.749e112f6875e9482021-12-21 10:27:50.443root 11241100x8000000000000000353395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56631cf26df834382021-12-21 10:27:50.444root 11241100x8000000000000000353396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba647611b5f56cd42021-12-21 10:27:50.444root 11241100x8000000000000000353397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb5b9860516388f2021-12-21 10:27:50.444root 11241100x8000000000000000353398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79701a2bd4045b812021-12-21 10:27:50.444root 11241100x8000000000000000353399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32bd4770b54404672021-12-21 10:27:50.445root 11241100x8000000000000000353400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3582e5ac1026c12021-12-21 10:27:50.445root 11241100x8000000000000000353401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e7ec6c9f36d1172021-12-21 10:27:50.445root 11241100x8000000000000000353402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cad5c24df903b1b2021-12-21 10:27:50.445root 11241100x8000000000000000353403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d19bc9edac03972021-12-21 10:27:50.445root 11241100x8000000000000000353404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a70491111dbc512021-12-21 10:27:50.445root 11241100x8000000000000000353405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9964c628f561c82021-12-21 10:27:50.445root 11241100x8000000000000000353406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f63404cd51b4ad5b2021-12-21 10:27:50.445root 11241100x8000000000000000353407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a3257f3bf0925e2021-12-21 10:27:50.445root 11241100x8000000000000000353408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86bb568fcde71092021-12-21 10:27:50.445root 11241100x8000000000000000353409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26343960decb64652021-12-21 10:27:50.445root 11241100x8000000000000000353410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1422b17016512f2021-12-21 10:27:50.445root 11241100x8000000000000000353411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eafc8a9f6df4c262021-12-21 10:27:50.445root 11241100x8000000000000000353412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed71fa46db66ab0c2021-12-21 10:27:50.445root 11241100x8000000000000000353413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18d0167727c9b9f2021-12-21 10:27:50.445root 11241100x8000000000000000353414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393875aa6791058b2021-12-21 10:27:50.445root 11241100x8000000000000000353415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957afd6c58348ed02021-12-21 10:27:50.446root 11241100x8000000000000000353416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a778780503106d2021-12-21 10:27:50.446root 11241100x8000000000000000353417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be92c122745765cc2021-12-21 10:27:50.446root 11241100x8000000000000000353418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8010989b725e31752021-12-21 10:27:50.446root 11241100x8000000000000000353419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772f3092af0d139f2021-12-21 10:27:50.446root 11241100x8000000000000000353420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a33144f585f7c32021-12-21 10:27:50.446root 11241100x8000000000000000353421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd542d87d7d610072021-12-21 10:27:50.446root 11241100x8000000000000000353422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5251fb9cd2fa14842021-12-21 10:27:50.446root 11241100x8000000000000000353423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e5d338e82ef4b72021-12-21 10:27:50.446root 11241100x8000000000000000353424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f93d0e47377498ae2021-12-21 10:27:50.446root 11241100x8000000000000000353425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d268aa6c692ede442021-12-21 10:27:50.447root 11241100x8000000000000000353426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.273c5e0c509aad7c2021-12-21 10:27:50.447root 11241100x8000000000000000353427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a2a8680350ec1c2021-12-21 10:27:50.447root 11241100x8000000000000000353428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfefeae470ba9352021-12-21 10:27:50.943root 11241100x8000000000000000353429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92825230f9048b172021-12-21 10:27:50.943root 11241100x8000000000000000353430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf38e40e2c81b0ba2021-12-21 10:27:50.943root 11241100x8000000000000000353431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9652779320b34422021-12-21 10:27:50.943root 11241100x8000000000000000353432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ed56b527c1a1a22021-12-21 10:27:50.944root 11241100x8000000000000000353433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186c4edb0acc49912021-12-21 10:27:50.944root 11241100x8000000000000000353434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.703aa0aa5a222d732021-12-21 10:27:50.944root 11241100x8000000000000000353435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e1079e8abab7f92021-12-21 10:27:50.944root 11241100x8000000000000000353436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c7c3680f5742a02021-12-21 10:27:50.944root 11241100x8000000000000000353437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87765e616c3721c2021-12-21 10:27:50.944root 11241100x8000000000000000353438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be04460632d54b62021-12-21 10:27:50.944root 11241100x8000000000000000353439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bc38c0650fd4f12021-12-21 10:27:50.944root 11241100x8000000000000000353440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.203915042394d0bf2021-12-21 10:27:50.944root 11241100x8000000000000000353441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eade82b05a911e3c2021-12-21 10:27:50.944root 11241100x8000000000000000353442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5040e0731415422021-12-21 10:27:50.944root 11241100x8000000000000000353443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897913b0d56f057e2021-12-21 10:27:50.944root 11241100x8000000000000000353444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02612636568ef9aa2021-12-21 10:27:50.945root 11241100x8000000000000000353445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a275df8fb50d42222021-12-21 10:27:50.945root 11241100x8000000000000000353446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21da2d562b575ac92021-12-21 10:27:50.945root 11241100x8000000000000000353447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd52cd1549a8a25c2021-12-21 10:27:50.945root 11241100x8000000000000000353448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de0e5d89039d4a62021-12-21 10:27:50.945root 11241100x8000000000000000353449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d5ed336971a8c22021-12-21 10:27:50.945root 11241100x8000000000000000353450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2c9b027dd4c7b12021-12-21 10:27:50.945root 11241100x8000000000000000353451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52737697b67570672021-12-21 10:27:50.945root 11241100x8000000000000000353452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b663b92b142aefd52021-12-21 10:27:50.946root 11241100x8000000000000000353453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1858754525850f2f2021-12-21 10:27:50.946root 11241100x8000000000000000353454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288457a1ef7ea6272021-12-21 10:27:50.946root 11241100x8000000000000000353455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7223370925937c2021-12-21 10:27:50.946root 11241100x8000000000000000353456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d46fa8ab5b9db242021-12-21 10:27:50.946root 11241100x8000000000000000353457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc5321ef98389502021-12-21 10:27:50.946root 11241100x8000000000000000353458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87c8a10470b71a62021-12-21 10:27:50.946root 11241100x8000000000000000353459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785d27aca497e1452021-12-21 10:27:50.947root 11241100x8000000000000000353460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d1fb20dd59efab2021-12-21 10:27:50.947root 11241100x8000000000000000353461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788d3b907498b6722021-12-21 10:27:50.947root 11241100x8000000000000000353462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d0f83bba25f6e42021-12-21 10:27:50.947root 11241100x8000000000000000353463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18db3d7bc627b1162021-12-21 10:27:50.947root 11241100x8000000000000000353464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c80acc2c58700af2021-12-21 10:27:50.947root 11241100x8000000000000000353465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361eccaf5a574f5c2021-12-21 10:27:50.947root 11241100x8000000000000000353466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bf80385b50fbc5c2021-12-21 10:27:51.443root 11241100x8000000000000000353467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f22951eaff1a62d2021-12-21 10:27:51.443root 11241100x8000000000000000353468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac551f3b4567b65f2021-12-21 10:27:51.443root 11241100x8000000000000000353469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64f38bb422beb752021-12-21 10:27:51.443root 11241100x8000000000000000353470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6023a80453cada2021-12-21 10:27:51.443root 11241100x8000000000000000353471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ecb17b6e1121d422021-12-21 10:27:51.443root 11241100x8000000000000000353472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e5563b778f1c8b2021-12-21 10:27:51.444root 11241100x8000000000000000353473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c30088b8d2520d82021-12-21 10:27:51.444root 11241100x8000000000000000353474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0881056b5c3991692021-12-21 10:27:51.444root 11241100x8000000000000000353475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fbc8f517a4ada02021-12-21 10:27:51.444root 11241100x8000000000000000353476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f40b27e6647b592021-12-21 10:27:51.444root 11241100x8000000000000000353477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d128c68900c085c02021-12-21 10:27:51.444root 11241100x8000000000000000353478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4faa9b82e4899e4e2021-12-21 10:27:51.444root 11241100x8000000000000000353479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8c0d3845aa255d2021-12-21 10:27:51.444root 11241100x8000000000000000353480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572ea57181f7a00e2021-12-21 10:27:51.444root 11241100x8000000000000000353481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492bf1c2f0b2303b2021-12-21 10:27:51.444root 11241100x8000000000000000353482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d239d3904b8b89e62021-12-21 10:27:51.444root 11241100x8000000000000000353483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b83ee89c3b1d462021-12-21 10:27:51.444root 11241100x8000000000000000353484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1f75895592a0c02021-12-21 10:27:51.444root 11241100x8000000000000000353485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c285c27564149ab2021-12-21 10:27:51.444root 11241100x8000000000000000353486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3d02676e727b902021-12-21 10:27:51.444root 11241100x8000000000000000353487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a01e203f3e64c52021-12-21 10:27:51.444root 11241100x8000000000000000353488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d8a506183b605f2021-12-21 10:27:51.445root 11241100x8000000000000000353489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd2a87495e4f80c62021-12-21 10:27:51.445root 11241100x8000000000000000353490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e8a87d1543df122021-12-21 10:27:51.445root 11241100x8000000000000000353491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693613ef5a5192af2021-12-21 10:27:51.445root 11241100x8000000000000000353492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73f8d0263c0f9c72021-12-21 10:27:51.445root 11241100x8000000000000000353493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c2af934f9f76e4a2021-12-21 10:27:51.445root 11241100x8000000000000000353494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de373cce8730d3982021-12-21 10:27:51.445root 11241100x8000000000000000353495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2af8c698d22674bd2021-12-21 10:27:51.445root 11241100x8000000000000000353496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab5f4ef5f05f0462021-12-21 10:27:51.445root 11241100x8000000000000000353497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345bd7fab68f79062021-12-21 10:27:51.445root 11241100x8000000000000000353498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9ab45d7d5dcd2c2021-12-21 10:27:51.445root 11241100x8000000000000000353499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c00ec2bed9a0f52021-12-21 10:27:51.445root 11241100x8000000000000000353500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c1e8394d3ff80fe2021-12-21 10:27:51.445root 11241100x8000000000000000353501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f8ddb3ed1286652021-12-21 10:27:51.445root 11241100x8000000000000000353502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edcb01c7765dfc022021-12-21 10:27:51.445root 11241100x8000000000000000353503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154ff346299fb9032021-12-21 10:27:51.445root 11241100x8000000000000000353504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e109563331476262021-12-21 10:27:51.446root 11241100x8000000000000000353505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a6c070aab4e62a2021-12-21 10:27:51.446root 11241100x8000000000000000353506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774e4bfbb44b3ae12021-12-21 10:27:51.446root 11241100x8000000000000000353507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b19fe186481bc32021-12-21 10:27:51.446root 11241100x8000000000000000353508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a678d5b574bfcb2021-12-21 10:27:51.446root 11241100x8000000000000000353509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75a4f23f035f11a2021-12-21 10:27:51.447root 11241100x8000000000000000353510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce53ffa57aa32fe12021-12-21 10:27:51.447root 11241100x8000000000000000353511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562898c2254729262021-12-21 10:27:51.447root 11241100x8000000000000000353512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.945935bd21e61ce32021-12-21 10:27:51.447root 11241100x8000000000000000353513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8442f4715bab1b2021-12-21 10:27:51.448root 11241100x8000000000000000353514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8543f5bfc0c17fbd2021-12-21 10:27:51.448root 11241100x8000000000000000353515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18cf52b9d56a34e82021-12-21 10:27:51.448root 11241100x8000000000000000353516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b38077964a9ab02021-12-21 10:27:51.448root 11241100x8000000000000000353517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eececa0d5bc32952021-12-21 10:27:51.448root 11241100x8000000000000000353518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f3e243189b4010e2021-12-21 10:27:51.448root 11241100x8000000000000000353519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfad5847f9fcfa722021-12-21 10:27:51.448root 11241100x8000000000000000353520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b5a00038dc899fd2021-12-21 10:27:51.448root 11241100x8000000000000000353521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ddf2762d2be23c12021-12-21 10:27:51.449root 11241100x8000000000000000353522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c66e54d4e92a352021-12-21 10:27:51.449root 11241100x8000000000000000353523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e620a391279391052021-12-21 10:27:51.449root 11241100x8000000000000000353524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3345a3a5c897572021-12-21 10:27:51.449root 11241100x8000000000000000353525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4dc7afc260847b82021-12-21 10:27:51.449root 11241100x8000000000000000353526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888351f5209f60c52021-12-21 10:27:51.450root 11241100x8000000000000000353527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1da0ab8e4ab609f2021-12-21 10:27:51.450root 11241100x8000000000000000353528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbbbe1c4a6272732021-12-21 10:27:51.450root 11241100x8000000000000000353529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65b45cfb53643a92021-12-21 10:27:51.450root 11241100x8000000000000000353530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa78b0a179eb70c92021-12-21 10:27:51.450root 11241100x8000000000000000353531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ea744e26a9ea2702021-12-21 10:27:51.943root 11241100x8000000000000000353532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb5ab2fb71c18382021-12-21 10:27:51.943root 11241100x8000000000000000353533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f6d14ab637c9dd2021-12-21 10:27:51.943root 11241100x8000000000000000353534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b403e32dbe862d2021-12-21 10:27:51.943root 11241100x8000000000000000353535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72459449b17e7dae2021-12-21 10:27:51.944root 11241100x8000000000000000353536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffacb88cf2e0b372021-12-21 10:27:51.944root 11241100x8000000000000000353537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7c75702ba247c92021-12-21 10:27:51.944root 11241100x8000000000000000353538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d3a6869f6f561c2021-12-21 10:27:51.944root 11241100x8000000000000000353539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea43bc1856209bbb2021-12-21 10:27:51.944root 11241100x8000000000000000353540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9c93f8216256f32021-12-21 10:27:51.944root 11241100x8000000000000000353541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0179d1afb99bbed62021-12-21 10:27:51.944root 11241100x8000000000000000353542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055a782b1f7ecf7d2021-12-21 10:27:51.944root 11241100x8000000000000000353543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7c46a6e608ef662021-12-21 10:27:51.945root 11241100x8000000000000000353544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ab57ed6713592c2021-12-21 10:27:51.945root 11241100x8000000000000000353545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.919fbe64c932b3d92021-12-21 10:27:51.945root 11241100x8000000000000000353546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec968c616be70242021-12-21 10:27:51.945root 11241100x8000000000000000353547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67e5725358d924a72021-12-21 10:27:51.945root 11241100x8000000000000000353548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.784347e22d0abe162021-12-21 10:27:51.945root 11241100x8000000000000000353549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924a673a5f4743472021-12-21 10:27:51.945root 11241100x8000000000000000353550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc262a936c95eacc2021-12-21 10:27:51.945root 11241100x8000000000000000353551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a3e879afc663df2021-12-21 10:27:51.945root 11241100x8000000000000000353552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b94d0fa316ab042021-12-21 10:27:51.946root 11241100x8000000000000000353553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160d5a518145b4292021-12-21 10:27:51.946root 11241100x8000000000000000353554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a8825185878e462021-12-21 10:27:51.946root 11241100x8000000000000000353555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d9fdaabe1a11392021-12-21 10:27:51.946root 11241100x8000000000000000353556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0edc8669cc356fe92021-12-21 10:27:51.946root 11241100x8000000000000000353557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57322198a578c1862021-12-21 10:27:51.946root 11241100x8000000000000000353558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d57ac9dab17b9e52021-12-21 10:27:51.946root 11241100x8000000000000000353559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44afa3fac2d41a552021-12-21 10:27:51.946root 11241100x8000000000000000353560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9e7c0bae3885592021-12-21 10:27:51.946root 11241100x8000000000000000353561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4c0d0e56aaaf732021-12-21 10:27:51.947root 11241100x8000000000000000353562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3931d94ffed0bba12021-12-21 10:27:51.947root 11241100x8000000000000000353563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e05caffeae659a142021-12-21 10:27:51.947root 11241100x8000000000000000353564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88dd772383e5f4aa2021-12-21 10:27:51.947root 11241100x8000000000000000353565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:51.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9295aba758fb14102021-12-21 10:27:51.947root 11241100x8000000000000000353566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6284f60193eb2c942021-12-21 10:27:52.443root 11241100x8000000000000000353567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc7918a208431122021-12-21 10:27:52.443root 11241100x8000000000000000353568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63aa1b060f515c52021-12-21 10:27:52.444root 11241100x8000000000000000353569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae4390ee65a9ffd2021-12-21 10:27:52.444root 11241100x8000000000000000353570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8363f23d09b12b22021-12-21 10:27:52.444root 11241100x8000000000000000353571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3f74f33a293a302021-12-21 10:27:52.444root 11241100x8000000000000000353572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91768673e52c15f2021-12-21 10:27:52.444root 11241100x8000000000000000353573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1179b0727e6c0d422021-12-21 10:27:52.444root 11241100x8000000000000000353574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f428e2667c7bb28b2021-12-21 10:27:52.445root 11241100x8000000000000000353575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c54fe0cfd057432021-12-21 10:27:52.445root 11241100x8000000000000000353576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813174f79bff4d3c2021-12-21 10:27:52.445root 11241100x8000000000000000353577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e594a23e4a93de572021-12-21 10:27:52.445root 11241100x8000000000000000353578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c72ce86826dd6b2021-12-21 10:27:52.445root 11241100x8000000000000000353579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a3f78c3204478f2021-12-21 10:27:52.445root 11241100x8000000000000000353580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4542e7b3323cd2972021-12-21 10:27:52.445root 11241100x8000000000000000353581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00629e0a0d55e392021-12-21 10:27:52.446root 11241100x8000000000000000353582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3c16810f6ec8d52021-12-21 10:27:52.446root 11241100x8000000000000000353583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c822c3a5fb1f211c2021-12-21 10:27:52.446root 11241100x8000000000000000353584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5df47bcc22e4dce2021-12-21 10:27:52.446root 11241100x8000000000000000353585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e1e1779c7357ae2021-12-21 10:27:52.446root 11241100x8000000000000000353586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc9877ede021c0d2021-12-21 10:27:52.446root 11241100x8000000000000000353587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f32b9307b8e97ce2021-12-21 10:27:52.449root 11241100x8000000000000000353588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3ed0da0e0ae88d2021-12-21 10:27:52.449root 11241100x8000000000000000353589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee48f17d8d2c14c2021-12-21 10:27:52.449root 11241100x8000000000000000353590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72506182ca4496002021-12-21 10:27:52.449root 11241100x8000000000000000353591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62db2de061e22da32021-12-21 10:27:52.449root 11241100x8000000000000000353592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c5d5d1815235ded2021-12-21 10:27:52.450root 11241100x8000000000000000353593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4cf970608770762021-12-21 10:27:52.450root 11241100x8000000000000000353594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b82b20b3d70fb02021-12-21 10:27:52.450root 11241100x8000000000000000353595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b889ea8ee11c4fe12021-12-21 10:27:52.450root 11241100x8000000000000000353596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8eab60d1c9f2b672021-12-21 10:27:52.450root 11241100x8000000000000000353597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f687bc94a3128f22021-12-21 10:27:52.943root 11241100x8000000000000000353598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1169197dfa772ac72021-12-21 10:27:52.943root 11241100x8000000000000000353599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebaba353b7d15bd32021-12-21 10:27:52.943root 11241100x8000000000000000353600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ae095bc97dd9a92021-12-21 10:27:52.943root 11241100x8000000000000000353601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65dbac32630c04c92021-12-21 10:27:52.944root 11241100x8000000000000000353602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e6f4046b6cac7b2021-12-21 10:27:52.944root 11241100x8000000000000000353603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8852200e5b5f70aa2021-12-21 10:27:52.944root 11241100x8000000000000000353604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37000d60d5147a652021-12-21 10:27:52.944root 11241100x8000000000000000353605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff4673f4c25e26732021-12-21 10:27:52.944root 11241100x8000000000000000353606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2973119488b1c41c2021-12-21 10:27:52.944root 11241100x8000000000000000353607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60b018376dd86372021-12-21 10:27:52.944root 11241100x8000000000000000353608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987091c7da193efc2021-12-21 10:27:52.944root 11241100x8000000000000000353609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df38a9de2bdbb1d72021-12-21 10:27:52.945root 11241100x8000000000000000353610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14876a18599a1e7b2021-12-21 10:27:52.945root 11241100x8000000000000000353611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6744835ade579f672021-12-21 10:27:52.945root 11241100x8000000000000000353612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9daced025eb3cf12021-12-21 10:27:52.945root 11241100x8000000000000000353613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9cfa6fe0b96d012021-12-21 10:27:52.945root 11241100x8000000000000000353614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2e4964538cd67a2021-12-21 10:27:52.945root 11241100x8000000000000000353615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.262f63827d16c5ea2021-12-21 10:27:52.945root 11241100x8000000000000000353616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d68a66a9401d08b2021-12-21 10:27:52.945root 11241100x8000000000000000353617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bfabc8e08cc3572021-12-21 10:27:52.945root 11241100x8000000000000000353618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75130569e2977a6f2021-12-21 10:27:52.945root 11241100x8000000000000000353619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b286371ac3b0cd762021-12-21 10:27:52.945root 11241100x8000000000000000353620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4518d653e9feb8282021-12-21 10:27:52.946root 11241100x8000000000000000353621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4314b3e0e7ba30d32021-12-21 10:27:52.946root 11241100x8000000000000000353622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.380aa42eb575ae4b2021-12-21 10:27:52.946root 11241100x8000000000000000353623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6fc62a08a8b6e022021-12-21 10:27:52.946root 11241100x8000000000000000353624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ec99569a02e1f32021-12-21 10:27:52.946root 11241100x8000000000000000353625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc74b48ad96b0362021-12-21 10:27:52.946root 11241100x8000000000000000353626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7175195d12e39a2021-12-21 10:27:52.946root 11241100x8000000000000000353627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e804a47cb8d5cb4f2021-12-21 10:27:52.946root 11241100x8000000000000000353628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9c927a2456428072021-12-21 10:27:52.946root 11241100x8000000000000000353629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7c92433083a7012021-12-21 10:27:52.947root 11241100x8000000000000000353630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6833c06fae39482021-12-21 10:27:52.947root 11241100x8000000000000000353631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35348bc420dc3fde2021-12-21 10:27:52.947root 11241100x8000000000000000353632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5d8a46f0344e112021-12-21 10:27:52.947root 11241100x8000000000000000353633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32016c0019c529392021-12-21 10:27:53.443root 11241100x8000000000000000353634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe631398a82547582021-12-21 10:27:53.443root 11241100x8000000000000000353635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f279bd5acf19b0a2021-12-21 10:27:53.443root 11241100x8000000000000000353636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3746b77d7909ac82021-12-21 10:27:53.443root 11241100x8000000000000000353637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da547e0d7898b73c2021-12-21 10:27:53.444root 11241100x8000000000000000353638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3f7d377a289ca42021-12-21 10:27:53.444root 11241100x8000000000000000353639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642c2246b04f14a42021-12-21 10:27:53.444root 11241100x8000000000000000353640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.622334a40a455d322021-12-21 10:27:53.444root 11241100x8000000000000000353641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26412fc6b3508fd92021-12-21 10:27:53.445root 11241100x8000000000000000353642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0915710c8310b42021-12-21 10:27:53.445root 11241100x8000000000000000353643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df3afbf8ba3a4732021-12-21 10:27:53.445root 11241100x8000000000000000353644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa69d440f43cd31f2021-12-21 10:27:53.445root 11241100x8000000000000000353645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82f8a06d8ff8dd72021-12-21 10:27:53.445root 11241100x8000000000000000353646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20a4d418c6116fe12021-12-21 10:27:53.446root 11241100x8000000000000000353647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34af9c6aabb7adcf2021-12-21 10:27:53.446root 11241100x8000000000000000353648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc3492d50108bab2021-12-21 10:27:53.446root 11241100x8000000000000000353649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acf7d59260c486502021-12-21 10:27:53.446root 11241100x8000000000000000353650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca1fc3fec7443d222021-12-21 10:27:53.446root 11241100x8000000000000000353651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa15b288b34027b2021-12-21 10:27:53.447root 11241100x8000000000000000353652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f46eea18f64cc72021-12-21 10:27:53.447root 11241100x8000000000000000353653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d645e317040ac2102021-12-21 10:27:53.447root 11241100x8000000000000000353654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869a2c4f3b4d03462021-12-21 10:27:53.447root 11241100x8000000000000000353655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.679c235850cfb43c2021-12-21 10:27:53.447root 11241100x8000000000000000353656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.522774e88a80cf2f2021-12-21 10:27:53.448root 11241100x8000000000000000353657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76fad58bfeb410452021-12-21 10:27:53.448root 11241100x8000000000000000353658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a447f4b0a38d32d82021-12-21 10:27:53.448root 11241100x8000000000000000353659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b50dc984e73bf32021-12-21 10:27:53.448root 11241100x8000000000000000353660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70edfc4961f2009d2021-12-21 10:27:53.448root 11241100x8000000000000000353661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab8eccabf8f94c12021-12-21 10:27:53.449root 11241100x8000000000000000353662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721aefd25b1b273c2021-12-21 10:27:53.449root 11241100x8000000000000000353663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40cd26c66cb0b02d2021-12-21 10:27:53.449root 11241100x8000000000000000353664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c603da4619b9a042021-12-21 10:27:53.449root 11241100x8000000000000000353665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beada64243a42a8a2021-12-21 10:27:53.449root 11241100x8000000000000000353666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419c6be593e293a02021-12-21 10:27:53.450root 11241100x8000000000000000353667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f42fd2356e7a7982021-12-21 10:27:53.943root 11241100x8000000000000000353668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca9d7c30fd9ee6a2021-12-21 10:27:53.943root 11241100x8000000000000000353669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6079211613b380ca2021-12-21 10:27:53.943root 11241100x8000000000000000353670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a452199353a429252021-12-21 10:27:53.943root 11241100x8000000000000000353671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38dc198a1099cee92021-12-21 10:27:53.944root 11241100x8000000000000000353672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa477ed27db3f932021-12-21 10:27:53.944root 11241100x8000000000000000353673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9377420203284d2021-12-21 10:27:53.944root 11241100x8000000000000000353674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0185c9a006ba887d2021-12-21 10:27:53.944root 11241100x8000000000000000353675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3c2ba7361a89962021-12-21 10:27:53.944root 11241100x8000000000000000353676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a542ec58e96640e82021-12-21 10:27:53.944root 11241100x8000000000000000353677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e8358e631bdf2c2021-12-21 10:27:53.944root 11241100x8000000000000000353678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb6beea6f2154f02021-12-21 10:27:53.944root 11241100x8000000000000000353679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85453162b24a45582021-12-21 10:27:53.945root 11241100x8000000000000000353680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19082a8b77e5782a2021-12-21 10:27:53.945root 11241100x8000000000000000353681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f23ba71f7467e4a2021-12-21 10:27:53.945root 11241100x8000000000000000353682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82e4a87dc241fb712021-12-21 10:27:53.945root 11241100x8000000000000000353683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c18888f09b74d72021-12-21 10:27:53.945root 11241100x8000000000000000353684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15fc674ab27acd3b2021-12-21 10:27:53.945root 11241100x8000000000000000353685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5512a42b38685f1c2021-12-21 10:27:53.945root 11241100x8000000000000000353686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dd6b377e09c265e2021-12-21 10:27:53.945root 11241100x8000000000000000353687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9f99828584ff3f2021-12-21 10:27:53.947root 11241100x8000000000000000353688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a543c020bd4065032021-12-21 10:27:53.947root 11241100x8000000000000000353689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e22058d44e31862021-12-21 10:27:53.947root 11241100x8000000000000000353690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b816f2dedf7d0f852021-12-21 10:27:53.947root 11241100x8000000000000000353691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a132b0f4c60ce3fc2021-12-21 10:27:53.948root 11241100x8000000000000000353692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2508656f172d9bcc2021-12-21 10:27:53.948root 11241100x8000000000000000353693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5a0585fd8e41512021-12-21 10:27:53.948root 11241100x8000000000000000353694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.872d3e4a11c363cb2021-12-21 10:27:53.948root 11241100x8000000000000000353695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac9b2493cd0573a2021-12-21 10:27:53.948root 11241100x8000000000000000353696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577207c50ef6af2d2021-12-21 10:27:53.948root 11241100x8000000000000000353697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.338420d3221804612021-12-21 10:27:53.948root 11241100x8000000000000000353698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5de7e044f73fe832021-12-21 10:27:53.948root 11241100x8000000000000000353699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778017f7ca7d0c062021-12-21 10:27:53.948root 11241100x8000000000000000353700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce058ca93baef232021-12-21 10:27:53.948root 11241100x8000000000000000353701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f059237d71d3c572021-12-21 10:27:54.443root 11241100x8000000000000000353702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8634f3b7b523fc82021-12-21 10:27:54.444root 11241100x8000000000000000353703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f7077b6d4882a52021-12-21 10:27:54.444root 11241100x8000000000000000353704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df176504d32e9fa2021-12-21 10:27:54.444root 11241100x8000000000000000353705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b2f002d474e1782021-12-21 10:27:54.444root 11241100x8000000000000000353706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92584e83a8aa84602021-12-21 10:27:54.444root 11241100x8000000000000000353707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba78908631d9f5f02021-12-21 10:27:54.445root 11241100x8000000000000000353708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882085547f6c327b2021-12-21 10:27:54.445root 11241100x8000000000000000353709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d011ac687dd0f28f2021-12-21 10:27:54.445root 11241100x8000000000000000353710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92934e37154b11342021-12-21 10:27:54.445root 11241100x8000000000000000353711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34851f78b00eebd72021-12-21 10:27:54.445root 11241100x8000000000000000353712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d1d3216e754aca2021-12-21 10:27:54.446root 11241100x8000000000000000353713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08b563cff3b207e22021-12-21 10:27:54.446root 11241100x8000000000000000353714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1676f750b84cb22021-12-21 10:27:54.446root 11241100x8000000000000000353715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37dad5b993664a42021-12-21 10:27:54.446root 11241100x8000000000000000353716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73a2ab146de953a2021-12-21 10:27:54.446root 11241100x8000000000000000353717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aab2b0cafaf9ac62021-12-21 10:27:54.446root 11241100x8000000000000000353718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5fe2034cf1000b22021-12-21 10:27:54.446root 11241100x8000000000000000353719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69e1108eab17df82021-12-21 10:27:54.446root 11241100x8000000000000000353720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d2f5ab5d34e5812021-12-21 10:27:54.446root 11241100x8000000000000000353721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86081848efbd96b92021-12-21 10:27:54.446root 11241100x8000000000000000353722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34acc926a49065e2021-12-21 10:27:54.447root 11241100x8000000000000000353723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac23575514d6f9872021-12-21 10:27:54.447root 11241100x8000000000000000353724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba252c11e22878b2021-12-21 10:27:54.447root 11241100x8000000000000000353725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.448caf8c528c6c942021-12-21 10:27:54.447root 11241100x8000000000000000353726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dea287526a02af62021-12-21 10:27:54.447root 11241100x8000000000000000353727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72446d3a62ae9a982021-12-21 10:27:54.447root 11241100x8000000000000000353728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df87e1c58edb7ca2021-12-21 10:27:54.448root 11241100x8000000000000000353729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ff4a68e30f6bbd2021-12-21 10:27:54.448root 11241100x8000000000000000353730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84acc43ee443fd7b2021-12-21 10:27:54.448root 11241100x8000000000000000353731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e64f921897089b12021-12-21 10:27:54.448root 11241100x8000000000000000353732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c9cf922c3511ae2021-12-21 10:27:54.943root 11241100x8000000000000000353733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b675073cff8394202021-12-21 10:27:54.943root 11241100x8000000000000000353734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0f310d16ae2fc02021-12-21 10:27:54.943root 11241100x8000000000000000353735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a15b91a522222c7a2021-12-21 10:27:54.944root 11241100x8000000000000000353736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006462aed2353c4b2021-12-21 10:27:54.944root 11241100x8000000000000000353737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ba43c4710dfee02021-12-21 10:27:54.944root 11241100x8000000000000000353738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16e9d358412d5872021-12-21 10:27:54.944root 11241100x8000000000000000353739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b924fc103bc0e6372021-12-21 10:27:54.944root 11241100x8000000000000000353740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581bf3623ac088a62021-12-21 10:27:54.944root 11241100x8000000000000000353741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5756626f770dd2322021-12-21 10:27:54.944root 11241100x8000000000000000353742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4c9dfc80b3a7da2021-12-21 10:27:54.944root 11241100x8000000000000000353743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00ea5665f1693a292021-12-21 10:27:54.944root 11241100x8000000000000000353744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9e7bb540822b562021-12-21 10:27:54.944root 11241100x8000000000000000353745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e82d79a12420df12021-12-21 10:27:54.945root 11241100x8000000000000000353746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0b902c2df0274a2021-12-21 10:27:54.945root 11241100x8000000000000000353747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3eaf4d535cfcc8f2021-12-21 10:27:54.945root 11241100x8000000000000000353748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10057dd8db394b12021-12-21 10:27:54.945root 11241100x8000000000000000353749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbfb7cdf2c1196122021-12-21 10:27:54.945root 11241100x8000000000000000353750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80bc368576456d662021-12-21 10:27:54.945root 11241100x8000000000000000353751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69db81234b1780b52021-12-21 10:27:54.945root 11241100x8000000000000000353752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603da4e7f2d730e92021-12-21 10:27:54.945root 11241100x8000000000000000353753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b858692b19597a32021-12-21 10:27:54.945root 11241100x8000000000000000353754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84f248627333c7a02021-12-21 10:27:54.945root 11241100x8000000000000000353755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36801685951df4cd2021-12-21 10:27:54.945root 11241100x8000000000000000353756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.246d82102da39afd2021-12-21 10:27:54.946root 11241100x8000000000000000353757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec8d2ac8e550e932021-12-21 10:27:54.946root 11241100x8000000000000000353758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300eb64d76ccfb682021-12-21 10:27:54.946root 11241100x8000000000000000353759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1751caa43be32d522021-12-21 10:27:54.946root 11241100x8000000000000000353760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67212db43c9749e52021-12-21 10:27:54.946root 11241100x8000000000000000353761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c0033a25adc0312021-12-21 10:27:54.946root 11241100x8000000000000000353762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.575464ad966840c02021-12-21 10:27:54.946root 11241100x8000000000000000353763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5919c096bd1a7722021-12-21 10:27:54.946root 11241100x8000000000000000353764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ec8742af27fad92021-12-21 10:27:54.946root 11241100x8000000000000000353765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ca0ffe2442b9212021-12-21 10:27:54.946root 11241100x8000000000000000353766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4b0c87d38e44db82021-12-21 10:27:54.947root 11241100x8000000000000000353767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13f8a6ede9d41a42021-12-21 10:27:54.947root 354300x8000000000000000353768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.058{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47136-false10.0.1.12-8000- 11241100x8000000000000000353769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74c86c07187c7da2021-12-21 10:27:55.443root 11241100x8000000000000000353770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc527ee4daff73f2021-12-21 10:27:55.443root 11241100x8000000000000000353771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618b00eef25ca2712021-12-21 10:27:55.443root 11241100x8000000000000000353772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9865704c3914821c2021-12-21 10:27:55.443root 11241100x8000000000000000353773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c55cc24865caa092021-12-21 10:27:55.444root 11241100x8000000000000000353774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452017e725e8a0ef2021-12-21 10:27:55.444root 11241100x8000000000000000353775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3b8dfe9ef70eca2021-12-21 10:27:55.444root 11241100x8000000000000000353776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe6ee76e03f9e8142021-12-21 10:27:55.445root 11241100x8000000000000000353777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97fbcf662e3a7cc62021-12-21 10:27:55.445root 11241100x8000000000000000353778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5d808098fd46c62021-12-21 10:27:55.445root 11241100x8000000000000000353779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8380c634a5e7ff2021-12-21 10:27:55.445root 11241100x8000000000000000353780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe775eed0ab58532021-12-21 10:27:55.446root 11241100x8000000000000000353781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e41174185f91852021-12-21 10:27:55.446root 11241100x8000000000000000353782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d9e8936823dbbd12021-12-21 10:27:55.447root 11241100x8000000000000000353783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3743e8dcb266162021-12-21 10:27:55.447root 11241100x8000000000000000353784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f76971745cecbd2021-12-21 10:27:55.447root 11241100x8000000000000000353785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5730acc1dbd4b0de2021-12-21 10:27:55.447root 11241100x8000000000000000353786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d072f370f64bc3d2021-12-21 10:27:55.448root 11241100x8000000000000000353787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23cccffba380c6782021-12-21 10:27:55.448root 11241100x8000000000000000353788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b06a72f425f3ed2021-12-21 10:27:55.449root 11241100x8000000000000000353789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec7f1eafc38dd972021-12-21 10:27:55.449root 11241100x8000000000000000353790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965035b05e0d623d2021-12-21 10:27:55.449root 11241100x8000000000000000353791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010d151e1d4baaeb2021-12-21 10:27:55.451root 11241100x8000000000000000353792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c2d583fac12f502021-12-21 10:27:55.452root 11241100x8000000000000000353793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5947075821d6fa702021-12-21 10:27:55.452root 11241100x8000000000000000353794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ce8ddb344168cd2021-12-21 10:27:55.452root 11241100x8000000000000000353795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7542a43ea364fa2021-12-21 10:27:55.453root 11241100x8000000000000000353796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fdd24f026663a5c2021-12-21 10:27:55.453root 11241100x8000000000000000353797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b5d83ea83f2e2432021-12-21 10:27:55.454root 11241100x8000000000000000353798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76f16e5104a64e22021-12-21 10:27:55.454root 11241100x8000000000000000353799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f1e3660c0628fe2021-12-21 10:27:55.455root 11241100x8000000000000000353800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6021e7ac4daba6202021-12-21 10:27:55.455root 11241100x8000000000000000353801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fee67910cf446372021-12-21 10:27:55.943root 11241100x8000000000000000353802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5f436264ba17f92021-12-21 10:27:55.943root 11241100x8000000000000000353803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd229cf9d57eabd2021-12-21 10:27:55.943root 11241100x8000000000000000353804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49129ccdc1f9bee2021-12-21 10:27:55.943root 11241100x8000000000000000353805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a141cc3f3656062021-12-21 10:27:55.943root 11241100x8000000000000000353806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46534fa018156ea32021-12-21 10:27:55.943root 11241100x8000000000000000353807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b04e9fef0ef4602021-12-21 10:27:55.944root 11241100x8000000000000000353808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2124ffdccad447a82021-12-21 10:27:55.944root 11241100x8000000000000000353809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0646ceb8f73dd3842021-12-21 10:27:55.944root 11241100x8000000000000000353810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7b0f7ef50e29ed2021-12-21 10:27:55.944root 11241100x8000000000000000353811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab3bc9cf283173b2021-12-21 10:27:55.945root 11241100x8000000000000000353812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deefa56dd67a36662021-12-21 10:27:55.945root 11241100x8000000000000000353813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1bff0f5a5610ef02021-12-21 10:27:55.945root 11241100x8000000000000000353814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff5c9de047fbd0d2021-12-21 10:27:55.945root 11241100x8000000000000000353815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae548618053cbab92021-12-21 10:27:55.945root 11241100x8000000000000000353816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a76eb15c2d67142021-12-21 10:27:55.945root 11241100x8000000000000000353817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5441bb749b5cfc42021-12-21 10:27:55.945root 11241100x8000000000000000353818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74fab070b619a6f42021-12-21 10:27:55.945root 11241100x8000000000000000353819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e959d8c47c3faf2021-12-21 10:27:55.945root 11241100x8000000000000000353820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2067eae6f80ff992021-12-21 10:27:55.945root 11241100x8000000000000000353821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5eea557e3e951a02021-12-21 10:27:55.946root 11241100x8000000000000000353822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e018840fe1c72302021-12-21 10:27:55.946root 11241100x8000000000000000353823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc32dfc4965b1822021-12-21 10:27:55.946root 11241100x8000000000000000353824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0a02c1fc6f14512021-12-21 10:27:55.946root 11241100x8000000000000000353825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8acbf8e8eb257d72021-12-21 10:27:55.946root 11241100x8000000000000000353826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc9b1796404c4ca2021-12-21 10:27:55.946root 11241100x8000000000000000353827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d78835969fb66d2021-12-21 10:27:55.946root 11241100x8000000000000000353828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d52507aee259b62021-12-21 10:27:55.946root 11241100x8000000000000000353829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff281fe4fe453622021-12-21 10:27:55.946root 11241100x8000000000000000353830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275897c13436f9502021-12-21 10:27:55.946root 11241100x8000000000000000353831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5d62a56940194f2021-12-21 10:27:55.947root 11241100x8000000000000000353832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f704d3f5ec7ae9312021-12-21 10:27:55.947root 11241100x8000000000000000353833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5922c24b5d1445d12021-12-21 10:27:55.947root 11241100x8000000000000000353834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e636c0a629cd462021-12-21 10:27:55.947root 11241100x8000000000000000353835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c510d943e8cb84f2021-12-21 10:27:55.947root 11241100x8000000000000000353836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9fc2e2fa849558c2021-12-21 10:27:55.947root 11241100x8000000000000000353837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae67d0f2c4851c42021-12-21 10:27:55.947root 11241100x8000000000000000353838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a142ca533ebd212021-12-21 10:27:55.947root 11241100x8000000000000000353839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e22825b15d321f32021-12-21 10:27:55.947root 11241100x8000000000000000353840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c6d29393ecb49e2021-12-21 10:27:56.443root 11241100x8000000000000000353841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31917c2ad88e80e2021-12-21 10:27:56.443root 11241100x8000000000000000353842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f284c3dded18bf2021-12-21 10:27:56.443root 11241100x8000000000000000353843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3c9d0ac3ac0bcf2021-12-21 10:27:56.444root 11241100x8000000000000000353844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4816395441985182021-12-21 10:27:56.444root 11241100x8000000000000000353845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353de6f1b937b3d42021-12-21 10:27:56.444root 11241100x8000000000000000353846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e278b3c72ea481692021-12-21 10:27:56.444root 11241100x8000000000000000353847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03db2af601b91b952021-12-21 10:27:56.446root 11241100x8000000000000000353848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ce5ae3f5d7a5d922021-12-21 10:27:56.446root 11241100x8000000000000000353849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fd77e9746e54b82021-12-21 10:27:56.446root 11241100x8000000000000000353850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24d774e3ab07615c2021-12-21 10:27:56.446root 11241100x8000000000000000353851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5e0ab5b78da50c2021-12-21 10:27:56.447root 11241100x8000000000000000353852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f693f2064d2e1292021-12-21 10:27:56.447root 11241100x8000000000000000353853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f73d9241c6c9cec2021-12-21 10:27:56.447root 11241100x8000000000000000353854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce06e3e44be745f2021-12-21 10:27:56.447root 11241100x8000000000000000353855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1688c7c83aa92912021-12-21 10:27:56.447root 11241100x8000000000000000353856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6bae32989e53902021-12-21 10:27:56.447root 11241100x8000000000000000353857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df8c58dc93a40112021-12-21 10:27:56.448root 11241100x8000000000000000353858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48653d4dc60d4ccc2021-12-21 10:27:56.448root 11241100x8000000000000000353859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fc3e17ec32b30fc2021-12-21 10:27:56.448root 11241100x8000000000000000353860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e6d6a94ccb1d152021-12-21 10:27:56.448root 11241100x8000000000000000353861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077f2aa306ce45622021-12-21 10:27:56.448root 11241100x8000000000000000353862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e406dd8640846b002021-12-21 10:27:56.448root 11241100x8000000000000000353863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95970dfd7d73318a2021-12-21 10:27:56.448root 11241100x8000000000000000353864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0349404a25db599b2021-12-21 10:27:56.448root 11241100x8000000000000000353865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3c8664874e6bce2021-12-21 10:27:56.448root 11241100x8000000000000000353866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9d75e1d2a9cf342021-12-21 10:27:56.449root 11241100x8000000000000000353867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57a9c84c4fc829732021-12-21 10:27:56.449root 11241100x8000000000000000353868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e29633856d49b92021-12-21 10:27:56.449root 11241100x8000000000000000353869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012f49157a3ccc572021-12-21 10:27:56.449root 11241100x8000000000000000353870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf02a13bebeef13a2021-12-21 10:27:56.449root 11241100x8000000000000000353871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a89589ffbe65f52021-12-21 10:27:56.449root 11241100x8000000000000000353872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd08abd6a6ef09612021-12-21 10:27:56.449root 11241100x8000000000000000353873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7513ff812d11b472021-12-21 10:27:56.449root 11241100x8000000000000000353874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f7440d433711362021-12-21 10:27:56.452root 11241100x8000000000000000353875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2fb80205ddc08f2021-12-21 10:27:56.452root 11241100x8000000000000000353876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483b114f96b8e1d22021-12-21 10:27:56.452root 11241100x8000000000000000353877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d3cd20279ba4f72021-12-21 10:27:56.453root 11241100x8000000000000000353878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905e1c8f720d6ccf2021-12-21 10:27:56.943root 11241100x8000000000000000353879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7e28784b79090f2021-12-21 10:27:56.943root 11241100x8000000000000000353880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5dba8cf8a62a5b22021-12-21 10:27:56.943root 11241100x8000000000000000353881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a36a17ef5f52d972021-12-21 10:27:56.943root 11241100x8000000000000000353882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da97c54ebf701652021-12-21 10:27:56.943root 11241100x8000000000000000353883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ff16b4b597a1782021-12-21 10:27:56.943root 11241100x8000000000000000353884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3eddb7058ec2f8c2021-12-21 10:27:56.943root 11241100x8000000000000000353885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.536c86280eae5a3c2021-12-21 10:27:56.943root 11241100x8000000000000000353886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47ecea5255a953602021-12-21 10:27:56.943root 11241100x8000000000000000353887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40641a0088046c3c2021-12-21 10:27:56.944root 11241100x8000000000000000353888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289edce45d67c1b42021-12-21 10:27:56.944root 11241100x8000000000000000353889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef034131747e58332021-12-21 10:27:56.944root 11241100x8000000000000000353890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9246fd927aba92482021-12-21 10:27:56.944root 11241100x8000000000000000353891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42877b00054c24d12021-12-21 10:27:56.944root 11241100x8000000000000000353892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cbb6f5c0286ef8d2021-12-21 10:27:56.944root 11241100x8000000000000000353893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607376ff34588fb22021-12-21 10:27:56.944root 11241100x8000000000000000353894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c4a4d847d6c507f2021-12-21 10:27:56.944root 11241100x8000000000000000353895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7416fa129e8da32021-12-21 10:27:56.944root 11241100x8000000000000000353896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfd8dcf2e7ad6842021-12-21 10:27:56.945root 11241100x8000000000000000353897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa1b876ee79e4332021-12-21 10:27:56.945root 11241100x8000000000000000353898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24d9effed0864982021-12-21 10:27:56.945root 11241100x8000000000000000353899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b74bba71a12ee042021-12-21 10:27:56.945root 11241100x8000000000000000353900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7856a3debfc8e32021-12-21 10:27:56.945root 11241100x8000000000000000353901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f19a9be2a761f902021-12-21 10:27:56.945root 11241100x8000000000000000353902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de0ab0299cbd6cc2021-12-21 10:27:56.945root 11241100x8000000000000000353903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8332c768e4a8c32021-12-21 10:27:56.945root 11241100x8000000000000000353904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fc9271d195a38052021-12-21 10:27:56.945root 11241100x8000000000000000353905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66d34df1448a8ec2021-12-21 10:27:56.946root 11241100x8000000000000000353906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80cb72e902f1d8c02021-12-21 10:27:56.946root 11241100x8000000000000000353907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3227952ce78f30602021-12-21 10:27:56.946root 11241100x8000000000000000353908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d0b986699976512021-12-21 10:27:56.946root 11241100x8000000000000000353909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c98af964c529122021-12-21 10:27:56.946root 11241100x8000000000000000353910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56e413a11a13647f2021-12-21 10:27:57.443root 11241100x8000000000000000353911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295110778cae97a72021-12-21 10:27:57.443root 11241100x8000000000000000353912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0933ca3f417275402021-12-21 10:27:57.443root 11241100x8000000000000000353913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75fca28fbe9d88a32021-12-21 10:27:57.443root 11241100x8000000000000000353914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda40ae8afcb1c912021-12-21 10:27:57.443root 11241100x8000000000000000353915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb6badb1437468f2021-12-21 10:27:57.443root 11241100x8000000000000000353916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77d0c3a2e3ca4a92021-12-21 10:27:57.443root 11241100x8000000000000000353917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34c5599f40fbf2e2021-12-21 10:27:57.444root 11241100x8000000000000000353918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976b3593442f190a2021-12-21 10:27:57.444root 11241100x8000000000000000353919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b01f339cae4ef42021-12-21 10:27:57.444root 11241100x8000000000000000353920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc2f4df7cdac76db2021-12-21 10:27:57.444root 11241100x8000000000000000353921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dadfc4f4df25ddb82021-12-21 10:27:57.444root 11241100x8000000000000000353922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4b7d0daba524712021-12-21 10:27:57.444root 11241100x8000000000000000353923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.287e55ed90a3c3e22021-12-21 10:27:57.444root 11241100x8000000000000000353924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3598c03dbc5d652021-12-21 10:27:57.444root 11241100x8000000000000000353925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6430733929cefd582021-12-21 10:27:57.444root 11241100x8000000000000000353926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8045ea3de3808d2021-12-21 10:27:57.444root 11241100x8000000000000000353927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464ffbf03fefa4fb2021-12-21 10:27:57.445root 11241100x8000000000000000353928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb07e3d292409422021-12-21 10:27:57.445root 11241100x8000000000000000353929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4fbcafa76ce36682021-12-21 10:27:57.445root 11241100x8000000000000000353930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65675052776b73c2021-12-21 10:27:57.445root 11241100x8000000000000000353931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b60dc06f356d30bd2021-12-21 10:27:57.445root 11241100x8000000000000000353932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2542b14d661198ac2021-12-21 10:27:57.445root 11241100x8000000000000000353933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6914fcd96064f7a2021-12-21 10:27:57.445root 11241100x8000000000000000353934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e650cdc2e763fa2021-12-21 10:27:57.445root 11241100x8000000000000000353935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4264081c4a97fee02021-12-21 10:27:57.445root 11241100x8000000000000000353936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989641587e1d2ce02021-12-21 10:27:57.445root 11241100x8000000000000000353937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20be550fe16bd83d2021-12-21 10:27:57.446root 11241100x8000000000000000353938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dcf811e2a706ba72021-12-21 10:27:57.446root 11241100x8000000000000000353939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7ce6b38a73d5ce2021-12-21 10:27:57.446root 11241100x8000000000000000353940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ec1458556dafeb2021-12-21 10:27:57.446root 11241100x8000000000000000353941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7f678d693ba92922021-12-21 10:27:57.446root 11241100x8000000000000000353942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe2baa92453d2282021-12-21 10:27:57.446root 11241100x8000000000000000353943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3e78deb1ee8e102021-12-21 10:27:57.446root 11241100x8000000000000000353944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d26eedeff74a4372021-12-21 10:27:57.446root 11241100x8000000000000000353945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06298cbc5cef71cf2021-12-21 10:27:57.446root 11241100x8000000000000000353946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb0dce75cfeea68f2021-12-21 10:27:57.446root 11241100x8000000000000000353947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e58641db6a2ae52021-12-21 10:27:57.446root 11241100x8000000000000000353948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196d01322dfed04b2021-12-21 10:27:57.447root 11241100x8000000000000000353949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.143c4dee395b22d62021-12-21 10:27:57.447root 11241100x8000000000000000353950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c215c1b9878b22de2021-12-21 10:27:57.447root 11241100x8000000000000000353951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9695bf63dc4c62ce2021-12-21 10:27:57.447root 11241100x8000000000000000353952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.313a7ca3d16dfdab2021-12-21 10:27:57.447root 11241100x8000000000000000353953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310c98c525db29742021-12-21 10:27:57.447root 11241100x8000000000000000353954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95a93cd21a4556c2021-12-21 10:27:57.447root 11241100x8000000000000000353955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d7e7f8f60016652021-12-21 10:27:57.447root 11241100x8000000000000000353956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a060eae5eacac9062021-12-21 10:27:57.447root 11241100x8000000000000000353957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d200f5275623309f2021-12-21 10:27:57.447root 11241100x8000000000000000353958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80b0d066c27183c2021-12-21 10:27:57.447root 11241100x8000000000000000353959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293ced2e98b478e62021-12-21 10:27:57.447root 11241100x8000000000000000353960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb55204b38f913db2021-12-21 10:27:57.448root 11241100x8000000000000000353961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0bd266d2fdbf10d2021-12-21 10:27:57.448root 11241100x8000000000000000353962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1db6b3cee0ae64c2021-12-21 10:27:57.448root 11241100x8000000000000000353963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74c06db0010faea2021-12-21 10:27:57.448root 11241100x8000000000000000353964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d26a2c6c42b0752021-12-21 10:27:57.448root 11241100x8000000000000000353965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c09b2a7af121612021-12-21 10:27:57.448root 11241100x8000000000000000353966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6bfc871f5f353e52021-12-21 10:27:57.448root 11241100x8000000000000000353967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42fddcfca2b6f4182021-12-21 10:27:57.448root 11241100x8000000000000000353968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe04ae5f3a5e03382021-12-21 10:27:57.448root 11241100x8000000000000000353969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafb21a63587fdc32021-12-21 10:27:57.448root 11241100x8000000000000000353970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3e30ac6dbe233b32021-12-21 10:27:57.449root 11241100x8000000000000000353971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c42a3526e84f002021-12-21 10:27:57.449root 11241100x8000000000000000353972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5acdb59739aba152021-12-21 10:27:57.449root 11241100x8000000000000000353973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3cbe99212d7b0f2021-12-21 10:27:57.449root 11241100x8000000000000000353974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103e3d4cb44e549a2021-12-21 10:27:57.449root 11241100x8000000000000000353975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0463eaccd76b98f32021-12-21 10:27:57.449root 11241100x8000000000000000353976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e77c29100df1812021-12-21 10:27:57.449root 11241100x8000000000000000353977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97581eb61c93d3f82021-12-21 10:27:57.449root 11241100x8000000000000000353978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541450e2f9f95b012021-12-21 10:27:57.449root 11241100x8000000000000000353979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588cd1d7c69c77ab2021-12-21 10:27:57.449root 11241100x8000000000000000353980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.899b70ae3e04b2782021-12-21 10:27:57.449root 11241100x8000000000000000353981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be784cd4602584152021-12-21 10:27:57.450root 11241100x8000000000000000353982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f1b65ffd0a46182021-12-21 10:27:57.450root 11241100x8000000000000000353983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0308bf4699ad0142021-12-21 10:27:57.450root 11241100x8000000000000000353984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00202444adc967ce2021-12-21 10:27:57.450root 11241100x8000000000000000353985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47adc21dab91045b2021-12-21 10:27:57.943root 11241100x8000000000000000353986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263889bfffd5d0982021-12-21 10:27:57.943root 11241100x8000000000000000353987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c3d80792fd768f2021-12-21 10:27:57.943root 11241100x8000000000000000353988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc15d5ad23de9c62021-12-21 10:27:57.944root 11241100x8000000000000000353989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fefdf406805bccbb2021-12-21 10:27:57.944root 11241100x8000000000000000353990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b0bb954dd5d98e2021-12-21 10:27:57.944root 11241100x8000000000000000353991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe6507e7f5b13132021-12-21 10:27:57.944root 11241100x8000000000000000353992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53eb51dbbc6fe2682021-12-21 10:27:57.944root 11241100x8000000000000000353993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ecfb02a7e11f3c72021-12-21 10:27:57.944root 11241100x8000000000000000353994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d777877a0c3dfd2021-12-21 10:27:57.944root 11241100x8000000000000000353995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5169bbc1970475d92021-12-21 10:27:57.944root 11241100x8000000000000000353996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508eaf34c7a94c1b2021-12-21 10:27:57.944root 11241100x8000000000000000353997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4935ba29938e849b2021-12-21 10:27:57.944root 11241100x8000000000000000353998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec83bdec3b4afe0f2021-12-21 10:27:57.944root 11241100x8000000000000000353999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfb4b22237a9f342021-12-21 10:27:57.945root 11241100x8000000000000000354000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf6e4c5a14a2ce02021-12-21 10:27:57.945root 11241100x8000000000000000354001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603360417527d6d02021-12-21 10:27:57.945root 11241100x8000000000000000354002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdce936a44ce18292021-12-21 10:27:57.945root 11241100x8000000000000000354003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1105dcd2092a3ee92021-12-21 10:27:57.946root 11241100x8000000000000000354004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.206032090e045dd52021-12-21 10:27:57.946root 11241100x8000000000000000354005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48da62a2637a6b332021-12-21 10:27:57.946root 11241100x8000000000000000354006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa28fbfa04bc9fe2021-12-21 10:27:57.946root 11241100x8000000000000000354007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55911ebad8fb155b2021-12-21 10:27:57.946root 11241100x8000000000000000354008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dfd5fdf3067fa8f2021-12-21 10:27:57.947root 11241100x8000000000000000354009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f6e6eafc60929d12021-12-21 10:27:57.947root 11241100x8000000000000000354010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d54f376ba968b72021-12-21 10:27:57.947root 11241100x8000000000000000354011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f37333ed3789b22021-12-21 10:27:57.947root 11241100x8000000000000000354012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e1d2f177b8ff822021-12-21 10:27:57.947root 11241100x8000000000000000354013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882489d6c9dfd51d2021-12-21 10:27:57.947root 11241100x8000000000000000354014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a238ccaa8712c692021-12-21 10:27:57.947root 11241100x8000000000000000354015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f519616b07d79dd2021-12-21 10:27:57.948root 11241100x8000000000000000354016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2268f93cfa308bc2021-12-21 10:27:57.948root 11241100x8000000000000000354017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a141a2250a64cb2021-12-21 10:27:57.948root 11241100x8000000000000000354018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3844e4efcefaaf2021-12-21 10:27:57.948root 11241100x8000000000000000354019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da99eb4bfb0bfc812021-12-21 10:27:57.948root 11241100x8000000000000000354020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66abb133a89081542021-12-21 10:27:57.948root 11241100x8000000000000000354021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204b556243cc5bc12021-12-21 10:27:57.948root 11241100x8000000000000000354022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353d78782dc31fe92021-12-21 10:27:57.948root 11241100x8000000000000000354023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797eecc94cf73f1a2021-12-21 10:27:57.948root 11241100x8000000000000000354024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564a084ae0e1efd32021-12-21 10:27:57.948root 11241100x8000000000000000354025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97d9b5a2f4bcb502021-12-21 10:27:57.949root 11241100x8000000000000000354026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f65ec8554dabc5bf2021-12-21 10:27:57.949root 11241100x8000000000000000354027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb12499827525cf2021-12-21 10:27:57.949root 11241100x8000000000000000354028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e43b49247227a52021-12-21 10:27:57.949root 11241100x8000000000000000354029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a340d4a4fcbfd96a2021-12-21 10:27:57.949root 11241100x8000000000000000354030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6485382981b8b3b2021-12-21 10:27:57.949root 11241100x8000000000000000354031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab03a1e3ffe984c12021-12-21 10:27:57.949root 11241100x8000000000000000354032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e78195e3570df512021-12-21 10:27:57.949root 11241100x8000000000000000354033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd0d6e51249a2f62021-12-21 10:27:58.443root 11241100x8000000000000000354034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2762030978998d62021-12-21 10:27:58.443root 11241100x8000000000000000354035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e182d5407abe8fc2021-12-21 10:27:58.443root 11241100x8000000000000000354036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118fdc749ed150d02021-12-21 10:27:58.443root 11241100x8000000000000000354037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067d7e600d77bbef2021-12-21 10:27:58.444root 11241100x8000000000000000354038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83998612404970202021-12-21 10:27:58.444root 11241100x8000000000000000354039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74083f652080dcf2021-12-21 10:27:58.444root 11241100x8000000000000000354040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff7ed7cc83db0a482021-12-21 10:27:58.445root 11241100x8000000000000000354041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e269bc6f0cf61f2021-12-21 10:27:58.445root 11241100x8000000000000000354042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874a6d521692443a2021-12-21 10:27:58.445root 11241100x8000000000000000354043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692468ee324409582021-12-21 10:27:58.445root 11241100x8000000000000000354044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e044ad99e8eb76cf2021-12-21 10:27:58.445root 11241100x8000000000000000354045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.243c909d754c70e32021-12-21 10:27:58.445root 11241100x8000000000000000354046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67cf1ebef26df5322021-12-21 10:27:58.445root 11241100x8000000000000000354047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb9810a035c1e3d2021-12-21 10:27:58.445root 11241100x8000000000000000354048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4234416dda35ab2021-12-21 10:27:58.445root 11241100x8000000000000000354049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da708978cb202a4c2021-12-21 10:27:58.445root 11241100x8000000000000000354050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0c3cd33d06a5232021-12-21 10:27:58.445root 11241100x8000000000000000354051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1d998a5b8dc43f2021-12-21 10:27:58.445root 11241100x8000000000000000354052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfef5c5c2ebb087a2021-12-21 10:27:58.446root 11241100x8000000000000000354053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f0613ac654d7502021-12-21 10:27:58.447root 11241100x8000000000000000354054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1b08bd31ef469f2021-12-21 10:27:58.447root 11241100x8000000000000000354055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45a2af24925a49c82021-12-21 10:27:58.447root 11241100x8000000000000000354056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c120e7f4c9d25a32021-12-21 10:27:58.447root 11241100x8000000000000000354057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc6822a37e0261872021-12-21 10:27:58.447root 11241100x8000000000000000354058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3fef0bdf04b36022021-12-21 10:27:58.447root 11241100x8000000000000000354059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1542a9c1922dff12021-12-21 10:27:58.447root 11241100x8000000000000000354060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adbc87b36801df102021-12-21 10:27:58.447root 11241100x8000000000000000354061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50d7e541a9d1905d2021-12-21 10:27:58.448root 11241100x8000000000000000354062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b7bfe03432b4d82021-12-21 10:27:58.448root 11241100x8000000000000000354063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.169d093c02beed042021-12-21 10:27:58.448root 11241100x8000000000000000354064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478823db0be6ae3f2021-12-21 10:27:58.448root 11241100x8000000000000000354065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ccf2987e6abcf122021-12-21 10:27:58.448root 11241100x8000000000000000354066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91543552e05a5db52021-12-21 10:27:58.448root 11241100x8000000000000000354067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04bd657349b52f6d2021-12-21 10:27:58.448root 11241100x8000000000000000354068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02cc14c24c472ebe2021-12-21 10:27:58.449root 11241100x8000000000000000354069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9a6ec8f6f51f9b2021-12-21 10:27:58.449root 11241100x8000000000000000354070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa90066a589b8ca82021-12-21 10:27:58.449root 11241100x8000000000000000354071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a6e4aef7a735462021-12-21 10:27:58.449root 11241100x8000000000000000354072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa7aa4c08c34ec62021-12-21 10:27:58.943root 11241100x8000000000000000354073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5601fda5719b17002021-12-21 10:27:58.943root 11241100x8000000000000000354074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a40a204d77b15a72021-12-21 10:27:58.944root 11241100x8000000000000000354075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2565946272416b2021-12-21 10:27:58.944root 11241100x8000000000000000354076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7596dbbaebcf0d672021-12-21 10:27:58.944root 11241100x8000000000000000354077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3613d6b78976d4e42021-12-21 10:27:58.945root 11241100x8000000000000000354078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667be11c48735af12021-12-21 10:27:58.945root 11241100x8000000000000000354079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e011d18354d1cdc52021-12-21 10:27:58.945root 11241100x8000000000000000354080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db061df0e03f2c552021-12-21 10:27:58.945root 11241100x8000000000000000354081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65019a1b2a75be3f2021-12-21 10:27:58.946root 11241100x8000000000000000354082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed7c9d35503100f2021-12-21 10:27:58.946root 11241100x8000000000000000354083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab63b19c87c1cca2021-12-21 10:27:58.946root 11241100x8000000000000000354084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8589e10d3cbd352021-12-21 10:27:58.946root 11241100x8000000000000000354085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e554390f500af532021-12-21 10:27:58.947root 11241100x8000000000000000354086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75bcac3efc1fe662021-12-21 10:27:58.947root 11241100x8000000000000000354087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17c5cdab981a2be2021-12-21 10:27:58.947root 11241100x8000000000000000354088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840e95d4eaf459e42021-12-21 10:27:58.948root 11241100x8000000000000000354089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5322fa174930bcb2021-12-21 10:27:58.948root 11241100x8000000000000000354090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21757adc2d79adee2021-12-21 10:27:58.948root 11241100x8000000000000000354091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e664a0c8af9e4332021-12-21 10:27:58.948root 11241100x8000000000000000354092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72368a7d121d22df2021-12-21 10:27:58.948root 11241100x8000000000000000354093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2899754458936322021-12-21 10:27:58.949root 11241100x8000000000000000354094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68d3576bcf3e3842021-12-21 10:27:58.949root 11241100x8000000000000000354095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d7922ddd8f36882021-12-21 10:27:58.949root 11241100x8000000000000000354096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91846ff2820547492021-12-21 10:27:58.949root 11241100x8000000000000000354097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d601e45e9d4a4c72021-12-21 10:27:58.950root 11241100x8000000000000000354098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680f31395534c6f12021-12-21 10:27:58.950root 11241100x8000000000000000354099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c394e86e2b9bcd2021-12-21 10:27:58.950root 11241100x8000000000000000354100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73534952474817e52021-12-21 10:27:58.950root 11241100x8000000000000000354101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33554e967f9f338a2021-12-21 10:27:58.950root 11241100x8000000000000000354102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721881d98e5916792021-12-21 10:27:58.950root 11241100x8000000000000000354103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b042cfedc055136d2021-12-21 10:27:58.950root 11241100x8000000000000000354104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe032de58f50eee2021-12-21 10:27:58.951root 11241100x8000000000000000354105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb340d60cfda07242021-12-21 10:27:58.951root 11241100x8000000000000000354106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:58.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5f05ef3f93c6c32021-12-21 10:27:58.951root 11241100x8000000000000000354107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6e96e1ee45b8962021-12-21 10:27:59.443root 11241100x8000000000000000354108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0872966a60544ae2021-12-21 10:27:59.443root 11241100x8000000000000000354109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff605656245de222021-12-21 10:27:59.443root 11241100x8000000000000000354110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cbcc41591ded1362021-12-21 10:27:59.443root 11241100x8000000000000000354111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced3e5cad644c60a2021-12-21 10:27:59.443root 11241100x8000000000000000354112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7554099bf3cf7d6c2021-12-21 10:27:59.443root 11241100x8000000000000000354113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed283faddde152c2021-12-21 10:27:59.443root 11241100x8000000000000000354114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f211f9f213a3832021-12-21 10:27:59.443root 11241100x8000000000000000354115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2543599155be32e2021-12-21 10:27:59.444root 11241100x8000000000000000354116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2934cd3ef638b9b02021-12-21 10:27:59.444root 11241100x8000000000000000354117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d3271ff357e24b2021-12-21 10:27:59.444root 11241100x8000000000000000354118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8b135f6064dfdd2021-12-21 10:27:59.444root 11241100x8000000000000000354119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e617995150ee2d22021-12-21 10:27:59.444root 11241100x8000000000000000354120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ddd52b2bbbf80a2021-12-21 10:27:59.444root 11241100x8000000000000000354121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675bb9dce8c619912021-12-21 10:27:59.444root 11241100x8000000000000000354122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29dff43fcada3ac82021-12-21 10:27:59.444root 11241100x8000000000000000354123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4d24e716381d2d2021-12-21 10:27:59.444root 11241100x8000000000000000354124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5252a9abfe88ce672021-12-21 10:27:59.445root 11241100x8000000000000000354125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f0163f1871d1e52021-12-21 10:27:59.445root 11241100x8000000000000000354126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e6adb0d06ba6f52021-12-21 10:27:59.445root 11241100x8000000000000000354127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8246562bfb7f392021-12-21 10:27:59.445root 11241100x8000000000000000354128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aaec2fd579ecbc32021-12-21 10:27:59.445root 11241100x8000000000000000354129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f285473192599452021-12-21 10:27:59.445root 11241100x8000000000000000354130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1cda59154edbbd2021-12-21 10:27:59.445root 11241100x8000000000000000354131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3690f42793c652052021-12-21 10:27:59.445root 11241100x8000000000000000354132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1c69b8b9916a212021-12-21 10:27:59.445root 11241100x8000000000000000354133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9867f45930506f2021-12-21 10:27:59.445root 11241100x8000000000000000354134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81476b6c6fd156e72021-12-21 10:27:59.446root 11241100x8000000000000000354135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e080e9aa3af244f2021-12-21 10:27:59.446root 11241100x8000000000000000354136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edf9a25889c289872021-12-21 10:27:59.446root 11241100x8000000000000000354137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b1cce4d6a740ab2021-12-21 10:27:59.446root 11241100x8000000000000000354138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a992bb6b10cb862021-12-21 10:27:59.446root 11241100x8000000000000000354139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baacecd5eebd79bd2021-12-21 10:27:59.446root 11241100x8000000000000000354140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9448b3a68f08ba42021-12-21 10:27:59.446root 11241100x8000000000000000354141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc90fa205de101da2021-12-21 10:27:59.446root 11241100x8000000000000000354142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1826923fd20d26272021-12-21 10:27:59.446root 11241100x8000000000000000354143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d5daeda86bdd6f2021-12-21 10:27:59.446root 11241100x8000000000000000354144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39feb7a48b9cfcfe2021-12-21 10:27:59.447root 11241100x8000000000000000354145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2dda15bc63c23d2021-12-21 10:27:59.447root 11241100x8000000000000000354146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b44189478e0c49b2021-12-21 10:27:59.447root 11241100x8000000000000000354147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e7f6d203a468732021-12-21 10:27:59.447root 11241100x8000000000000000354148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b06e706be849b4c2021-12-21 10:27:59.447root 11241100x8000000000000000354149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b1c2822db23f942021-12-21 10:27:59.447root 11241100x8000000000000000354150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a53fba733f827ba2021-12-21 10:27:59.447root 11241100x8000000000000000354151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ffbee99f8d3c172021-12-21 10:27:59.447root 11241100x8000000000000000354152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85160888053fe6852021-12-21 10:27:59.447root 11241100x8000000000000000354153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f5e3a00e1f579e2021-12-21 10:27:59.447root 11241100x8000000000000000354154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fe8a3e08286ead2021-12-21 10:27:59.447root 11241100x8000000000000000354155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d201adb0aa50f4962021-12-21 10:27:59.448root 11241100x8000000000000000354156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aca9acbb1f2bf342021-12-21 10:27:59.448root 11241100x8000000000000000354157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc46ea43afe0b8e2021-12-21 10:27:59.448root 11241100x8000000000000000354158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96aa17e2d83576b42021-12-21 10:27:59.448root 11241100x8000000000000000354159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb84919860dbc952021-12-21 10:27:59.448root 11241100x8000000000000000354160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812f4ef2de4d16182021-12-21 10:27:59.448root 11241100x8000000000000000354161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0e56c5c986f6892021-12-21 10:27:59.448root 11241100x8000000000000000354162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b306a57d3dbebf932021-12-21 10:27:59.448root 11241100x8000000000000000354163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25fc4c156fa90ab22021-12-21 10:27:59.448root 11241100x8000000000000000354164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02a510def0886152021-12-21 10:27:59.448root 11241100x8000000000000000354165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dbc58b42a6ebc722021-12-21 10:27:59.448root 11241100x8000000000000000354166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0da09302cd2e502021-12-21 10:27:59.449root 11241100x8000000000000000354167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26233ee1d1013942021-12-21 10:27:59.449root 11241100x8000000000000000354168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ccd22b30e3027ac2021-12-21 10:27:59.449root 11241100x8000000000000000354169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c18860c04e997c32021-12-21 10:27:59.449root 11241100x8000000000000000354170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4752b835ccd4cc9d2021-12-21 10:27:59.449root 11241100x8000000000000000354171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b273e8508d7313fe2021-12-21 10:27:59.449root 11241100x8000000000000000354172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bffa7c0e5f91a6e52021-12-21 10:27:59.449root 11241100x8000000000000000354173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e84f4561121ff7f2021-12-21 10:27:59.449root 11241100x8000000000000000354174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec4e58811a6e8942021-12-21 10:27:59.449root 11241100x8000000000000000354175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112e01dbc17c7ea12021-12-21 10:27:59.449root 11241100x8000000000000000354176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc38e7a03bf8d8f72021-12-21 10:27:59.449root 11241100x8000000000000000354177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b676d53bbfde40592021-12-21 10:27:59.449root 11241100x8000000000000000354178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3786c1ac9db62b3c2021-12-21 10:27:59.449root 11241100x8000000000000000354179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11d984c9f08b14782021-12-21 10:27:59.450root 11241100x8000000000000000354180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853b3ae5709b62222021-12-21 10:27:59.450root 11241100x8000000000000000354181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ddd4e3c034c56d2021-12-21 10:27:59.450root 11241100x8000000000000000354182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f80ef9e6e2570b2021-12-21 10:27:59.450root 11241100x8000000000000000354183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffed0b1c04332fd2021-12-21 10:27:59.450root 11241100x8000000000000000354184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a3f69ff7a3a95d2021-12-21 10:27:59.450root 11241100x8000000000000000354185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cff084796e8a5e62021-12-21 10:27:59.450root 11241100x8000000000000000354186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d025b1a51fb97fcc2021-12-21 10:27:59.450root 11241100x8000000000000000354187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74080262b3043d4e2021-12-21 10:27:59.943root 11241100x8000000000000000354188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f91bb0752264fa2021-12-21 10:27:59.943root 11241100x8000000000000000354189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0309dcddda3336d72021-12-21 10:27:59.943root 11241100x8000000000000000354190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4dd3229323eedd2021-12-21 10:27:59.943root 11241100x8000000000000000354191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd05593dee91b1e02021-12-21 10:27:59.943root 11241100x8000000000000000354192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60e8a7fdf8966cb2021-12-21 10:27:59.943root 11241100x8000000000000000354193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f1b06a89d9a7c42021-12-21 10:27:59.943root 11241100x8000000000000000354194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ef239a768c7b7a2021-12-21 10:27:59.944root 11241100x8000000000000000354195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a119b2b8f3f7f072021-12-21 10:27:59.944root 11241100x8000000000000000354196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d561823860f9b82021-12-21 10:27:59.944root 11241100x8000000000000000354197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a727f7bf13a39a2021-12-21 10:27:59.944root 11241100x8000000000000000354198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4c88be859b4ff612021-12-21 10:27:59.944root 11241100x8000000000000000354199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0629437b27619262021-12-21 10:27:59.944root 11241100x8000000000000000354200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a5374737e822722021-12-21 10:27:59.945root 11241100x8000000000000000354201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e96d6b8d145faa52021-12-21 10:27:59.945root 11241100x8000000000000000354202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2c64ca07bd706b2021-12-21 10:27:59.945root 11241100x8000000000000000354203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3cf75a962a71432021-12-21 10:27:59.945root 11241100x8000000000000000354204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f9365b7fb3fdf52021-12-21 10:27:59.945root 11241100x8000000000000000354205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790c22d462d136e02021-12-21 10:27:59.946root 11241100x8000000000000000354206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2967c46a9446502021-12-21 10:27:59.946root 11241100x8000000000000000354207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2d0b50736a88782021-12-21 10:27:59.946root 11241100x8000000000000000354208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e112bc3663a6a22021-12-21 10:27:59.946root 11241100x8000000000000000354209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1343428316011c2021-12-21 10:27:59.946root 11241100x8000000000000000354210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85b84fa5df8333f62021-12-21 10:27:59.946root 11241100x8000000000000000354211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7b19334f7181d52021-12-21 10:27:59.946root 11241100x8000000000000000354212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69d4ced2989cbdb12021-12-21 10:27:59.946root 11241100x8000000000000000354213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5986611217353d482021-12-21 10:27:59.946root 11241100x8000000000000000354214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc2934a8d9fc0aa2021-12-21 10:27:59.946root 11241100x8000000000000000354215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6287ca8041173d82021-12-21 10:27:59.947root 11241100x8000000000000000354216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e85b531addd8c72021-12-21 10:27:59.947root 11241100x8000000000000000354217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.411257e4564e3a352021-12-21 10:27:59.947root 11241100x8000000000000000354218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0533949401fc532021-12-21 10:27:59.947root 11241100x8000000000000000354219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.755cdad0c83baa222021-12-21 10:27:59.947root 11241100x8000000000000000354220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74dbf36afa9653b2021-12-21 10:27:59.947root 11241100x8000000000000000354221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71571eedc32674762021-12-21 10:27:59.947root 11241100x8000000000000000354222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e7118a5ada92b012021-12-21 10:27:59.947root 11241100x8000000000000000354223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4594917f830311082021-12-21 10:27:59.947root 11241100x8000000000000000354224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2938b002c75d99bf2021-12-21 10:27:59.948root 11241100x8000000000000000354225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c8cb92358459e862021-12-21 10:27:59.948root 11241100x8000000000000000354226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad6b1611257a70f22021-12-21 10:27:59.948root 11241100x8000000000000000354227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:27:59.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9443a8a3ebee132021-12-21 10:27:59.948root 354300x8000000000000000354228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.094{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47138-false10.0.1.12-8000- 11241100x8000000000000000354229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ada01c5662aeda2021-12-21 10:28:00.443root 11241100x8000000000000000354230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ce68cd2c29f93682021-12-21 10:28:00.443root 11241100x8000000000000000354231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070d4a092df916f72021-12-21 10:28:00.443root 11241100x8000000000000000354232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c882de82879f2262021-12-21 10:28:00.443root 11241100x8000000000000000354233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0670e4be89d89002021-12-21 10:28:00.443root 11241100x8000000000000000354234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85307a870cb55b052021-12-21 10:28:00.443root 11241100x8000000000000000354235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af7ecf64cf5246712021-12-21 10:28:00.443root 11241100x8000000000000000354236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2495047073b2ea2021-12-21 10:28:00.443root 11241100x8000000000000000354237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2004a732977edce2021-12-21 10:28:00.444root 11241100x8000000000000000354238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a44e0cb2f08eb08d2021-12-21 10:28:00.444root 11241100x8000000000000000354239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275b01a734cb01c02021-12-21 10:28:00.444root 11241100x8000000000000000354240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ac2a27bef0a25f2021-12-21 10:28:00.444root 11241100x8000000000000000354241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b3bab0181501f62021-12-21 10:28:00.444root 11241100x8000000000000000354242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b5eba9c4ea3f9b2021-12-21 10:28:00.444root 11241100x8000000000000000354243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66cb71fad1c1af9a2021-12-21 10:28:00.444root 11241100x8000000000000000354244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48102603f1a1a3252021-12-21 10:28:00.444root 11241100x8000000000000000354245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ae370740dd0a092021-12-21 10:28:00.444root 11241100x8000000000000000354246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37507832e65206c2021-12-21 10:28:00.444root 11241100x8000000000000000354247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc7bf761f3e6e772021-12-21 10:28:00.445root 11241100x8000000000000000354248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95a0630784dd4652021-12-21 10:28:00.445root 11241100x8000000000000000354249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325dfa7abbb799fd2021-12-21 10:28:00.445root 11241100x8000000000000000354250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f19e86aa792bf642021-12-21 10:28:00.445root 11241100x8000000000000000354251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48cde373a77ca0a02021-12-21 10:28:00.445root 11241100x8000000000000000354252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377077034d045f942021-12-21 10:28:00.445root 11241100x8000000000000000354253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a611d709587864422021-12-21 10:28:00.445root 11241100x8000000000000000354254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b712d4cdca9fb8212021-12-21 10:28:00.445root 11241100x8000000000000000354255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d65e3e844c7e5da2021-12-21 10:28:00.445root 11241100x8000000000000000354256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7c5180b35156ee2021-12-21 10:28:00.445root 11241100x8000000000000000354257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8364c2318912dcee2021-12-21 10:28:00.445root 11241100x8000000000000000354258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38912673868b39cb2021-12-21 10:28:00.446root 11241100x8000000000000000354259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe447a3659b2ab52021-12-21 10:28:00.446root 11241100x8000000000000000354260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0948858f0119d0d2021-12-21 10:28:00.446root 11241100x8000000000000000354261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a25820191aa959a2021-12-21 10:28:00.446root 11241100x8000000000000000354262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4d1df27b4db20492021-12-21 10:28:00.446root 11241100x8000000000000000354263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2eb94e0c4a54b42021-12-21 10:28:00.446root 11241100x8000000000000000354264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6506705978bd8ee02021-12-21 10:28:00.446root 11241100x8000000000000000354265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfcfce00974551fc2021-12-21 10:28:00.447root 11241100x8000000000000000354266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2548274d4179aab52021-12-21 10:28:00.447root 11241100x8000000000000000354267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb89cfe55c5e9272021-12-21 10:28:00.447root 11241100x8000000000000000354268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe14d05de01aa112021-12-21 10:28:00.447root 11241100x8000000000000000354269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818ef295703e7d3c2021-12-21 10:28:00.447root 11241100x8000000000000000354270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8856189c3045edf02021-12-21 10:28:00.447root 11241100x8000000000000000354271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2384d28a2318a0282021-12-21 10:28:00.447root 11241100x8000000000000000354272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69f1ca3f8f7c9e6c2021-12-21 10:28:00.447root 11241100x8000000000000000354273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a474ad78fcce9a2021-12-21 10:28:00.447root 11241100x8000000000000000354274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb12063818f128c92021-12-21 10:28:00.448root 11241100x8000000000000000354275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cadeda71c56e6a72021-12-21 10:28:00.448root 11241100x8000000000000000354276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48245a9147b5d52f2021-12-21 10:28:00.448root 11241100x8000000000000000354277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c456e162e6ff6532021-12-21 10:28:00.448root 11241100x8000000000000000354278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e22f163c8b30882021-12-21 10:28:00.448root 11241100x8000000000000000354279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23ce12e8506d60b2021-12-21 10:28:00.448root 11241100x8000000000000000354280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8383cfa3afa1712021-12-21 10:28:00.448root 11241100x8000000000000000354281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572c3de843da2da22021-12-21 10:28:00.448root 11241100x8000000000000000354282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb15af69190e648f2021-12-21 10:28:00.448root 11241100x8000000000000000354283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d79c189418f75c32021-12-21 10:28:00.448root 11241100x8000000000000000354284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40b014aef5db8742021-12-21 10:28:00.448root 11241100x8000000000000000354285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cddb5717affa8dc2021-12-21 10:28:00.449root 11241100x8000000000000000354286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd54bac38671e0c22021-12-21 10:28:00.449root 11241100x8000000000000000354287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.914e52c3125f8d082021-12-21 10:28:00.449root 11241100x8000000000000000354288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e35e884d62a5ed2021-12-21 10:28:00.449root 11241100x8000000000000000354289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dedc249019a20ea2021-12-21 10:28:00.943root 11241100x8000000000000000354290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdc1291c57e000eb2021-12-21 10:28:00.943root 11241100x8000000000000000354291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e89c03534739632021-12-21 10:28:00.943root 11241100x8000000000000000354292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d878daafaaa43482021-12-21 10:28:00.943root 11241100x8000000000000000354293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de24e15d84008f82021-12-21 10:28:00.943root 11241100x8000000000000000354294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d120fce64179ca2021-12-21 10:28:00.944root 11241100x8000000000000000354295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c54f0b6a72425302021-12-21 10:28:00.944root 11241100x8000000000000000354296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fad23b64e020dc62021-12-21 10:28:00.944root 11241100x8000000000000000354297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe16519f8f13ad42021-12-21 10:28:00.944root 11241100x8000000000000000354298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95a3fa6d9c5c4d92021-12-21 10:28:00.944root 11241100x8000000000000000354299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ab4096e7ad9d992021-12-21 10:28:00.944root 11241100x8000000000000000354300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a7b326565bc74c2021-12-21 10:28:00.944root 11241100x8000000000000000354301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8936a8432a6f27012021-12-21 10:28:00.945root 11241100x8000000000000000354302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793141905fef6ca52021-12-21 10:28:00.945root 11241100x8000000000000000354303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb08e34ae41618f2021-12-21 10:28:00.945root 11241100x8000000000000000354304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d704f326466d24fd2021-12-21 10:28:00.945root 11241100x8000000000000000354305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c66af438f1adf052021-12-21 10:28:00.945root 11241100x8000000000000000354306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5960a99b0dda632021-12-21 10:28:00.945root 11241100x8000000000000000354307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d99972d433137ee2021-12-21 10:28:00.945root 11241100x8000000000000000354308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b18b9bbfe4faa612021-12-21 10:28:00.945root 11241100x8000000000000000354309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa4df56f82a70c22021-12-21 10:28:00.945root 11241100x8000000000000000354310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb25b469953bf9a2021-12-21 10:28:00.946root 11241100x8000000000000000354311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e725b5da38eb40502021-12-21 10:28:00.946root 11241100x8000000000000000354312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d600b19d51ba29e2021-12-21 10:28:00.946root 11241100x8000000000000000354313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675baec9ae3daee82021-12-21 10:28:00.946root 11241100x8000000000000000354314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cecc51d96a50044d2021-12-21 10:28:00.946root 11241100x8000000000000000354315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9431146eff7be1a22021-12-21 10:28:00.946root 11241100x8000000000000000354316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4548f70f001194aa2021-12-21 10:28:00.946root 11241100x8000000000000000354317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc644b9ed1c58ba2021-12-21 10:28:00.946root 11241100x8000000000000000354318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921ce4db51bfaf062021-12-21 10:28:00.946root 11241100x8000000000000000354319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec829114c5cb02b2021-12-21 10:28:00.946root 11241100x8000000000000000354320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e202d95d98a8a52021-12-21 10:28:00.946root 11241100x8000000000000000354321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8417062791847f4a2021-12-21 10:28:00.947root 11241100x8000000000000000354322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28559c09e1f752b2021-12-21 10:28:00.947root 11241100x8000000000000000354323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d7de1439ef19e12021-12-21 10:28:00.947root 11241100x8000000000000000354324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0b79e3e7e7c6d92021-12-21 10:28:00.947root 11241100x8000000000000000354325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2ee265a4f602202021-12-21 10:28:00.947root 11241100x8000000000000000354326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:00.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc52ace97b4d2d12021-12-21 10:28:00.947root 11241100x8000000000000000354327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11508d22727fe0fc2021-12-21 10:28:01.443root 11241100x8000000000000000354328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ebf0977f16b6a52021-12-21 10:28:01.443root 11241100x8000000000000000354329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1566d2b198f969a72021-12-21 10:28:01.443root 11241100x8000000000000000354330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90187c34680fc8642021-12-21 10:28:01.443root 11241100x8000000000000000354331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.437c4d62a2ed26be2021-12-21 10:28:01.443root 11241100x8000000000000000354332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600c2634103fe34c2021-12-21 10:28:01.444root 11241100x8000000000000000354333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b648aa0b9e5ddc952021-12-21 10:28:01.444root 11241100x8000000000000000354334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847b30efe8cfd12a2021-12-21 10:28:01.444root 11241100x8000000000000000354335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473bb089ea2939862021-12-21 10:28:01.444root 11241100x8000000000000000354336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3c50368942371c2021-12-21 10:28:01.444root 11241100x8000000000000000354337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dace1095b02ba8e2021-12-21 10:28:01.444root 11241100x8000000000000000354338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ada87db860966f02021-12-21 10:28:01.444root 11241100x8000000000000000354339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ba77aa4d2c54062021-12-21 10:28:01.444root 11241100x8000000000000000354340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e6300e65f30f732021-12-21 10:28:01.444root 11241100x8000000000000000354341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d035fcc6553e3202021-12-21 10:28:01.444root 11241100x8000000000000000354342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d3800c8fa72c1f2021-12-21 10:28:01.445root 11241100x8000000000000000354343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bc14cf44fce78972021-12-21 10:28:01.445root 11241100x8000000000000000354344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2ddbcb53866b8a2021-12-21 10:28:01.445root 11241100x8000000000000000354345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe8ece7435025622021-12-21 10:28:01.445root 11241100x8000000000000000354346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b90bdb961439a2a2021-12-21 10:28:01.445root 11241100x8000000000000000354347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f1a954ddf6c52e2021-12-21 10:28:01.445root 11241100x8000000000000000354348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9438c25ef66667862021-12-21 10:28:01.445root 11241100x8000000000000000354349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6647fb31647315aa2021-12-21 10:28:01.445root 11241100x8000000000000000354350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5766ce6141c6f92021-12-21 10:28:01.445root 11241100x8000000000000000354351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d0a08af0de63e912021-12-21 10:28:01.446root 11241100x8000000000000000354352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66aeedb7de7c5f1d2021-12-21 10:28:01.446root 11241100x8000000000000000354353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f93c20497b5f232021-12-21 10:28:01.446root 11241100x8000000000000000354354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac427d5da7e249e2021-12-21 10:28:01.446root 11241100x8000000000000000354355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec65e56208f37592021-12-21 10:28:01.446root 11241100x8000000000000000354356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e413223601eea5b62021-12-21 10:28:01.446root 11241100x8000000000000000354357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e420507fac8ea22021-12-21 10:28:01.446root 11241100x8000000000000000354358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cebc0b24335dcff42021-12-21 10:28:01.446root 11241100x8000000000000000354359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cdbe7a1455839932021-12-21 10:28:01.446root 11241100x8000000000000000354360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e87eb1d767855c2021-12-21 10:28:01.446root 11241100x8000000000000000354361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7643d805c21c6d2021-12-21 10:28:01.446root 11241100x8000000000000000354362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6be2856d7c6f79ad2021-12-21 10:28:01.447root 11241100x8000000000000000354363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90849ec4a608dc862021-12-21 10:28:01.447root 11241100x8000000000000000354364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5749e1bf07bc23f2021-12-21 10:28:01.447root 11241100x8000000000000000354365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c95f6511ef149e2021-12-21 10:28:01.447root 11241100x8000000000000000354366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f073d3e833f5aab2021-12-21 10:28:01.447root 11241100x8000000000000000354367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc36921ee2ce96c62021-12-21 10:28:01.447root 11241100x8000000000000000354368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c562829d81d406f52021-12-21 10:28:01.447root 11241100x8000000000000000354369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f38122b1d6b3ada2021-12-21 10:28:01.943root 11241100x8000000000000000354370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1786eaf70d6184882021-12-21 10:28:01.943root 11241100x8000000000000000354371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4acc4e18c777c72021-12-21 10:28:01.943root 11241100x8000000000000000354372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9cca52617ed77f2021-12-21 10:28:01.943root 11241100x8000000000000000354373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f87c2c0f339c32a2021-12-21 10:28:01.943root 11241100x8000000000000000354374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039ffbb4c5462ecb2021-12-21 10:28:01.943root 11241100x8000000000000000354375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98cec016087f452e2021-12-21 10:28:01.943root 11241100x8000000000000000354376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8058724013d1132021-12-21 10:28:01.943root 11241100x8000000000000000354377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ec3b9fc5d389e22021-12-21 10:28:01.943root 11241100x8000000000000000354378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85cab0deeff1dbb42021-12-21 10:28:01.944root 11241100x8000000000000000354379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5adb968607c596642021-12-21 10:28:01.944root 11241100x8000000000000000354380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.599318969a577c852021-12-21 10:28:01.944root 11241100x8000000000000000354381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52412a760c159dcf2021-12-21 10:28:01.944root 11241100x8000000000000000354382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31c53bf897303f72021-12-21 10:28:01.944root 11241100x8000000000000000354383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab981ed35dda5052021-12-21 10:28:01.944root 11241100x8000000000000000354384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4dccafc3eb5837f2021-12-21 10:28:01.944root 11241100x8000000000000000354385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1460035ff43bfbce2021-12-21 10:28:01.944root 11241100x8000000000000000354386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b94df2453ea083f2021-12-21 10:28:01.944root 11241100x8000000000000000354387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3136538b1647d22e2021-12-21 10:28:01.944root 11241100x8000000000000000354388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70c3aae1f0bdddf2021-12-21 10:28:01.945root 11241100x8000000000000000354389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b7e3be640a3bff2021-12-21 10:28:01.945root 11241100x8000000000000000354390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01a240488b712692021-12-21 10:28:01.945root 11241100x8000000000000000354391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b677aaff432b2bc32021-12-21 10:28:01.945root 11241100x8000000000000000354392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25eaa48eb14735812021-12-21 10:28:01.945root 11241100x8000000000000000354393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d85c114b84b9fb2021-12-21 10:28:01.945root 11241100x8000000000000000354394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77fd551201cdc5e2021-12-21 10:28:01.945root 11241100x8000000000000000354395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.328c3f1564c5bd402021-12-21 10:28:01.945root 11241100x8000000000000000354396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03aa8ae39fffa4122021-12-21 10:28:01.945root 11241100x8000000000000000354397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ac9d51c78219212021-12-21 10:28:01.946root 11241100x8000000000000000354398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6039668e2a1376ef2021-12-21 10:28:01.946root 11241100x8000000000000000354399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63feb325a6c116092021-12-21 10:28:01.946root 11241100x8000000000000000354400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98746e08ec10cbaa2021-12-21 10:28:01.946root 11241100x8000000000000000354401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4223de3d7d17fc2021-12-21 10:28:01.946root 11241100x8000000000000000354402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40880ee8703e99792021-12-21 10:28:01.946root 11241100x8000000000000000354403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4352b7b312c2632021-12-21 10:28:01.946root 11241100x8000000000000000354404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162886e703abd87f2021-12-21 10:28:01.946root 11241100x8000000000000000354405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11a3e89e0054ade82021-12-21 10:28:01.946root 11241100x8000000000000000354406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bfa55097d7e01bd2021-12-21 10:28:01.946root 11241100x8000000000000000354407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a1f74e5b4fddb02021-12-21 10:28:01.947root 11241100x8000000000000000354408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d967aabba0992732021-12-21 10:28:01.947root 11241100x8000000000000000354409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a476f25fbdb65bb2021-12-21 10:28:01.947root 11241100x8000000000000000354410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f5c406c801b47b32021-12-21 10:28:01.947root 11241100x8000000000000000354411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8617a997ed4ac9ab2021-12-21 10:28:01.947root 11241100x8000000000000000354412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11890313531efa942021-12-21 10:28:01.947root 11241100x8000000000000000354413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc3915bd9b441a462021-12-21 10:28:01.947root 11241100x8000000000000000354414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49ca3dfe0c154ab2021-12-21 10:28:01.947root 11241100x8000000000000000354415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12659e6803d1e2d2021-12-21 10:28:01.947root 11241100x8000000000000000354416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae42d4bb096869b02021-12-21 10:28:01.948root 11241100x8000000000000000354417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e09b89f6db92ba62021-12-21 10:28:01.948root 11241100x8000000000000000354418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e621709c68a49fad2021-12-21 10:28:01.948root 11241100x8000000000000000354419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d7553908e44ffa2021-12-21 10:28:01.948root 11241100x8000000000000000354420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b020fc79f81ba39d2021-12-21 10:28:01.948root 11241100x8000000000000000354421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8437c8a0d77917162021-12-21 10:28:01.948root 11241100x8000000000000000354422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e98dd27b09077222021-12-21 10:28:01.948root 11241100x8000000000000000354423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af302b2f1d186a02021-12-21 10:28:01.948root 11241100x8000000000000000354424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2726258ce3baf3d2021-12-21 10:28:01.948root 11241100x8000000000000000354425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ce2653fe495b392021-12-21 10:28:01.948root 11241100x8000000000000000354426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ad3a36455dd8b92021-12-21 10:28:01.948root 11241100x8000000000000000354427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf3e7ca9f05a3a92021-12-21 10:28:01.949root 11241100x8000000000000000354428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7acd514b943819e32021-12-21 10:28:01.949root 11241100x8000000000000000354429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110a748c06c986982021-12-21 10:28:01.949root 11241100x8000000000000000354430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e5da14a25533c9c2021-12-21 10:28:01.949root 11241100x8000000000000000354431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2f8d1998191fdf2021-12-21 10:28:01.949root 11241100x8000000000000000354432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a97f7a7790070fc2021-12-21 10:28:01.949root 11241100x8000000000000000354433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef667f89460fe9e92021-12-21 10:28:01.949root 11241100x8000000000000000354434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b9e1c841b0abac2021-12-21 10:28:01.949root 11241100x8000000000000000354435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754011caab21a5f62021-12-21 10:28:01.949root 11241100x8000000000000000354436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b17ce35e3c5aa562021-12-21 10:28:01.949root 11241100x8000000000000000354437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9893ef44c549451f2021-12-21 10:28:01.950root 11241100x8000000000000000354438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89738f36f0a0983e2021-12-21 10:28:01.950root 11241100x8000000000000000354439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6a0a0496084fa52021-12-21 10:28:01.950root 11241100x8000000000000000354440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da73bd53b26801352021-12-21 10:28:01.950root 11241100x8000000000000000354441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c5eb859b615c1d2021-12-21 10:28:01.950root 11241100x8000000000000000354442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d3f75cb4a38ed72021-12-21 10:28:01.950root 11241100x8000000000000000354443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16d8c677f448da82021-12-21 10:28:01.950root 11241100x8000000000000000354444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae483aba2ed8fdc2021-12-21 10:28:01.951root 11241100x8000000000000000354445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166a37d8ce7e963a2021-12-21 10:28:01.951root 11241100x8000000000000000354446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5e060ba6e879c42021-12-21 10:28:01.951root 11241100x8000000000000000354447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54b236b47baff312021-12-21 10:28:01.951root 11241100x8000000000000000354448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eadbb470691b26832021-12-21 10:28:01.951root 11241100x8000000000000000354449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ed706a4e6b84a92021-12-21 10:28:01.951root 11241100x8000000000000000354450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea54c7926c848f112021-12-21 10:28:01.951root 11241100x8000000000000000354451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b604c7de6f81a172021-12-21 10:28:01.951root 11241100x8000000000000000354452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e112372e11a04ab2021-12-21 10:28:01.951root 11241100x8000000000000000354453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd06c7bc19f3fa2a2021-12-21 10:28:01.952root 11241100x8000000000000000354454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9058cc93e8189b102021-12-21 10:28:01.952root 11241100x8000000000000000354455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207a21b95d5906192021-12-21 10:28:01.952root 11241100x8000000000000000354456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f38d529a510b9c2021-12-21 10:28:01.952root 11241100x8000000000000000354457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0e7a9c42a6608c2021-12-21 10:28:01.952root 11241100x8000000000000000354458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4f9ae38d38a9002021-12-21 10:28:01.952root 11241100x8000000000000000354459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7c5f827447e7da2021-12-21 10:28:01.952root 11241100x8000000000000000354460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:01.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130b5e7dfe2043be2021-12-21 10:28:01.952root 11241100x8000000000000000354461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7c21d709487003c2021-12-21 10:28:02.443root 11241100x8000000000000000354462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51076efbaf4a8ac72021-12-21 10:28:02.443root 11241100x8000000000000000354463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cef751f30a2d8ae12021-12-21 10:28:02.444root 11241100x8000000000000000354464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bacbd28ec7f45f2021-12-21 10:28:02.444root 11241100x8000000000000000354465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b605f47b30bf92c92021-12-21 10:28:02.444root 11241100x8000000000000000354466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5774efbde3352082021-12-21 10:28:02.444root 11241100x8000000000000000354467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab490091710fc26d2021-12-21 10:28:02.444root 11241100x8000000000000000354468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.602ef308d3ba8aeb2021-12-21 10:28:02.444root 11241100x8000000000000000354469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb2fa68cfe5759572021-12-21 10:28:02.444root 11241100x8000000000000000354470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a567d7de32548f032021-12-21 10:28:02.444root 11241100x8000000000000000354471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fcf8da42e7400c2021-12-21 10:28:02.444root 11241100x8000000000000000354472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0456f512877bb1982021-12-21 10:28:02.445root 11241100x8000000000000000354473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd2823544edef792021-12-21 10:28:02.445root 11241100x8000000000000000354474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95aafab05d386312021-12-21 10:28:02.445root 11241100x8000000000000000354475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91bf471f6dd0f0e92021-12-21 10:28:02.445root 11241100x8000000000000000354476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0434be8b73a33cb52021-12-21 10:28:02.445root 11241100x8000000000000000354477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c83345d09a0e4e82021-12-21 10:28:02.445root 11241100x8000000000000000354478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6927cf7c82394df42021-12-21 10:28:02.445root 11241100x8000000000000000354479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534e49516216b0f22021-12-21 10:28:02.445root 11241100x8000000000000000354480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80dc061c6de360f2021-12-21 10:28:02.445root 11241100x8000000000000000354481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734e79163ac698ce2021-12-21 10:28:02.445root 11241100x8000000000000000354482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e62d787e94a75792021-12-21 10:28:02.445root 11241100x8000000000000000354483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271c53eb25b6eeec2021-12-21 10:28:02.445root 11241100x8000000000000000354484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafbe0955f162d7f2021-12-21 10:28:02.445root 11241100x8000000000000000354485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0360000756de70012021-12-21 10:28:02.446root 11241100x8000000000000000354486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf83cf18a8d5a9592021-12-21 10:28:02.446root 11241100x8000000000000000354487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b221cb3834891e1e2021-12-21 10:28:02.446root 11241100x8000000000000000354488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59411d7cb8352a962021-12-21 10:28:02.446root 11241100x8000000000000000354489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d0d2f9108fb1162021-12-21 10:28:02.446root 11241100x8000000000000000354490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38242988816a4012021-12-21 10:28:02.446root 11241100x8000000000000000354491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc26e3da492f486b2021-12-21 10:28:02.446root 11241100x8000000000000000354492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6752138330b7434f2021-12-21 10:28:02.446root 11241100x8000000000000000354493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93373f846deb1cc42021-12-21 10:28:02.446root 11241100x8000000000000000354494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d41a4632b9b76f2021-12-21 10:28:02.943root 11241100x8000000000000000354495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ad974eb792d09d2021-12-21 10:28:02.943root 11241100x8000000000000000354496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6f44db1b75f07c2021-12-21 10:28:02.943root 11241100x8000000000000000354497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515a9ab7da3b92512021-12-21 10:28:02.943root 11241100x8000000000000000354498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e53a7dd5321fe552021-12-21 10:28:02.944root 11241100x8000000000000000354499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2343bf3baa04c9872021-12-21 10:28:02.944root 11241100x8000000000000000354500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed84c7b842d221f22021-12-21 10:28:02.944root 11241100x8000000000000000354501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bcfa1e77b2a3a72021-12-21 10:28:02.944root 11241100x8000000000000000354502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a585d01d34fc9b52021-12-21 10:28:02.944root 11241100x8000000000000000354503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f26c7ade798bfc532021-12-21 10:28:02.944root 11241100x8000000000000000354504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb918b42414fffb2021-12-21 10:28:02.944root 11241100x8000000000000000354505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035462aea8bbdb2a2021-12-21 10:28:02.944root 11241100x8000000000000000354506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4410fa6587cc49a32021-12-21 10:28:02.944root 11241100x8000000000000000354507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22a820809da68252021-12-21 10:28:02.944root 11241100x8000000000000000354508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a995a8734cca28172021-12-21 10:28:02.944root 11241100x8000000000000000354509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1cc4f17f64a0132021-12-21 10:28:02.944root 11241100x8000000000000000354510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574e2c62116990d72021-12-21 10:28:02.944root 11241100x8000000000000000354511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1d91e7df22fade52021-12-21 10:28:02.944root 11241100x8000000000000000354512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.418cb74b89f668bb2021-12-21 10:28:02.945root 11241100x8000000000000000354513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0296154b34ffda92021-12-21 10:28:02.945root 11241100x8000000000000000354514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c2da6439791c632021-12-21 10:28:02.945root 11241100x8000000000000000354515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806ac3fa6fcef5172021-12-21 10:28:02.945root 11241100x8000000000000000354516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9588b9e396072bd2021-12-21 10:28:02.945root 11241100x8000000000000000354517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2266e01157bed4c2021-12-21 10:28:02.945root 11241100x8000000000000000354518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ee43b040ca08fe2021-12-21 10:28:02.945root 11241100x8000000000000000354519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3161c354e8a99ca72021-12-21 10:28:02.945root 11241100x8000000000000000354520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.637017e3a792bf002021-12-21 10:28:02.945root 11241100x8000000000000000354521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a2a932bb1f21b92021-12-21 10:28:02.945root 11241100x8000000000000000354522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a223f9738e152cdd2021-12-21 10:28:02.946root 11241100x8000000000000000354523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483cd469426fda152021-12-21 10:28:02.946root 11241100x8000000000000000354524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f11ec7d7413432e2021-12-21 10:28:02.946root 11241100x8000000000000000354525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38d1b2181f7fe012021-12-21 10:28:02.946root 11241100x8000000000000000354526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7bd0fea727742cc2021-12-21 10:28:02.946root 11241100x8000000000000000354527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f82129b967f5a4c2021-12-21 10:28:02.946root 11241100x8000000000000000354528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c54a748286f24842021-12-21 10:28:02.946root 11241100x8000000000000000354529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f71bc5d9f5a0602021-12-21 10:28:02.946root 11241100x8000000000000000354530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7d3f0a14ffb5742021-12-21 10:28:02.946root 11241100x8000000000000000354531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:02.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558350183c96cb592021-12-21 10:28:02.947root 11241100x8000000000000000354532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ace2f8df29376f2c2021-12-21 10:28:03.443root 11241100x8000000000000000354533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292a68375bde3a0e2021-12-21 10:28:03.443root 11241100x8000000000000000354534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b78ccfcaf53cd742021-12-21 10:28:03.443root 11241100x8000000000000000354535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26034e5aef4b28e2021-12-21 10:28:03.444root 11241100x8000000000000000354536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f4fbc385d306ab2021-12-21 10:28:03.444root 11241100x8000000000000000354537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e919b3f039a52dd62021-12-21 10:28:03.444root 11241100x8000000000000000354538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121a1e9731cfec7e2021-12-21 10:28:03.444root 11241100x8000000000000000354539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a21a3d6cee7dbc02021-12-21 10:28:03.444root 11241100x8000000000000000354540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c036930b779ce6ce2021-12-21 10:28:03.444root 11241100x8000000000000000354541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ee53ba1753184642021-12-21 10:28:03.444root 11241100x8000000000000000354542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab0775800456dc22021-12-21 10:28:03.444root 11241100x8000000000000000354543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ffb94438bfc800b2021-12-21 10:28:03.444root 11241100x8000000000000000354544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5996ca3d848488d02021-12-21 10:28:03.444root 11241100x8000000000000000354545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b297c146039594152021-12-21 10:28:03.445root 11241100x8000000000000000354546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef6d601084544f22021-12-21 10:28:03.445root 11241100x8000000000000000354547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2abc370f329a7ac72021-12-21 10:28:03.445root 11241100x8000000000000000354548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f560850bc91760452021-12-21 10:28:03.445root 11241100x8000000000000000354549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ae58d33695180f2021-12-21 10:28:03.445root 11241100x8000000000000000354550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a915fa8661291372021-12-21 10:28:03.445root 11241100x8000000000000000354551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1508bf3dd842f1c92021-12-21 10:28:03.445root 11241100x8000000000000000354552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0cd30e14b5ee7b2021-12-21 10:28:03.445root 11241100x8000000000000000354553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1393667d561ffd12021-12-21 10:28:03.445root 11241100x8000000000000000354554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e006914da2cdb8c92021-12-21 10:28:03.445root 11241100x8000000000000000354555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d602028fbfca0c2d2021-12-21 10:28:03.446root 11241100x8000000000000000354556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1e8fd25b28f5ad2021-12-21 10:28:03.446root 11241100x8000000000000000354557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b681d038a28fa492021-12-21 10:28:03.446root 11241100x8000000000000000354558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aee93e1778bfc852021-12-21 10:28:03.446root 11241100x8000000000000000354559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36b8d006479b9932021-12-21 10:28:03.446root 11241100x8000000000000000354560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.476d3b2aedceb59c2021-12-21 10:28:03.446root 11241100x8000000000000000354561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed14d064e49f876c2021-12-21 10:28:03.446root 11241100x8000000000000000354562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eedff9169fc215802021-12-21 10:28:03.446root 11241100x8000000000000000354563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc35f53133b60f242021-12-21 10:28:03.446root 11241100x8000000000000000354564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc8244267d25df82021-12-21 10:28:03.447root 11241100x8000000000000000354565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757a18eee0caea442021-12-21 10:28:03.447root 11241100x8000000000000000354566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8d45e4f4b2c8ac2021-12-21 10:28:03.447root 11241100x8000000000000000354567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7e004eb4c228f32021-12-21 10:28:03.447root 11241100x8000000000000000354568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b686e128d82d46ff2021-12-21 10:28:03.943root 11241100x8000000000000000354569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31246bda05c110102021-12-21 10:28:03.943root 11241100x8000000000000000354570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc7952f0f36e1f702021-12-21 10:28:03.943root 11241100x8000000000000000354571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09870f7c1cea21e82021-12-21 10:28:03.943root 11241100x8000000000000000354572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d58cf0a082784af2021-12-21 10:28:03.944root 11241100x8000000000000000354573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e0cbf00b100ff32021-12-21 10:28:03.944root 11241100x8000000000000000354574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bbae880a4bed21f2021-12-21 10:28:03.944root 11241100x8000000000000000354575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed7b249674b6e3d2021-12-21 10:28:03.944root 11241100x8000000000000000354576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d298071fb808d512021-12-21 10:28:03.944root 11241100x8000000000000000354577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507ba60d990cafb92021-12-21 10:28:03.944root 11241100x8000000000000000354578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5023bfe1c64df1a82021-12-21 10:28:03.944root 11241100x8000000000000000354579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a372a3b62139415b2021-12-21 10:28:03.944root 11241100x8000000000000000354580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015caf6edcc0f9242021-12-21 10:28:03.944root 11241100x8000000000000000354581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035338d08834e6712021-12-21 10:28:03.944root 11241100x8000000000000000354582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d48b4389cec265f62021-12-21 10:28:03.945root 11241100x8000000000000000354583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45b381ada3c6f6262021-12-21 10:28:03.945root 11241100x8000000000000000354584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5e0b233332fce72021-12-21 10:28:03.945root 11241100x8000000000000000354585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8b68b69697ddfc2021-12-21 10:28:03.945root 11241100x8000000000000000354586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911a209662398a052021-12-21 10:28:03.945root 11241100x8000000000000000354587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3629b68adc9c472021-12-21 10:28:03.946root 11241100x8000000000000000354588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c622eaf2a13bdc2021-12-21 10:28:03.946root 11241100x8000000000000000354589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b154159988a26ef2021-12-21 10:28:03.947root 11241100x8000000000000000354590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5715ffd582dea72021-12-21 10:28:03.947root 11241100x8000000000000000354591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce3042f8002b9c12021-12-21 10:28:03.947root 11241100x8000000000000000354592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc2da99985304802021-12-21 10:28:03.947root 11241100x8000000000000000354593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c5615d4275fd5c2021-12-21 10:28:03.947root 11241100x8000000000000000354594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6c64dabfdf2c2e2021-12-21 10:28:03.947root 11241100x8000000000000000354595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef0b60bf94100ff2021-12-21 10:28:03.948root 11241100x8000000000000000354596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0641e6b13e9341b2021-12-21 10:28:03.948root 11241100x8000000000000000354597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495b9fe47ce43c452021-12-21 10:28:03.948root 11241100x8000000000000000354598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1516ac309539dd2021-12-21 10:28:03.948root 11241100x8000000000000000354599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1044bdce8f2c912021-12-21 10:28:03.948root 11241100x8000000000000000354600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b0a85a11cddaaa2021-12-21 10:28:03.948root 11241100x8000000000000000354601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb34660520215612021-12-21 10:28:03.948root 11241100x8000000000000000354602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebbd907aa476ab352021-12-21 10:28:03.948root 11241100x8000000000000000354603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60237136f56d2262021-12-21 10:28:03.948root 11241100x8000000000000000354604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73a6c7abd384ccb2021-12-21 10:28:03.948root 11241100x8000000000000000354605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ee776af267a4b22021-12-21 10:28:03.948root 11241100x8000000000000000354606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd492f0561e6d5292021-12-21 10:28:03.948root 11241100x8000000000000000354607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a56659bbe35208a92021-12-21 10:28:03.948root 11241100x8000000000000000354608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5222e9b6ae9f0fc42021-12-21 10:28:03.949root 11241100x8000000000000000354609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0a491aacf6875d2021-12-21 10:28:03.949root 11241100x8000000000000000354610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c2056473187fa42021-12-21 10:28:03.949root 11241100x8000000000000000354611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe2846f97346eac2021-12-21 10:28:03.949root 11241100x8000000000000000354612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c25dde3ce19aaad2021-12-21 10:28:03.949root 11241100x8000000000000000354613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f123819f6609dda2021-12-21 10:28:03.949root 11241100x8000000000000000354614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260131467bf879912021-12-21 10:28:03.949root 11241100x8000000000000000354615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c166b456859538fc2021-12-21 10:28:03.949root 11241100x8000000000000000354616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137010cb3a69f3f32021-12-21 10:28:03.949root 11241100x8000000000000000354617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fba50875d16e7f92021-12-21 10:28:03.949root 11241100x8000000000000000354618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d723260f3c3b792021-12-21 10:28:03.949root 11241100x8000000000000000354619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:03.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eebf40c92d1c3d392021-12-21 10:28:03.949root 11241100x8000000000000000354620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3934b4b83f7331512021-12-21 10:28:04.443root 11241100x8000000000000000354621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b012c89e5607b82021-12-21 10:28:04.443root 11241100x8000000000000000354622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee5ecd62d28712e2021-12-21 10:28:04.443root 11241100x8000000000000000354623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a284f7d34d722712021-12-21 10:28:04.443root 11241100x8000000000000000354624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6bf3e164092fb42021-12-21 10:28:04.443root 11241100x8000000000000000354625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f92da81c513dc62021-12-21 10:28:04.443root 11241100x8000000000000000354626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42bc18e6aa2cdddf2021-12-21 10:28:04.444root 11241100x8000000000000000354627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ea2ef16227089c2021-12-21 10:28:04.444root 11241100x8000000000000000354628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156ce50a98f3b7722021-12-21 10:28:04.444root 11241100x8000000000000000354629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d1a63b635706062021-12-21 10:28:04.444root 11241100x8000000000000000354630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60bd9b92e5cce4022021-12-21 10:28:04.444root 11241100x8000000000000000354631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a407c33e360f9c42021-12-21 10:28:04.444root 11241100x8000000000000000354632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8813fabac1bdea2021-12-21 10:28:04.444root 11241100x8000000000000000354633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48004b0cf2e294f2021-12-21 10:28:04.444root 11241100x8000000000000000354634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beb844c60332f0332021-12-21 10:28:04.445root 11241100x8000000000000000354635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1c992ecf8f6fca2021-12-21 10:28:04.445root 11241100x8000000000000000354636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07c36f53c9b7a312021-12-21 10:28:04.445root 11241100x8000000000000000354637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58f6679d84194b742021-12-21 10:28:04.445root 11241100x8000000000000000354638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d500b0da99241aad2021-12-21 10:28:04.445root 11241100x8000000000000000354639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2db25507a95e95d2021-12-21 10:28:04.445root 11241100x8000000000000000354640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051cc81a07ae95772021-12-21 10:28:04.445root 11241100x8000000000000000354641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126d5044dc8e03f22021-12-21 10:28:04.445root 11241100x8000000000000000354642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6fd59f8b8b88d542021-12-21 10:28:04.445root 11241100x8000000000000000354643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b406f84c9f38abd52021-12-21 10:28:04.445root 11241100x8000000000000000354644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63946e50caff51eb2021-12-21 10:28:04.446root 11241100x8000000000000000354645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0456a72fbfbbd62021-12-21 10:28:04.446root 11241100x8000000000000000354646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85db511ded64f0622021-12-21 10:28:04.446root 11241100x8000000000000000354647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03aff442869071df2021-12-21 10:28:04.446root 11241100x8000000000000000354648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c91233094c907d2021-12-21 10:28:04.446root 11241100x8000000000000000354649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2681ac9d86fad2722021-12-21 10:28:04.446root 11241100x8000000000000000354650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c670bf111348622021-12-21 10:28:04.446root 11241100x8000000000000000354651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d291de05a613d9222021-12-21 10:28:04.446root 11241100x8000000000000000354652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac8183d6219736a2021-12-21 10:28:04.446root 11241100x8000000000000000354653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2e9b6e77d949992021-12-21 10:28:04.446root 11241100x8000000000000000354654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d816f0bc8122d5c2021-12-21 10:28:04.447root 11241100x8000000000000000354655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e6391d884670cc82021-12-21 10:28:04.447root 11241100x8000000000000000354656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2d4af1f91be1052021-12-21 10:28:04.447root 11241100x8000000000000000354657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93a87fb865a5b1612021-12-21 10:28:04.447root 11241100x8000000000000000354658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e292e9bf7ab6a462021-12-21 10:28:04.447root 11241100x8000000000000000354659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7816ed93c8ff2e92021-12-21 10:28:04.447root 11241100x8000000000000000354660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fafe37ea0cae31002021-12-21 10:28:04.447root 11241100x8000000000000000354661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35e6d2e69d964e02021-12-21 10:28:04.447root 11241100x8000000000000000354662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0effc6bf9a160c22021-12-21 10:28:04.447root 11241100x8000000000000000354663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfad3b0396ce07e92021-12-21 10:28:04.447root 11241100x8000000000000000354664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb5b6331fa0834af2021-12-21 10:28:04.447root 11241100x8000000000000000354665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871141981d10417b2021-12-21 10:28:04.448root 11241100x8000000000000000354666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b44148bbad097f2021-12-21 10:28:04.448root 11241100x8000000000000000354667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d2fba784f54449f2021-12-21 10:28:04.448root 11241100x8000000000000000354668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958df0e6a2ac27a92021-12-21 10:28:04.448root 11241100x8000000000000000354669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ef1790fe0a9d1b2021-12-21 10:28:04.448root 11241100x8000000000000000354670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e53908c71720ae2021-12-21 10:28:04.448root 11241100x8000000000000000354671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d731e40ae6247a832021-12-21 10:28:04.448root 11241100x8000000000000000354672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d25de89bea021c32021-12-21 10:28:04.448root 11241100x8000000000000000354673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98e1d00b6b82ada02021-12-21 10:28:04.453root 11241100x8000000000000000354674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca80bf790640a8c2021-12-21 10:28:04.453root 11241100x8000000000000000354675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a798013d84fd8bec2021-12-21 10:28:04.453root 11241100x8000000000000000354676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d25149fd5c683ab2021-12-21 10:28:04.453root 11241100x8000000000000000354677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c125f5a8f8760332021-12-21 10:28:04.453root 11241100x8000000000000000354678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a1522ccf6949d02021-12-21 10:28:04.453root 11241100x8000000000000000354679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.998a032c8c0ad71e2021-12-21 10:28:04.453root 11241100x8000000000000000354680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fe202e9eb050cf2021-12-21 10:28:04.453root 11241100x8000000000000000354681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24598201dc16133a2021-12-21 10:28:04.453root 11241100x8000000000000000354682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a61283b475696f2021-12-21 10:28:04.454root 11241100x8000000000000000354683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7576446da9ccc7a12021-12-21 10:28:04.454root 11241100x8000000000000000354684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f5f2f206c9082f2021-12-21 10:28:04.454root 11241100x8000000000000000354685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d20ba18694400392021-12-21 10:28:04.454root 11241100x8000000000000000354686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20d494df82332d72021-12-21 10:28:04.454root 11241100x8000000000000000354687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc6bca86c04b8992021-12-21 10:28:04.454root 11241100x8000000000000000354688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22162501eac06f0a2021-12-21 10:28:04.454root 11241100x8000000000000000354689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9364a71776d4e13f2021-12-21 10:28:04.454root 11241100x8000000000000000354690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f45c4b5e5f04e782021-12-21 10:28:04.454root 11241100x8000000000000000354691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29475df9c5d67d5a2021-12-21 10:28:04.454root 11241100x8000000000000000354692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b98f4edd8898712021-12-21 10:28:04.454root 11241100x8000000000000000354693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b706477dcdcd7d2021-12-21 10:28:04.454root 11241100x8000000000000000354694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75475db9b038949e2021-12-21 10:28:04.454root 11241100x8000000000000000354695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8d55de0f235dcd2021-12-21 10:28:04.455root 11241100x8000000000000000354696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7405ab16b4c5def2021-12-21 10:28:04.455root 11241100x8000000000000000354697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbea19c7f2665722021-12-21 10:28:04.943root 11241100x8000000000000000354698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621607c3ee7182512021-12-21 10:28:04.943root 11241100x8000000000000000354699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ab28c1f406bd482021-12-21 10:28:04.943root 11241100x8000000000000000354700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b5c5e05c9fc7052021-12-21 10:28:04.943root 11241100x8000000000000000354701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3daa74e48e51d22021-12-21 10:28:04.943root 11241100x8000000000000000354702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f454bb2ea9296cf2021-12-21 10:28:04.944root 11241100x8000000000000000354703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27dc421b28fec772021-12-21 10:28:04.944root 11241100x8000000000000000354704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412a024276a734072021-12-21 10:28:04.944root 11241100x8000000000000000354705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bcbcea3747c0fdb2021-12-21 10:28:04.944root 11241100x8000000000000000354706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3753dd9b98922e2021-12-21 10:28:04.944root 11241100x8000000000000000354707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72a2bd7b9b918ae2021-12-21 10:28:04.944root 11241100x8000000000000000354708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb240f85a8c60402021-12-21 10:28:04.944root 11241100x8000000000000000354709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489ac3a7c1bb54e82021-12-21 10:28:04.944root 11241100x8000000000000000354710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.564b7315dc602a5a2021-12-21 10:28:04.944root 11241100x8000000000000000354711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af83ceb2058bfc8e2021-12-21 10:28:04.944root 11241100x8000000000000000354712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c409f48db94a49f52021-12-21 10:28:04.944root 11241100x8000000000000000354713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76e03b88c739fba2021-12-21 10:28:04.944root 11241100x8000000000000000354714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25193ba9f0764f9b2021-12-21 10:28:04.944root 11241100x8000000000000000354715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bada4fb318b01352021-12-21 10:28:04.944root 11241100x8000000000000000354716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f3015533061d152021-12-21 10:28:04.944root 11241100x8000000000000000354717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52e66dc9750c8632021-12-21 10:28:04.944root 11241100x8000000000000000354718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e037453068bd33d82021-12-21 10:28:04.945root 11241100x8000000000000000354719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e84ea98ee7f0d24e2021-12-21 10:28:04.945root 11241100x8000000000000000354720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c63f66171a6d1412021-12-21 10:28:04.945root 11241100x8000000000000000354721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ac732250f132822021-12-21 10:28:04.945root 11241100x8000000000000000354722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5036dcae7086de3e2021-12-21 10:28:04.945root 11241100x8000000000000000354723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e0a29271a45ea82021-12-21 10:28:04.945root 11241100x8000000000000000354724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761b09acb9d402812021-12-21 10:28:04.945root 11241100x8000000000000000354725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09eb599cb53fe032021-12-21 10:28:04.945root 11241100x8000000000000000354726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715a2ed0730c5c4c2021-12-21 10:28:04.945root 11241100x8000000000000000354727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623ef3b2e90929ce2021-12-21 10:28:04.945root 11241100x8000000000000000354728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce963d62148d7b072021-12-21 10:28:04.945root 11241100x8000000000000000354729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1de49608c8a0c4ff2021-12-21 10:28:04.945root 354300x8000000000000000354730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.182{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47140-false10.0.1.12-8000- 11241100x8000000000000000354731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f351485ba36a78a32021-12-21 10:28:05.443root 11241100x8000000000000000354732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f2e83f71d8d0be2021-12-21 10:28:05.443root 11241100x8000000000000000354733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed856283adcd49872021-12-21 10:28:05.444root 11241100x8000000000000000354734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7342e868563fc57e2021-12-21 10:28:05.444root 11241100x8000000000000000354735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51fdb4c3d9d4bc22021-12-21 10:28:05.445root 11241100x8000000000000000354736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bbd2f0067255f212021-12-21 10:28:05.445root 11241100x8000000000000000354737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18615dc429c481282021-12-21 10:28:05.445root 11241100x8000000000000000354738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2be79bcbd4514d42021-12-21 10:28:05.445root 11241100x8000000000000000354739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a646ac028c3f42db2021-12-21 10:28:05.445root 11241100x8000000000000000354740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8581d42d693fb5412021-12-21 10:28:05.445root 11241100x8000000000000000354741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e534a7198a9138332021-12-21 10:28:05.446root 11241100x8000000000000000354742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd4566cd9a42b49e2021-12-21 10:28:05.446root 11241100x8000000000000000354743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.183f3dd1ae5835462021-12-21 10:28:05.446root 11241100x8000000000000000354744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7878933a65ab395b2021-12-21 10:28:05.446root 11241100x8000000000000000354745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfca55dbbfcff882021-12-21 10:28:05.447root 11241100x8000000000000000354746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edcefabb971550602021-12-21 10:28:05.447root 11241100x8000000000000000354747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd6bf588ee60a682021-12-21 10:28:05.447root 11241100x8000000000000000354748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a3bd51b11d03a62021-12-21 10:28:05.447root 11241100x8000000000000000354749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf1a33381e275302021-12-21 10:28:05.447root 11241100x8000000000000000354750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b14c097be805eb2021-12-21 10:28:05.447root 11241100x8000000000000000354751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a8dbbdfa51faea52021-12-21 10:28:05.448root 11241100x8000000000000000354752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2ca83b55a8b58a2021-12-21 10:28:05.448root 11241100x8000000000000000354753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e8a6cccd860d662021-12-21 10:28:05.448root 11241100x8000000000000000354754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72247f79905119862021-12-21 10:28:05.448root 11241100x8000000000000000354755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71a21cc830e78f0f2021-12-21 10:28:05.448root 11241100x8000000000000000354756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0ed6c79b01ff032021-12-21 10:28:05.448root 11241100x8000000000000000354757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3556f1077ebdc0b2021-12-21 10:28:05.448root 11241100x8000000000000000354758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2193d36061ff8f2021-12-21 10:28:05.448root 11241100x8000000000000000354759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515c3ad3bcf03e9a2021-12-21 10:28:05.448root 11241100x8000000000000000354760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3775786d187f812021-12-21 10:28:05.448root 11241100x8000000000000000354761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3de07a55e560a52021-12-21 10:28:05.448root 11241100x8000000000000000354762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10886a9f4c987cac2021-12-21 10:28:05.448root 11241100x8000000000000000354763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3016411226b78bad2021-12-21 10:28:05.449root 11241100x8000000000000000354764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125945c5631f929a2021-12-21 10:28:05.449root 11241100x8000000000000000354765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a0395fe35ed6d92021-12-21 10:28:05.449root 11241100x8000000000000000354766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.877b032d5e206a652021-12-21 10:28:05.943root 11241100x8000000000000000354767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69ae7099dfb56812021-12-21 10:28:05.943root 11241100x8000000000000000354768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f74537ce60ff9572021-12-21 10:28:05.943root 11241100x8000000000000000354769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aca6c4f3b2859fcd2021-12-21 10:28:05.943root 11241100x8000000000000000354770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77827f3c59341702021-12-21 10:28:05.944root 11241100x8000000000000000354771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537d6e8d7dffe36e2021-12-21 10:28:05.944root 11241100x8000000000000000354772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f818c292c8e4a72021-12-21 10:28:05.944root 11241100x8000000000000000354773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19df79757eacbcff2021-12-21 10:28:05.944root 11241100x8000000000000000354774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74ea74ad4ade9642021-12-21 10:28:05.944root 11241100x8000000000000000354775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746f5b4da216caa12021-12-21 10:28:05.944root 11241100x8000000000000000354776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01447f09a796f83f2021-12-21 10:28:05.944root 11241100x8000000000000000354777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c25f7f48254c24922021-12-21 10:28:05.944root 11241100x8000000000000000354778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ae700f4eafac432021-12-21 10:28:05.944root 11241100x8000000000000000354779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fca4064a4a789f62021-12-21 10:28:05.944root 11241100x8000000000000000354780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a9933512b3451e32021-12-21 10:28:05.944root 11241100x8000000000000000354781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f3550e1d52c12d2021-12-21 10:28:05.944root 11241100x8000000000000000354782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046018eccf3823282021-12-21 10:28:05.944root 11241100x8000000000000000354783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7680752b019ec7942021-12-21 10:28:05.944root 11241100x8000000000000000354784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4be93bf7ab587e2021-12-21 10:28:05.944root 11241100x8000000000000000354785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3df3cf5e0a5d16c42021-12-21 10:28:05.944root 11241100x8000000000000000354786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac7ad0e8ff785812021-12-21 10:28:05.945root 11241100x8000000000000000354787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8550afa2bedb26f2021-12-21 10:28:05.945root 11241100x8000000000000000354788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63ba89322e18bc52021-12-21 10:28:05.945root 11241100x8000000000000000354789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b86be8518c74a7032021-12-21 10:28:05.945root 11241100x8000000000000000354790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe41e513dad20662021-12-21 10:28:05.945root 11241100x8000000000000000354791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2270995a751566d52021-12-21 10:28:05.945root 11241100x8000000000000000354792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620870428d0f69492021-12-21 10:28:05.945root 11241100x8000000000000000354793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073895a60219d22f2021-12-21 10:28:05.945root 11241100x8000000000000000354794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1079bcb8ffa4dc92021-12-21 10:28:05.945root 11241100x8000000000000000354795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b6843de63dc0412021-12-21 10:28:05.945root 11241100x8000000000000000354796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9aa9858c8adfba42021-12-21 10:28:05.945root 11241100x8000000000000000354797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff7c4f3389e1ff32021-12-21 10:28:05.945root 11241100x8000000000000000354798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b06936c417619aa2021-12-21 10:28:05.945root 11241100x8000000000000000354799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3013996177bca002021-12-21 10:28:05.945root 11241100x8000000000000000354800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d315cf9a17080a22021-12-21 10:28:05.945root 11241100x8000000000000000354801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b39aaa7d52369502021-12-21 10:28:05.945root 11241100x8000000000000000354802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa46b35429ba8772021-12-21 10:28:05.946root 11241100x8000000000000000354803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948c73d596177ea02021-12-21 10:28:05.946root 11241100x8000000000000000354804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.051be6e97e1632a62021-12-21 10:28:05.946root 11241100x8000000000000000354805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e78d132d2c03cae2021-12-21 10:28:05.946root 11241100x8000000000000000354806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13175871e968d8b62021-12-21 10:28:05.946root 11241100x8000000000000000354807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910f517c4dae4c7c2021-12-21 10:28:05.946root 11241100x8000000000000000354808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e0da1541a1a709c2021-12-21 10:28:05.946root 11241100x8000000000000000354809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d64a9056144e73b2021-12-21 10:28:05.946root 11241100x8000000000000000354810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc2e33c47fa733c2021-12-21 10:28:05.946root 11241100x8000000000000000354811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ef703312267be42021-12-21 10:28:05.946root 11241100x8000000000000000354812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f702137cda3d49082021-12-21 10:28:05.946root 11241100x8000000000000000354813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4fccf21ee665d72021-12-21 10:28:05.946root 11241100x8000000000000000354814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e51df5ddee7778c2021-12-21 10:28:05.946root 11241100x8000000000000000354815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d122797ddeaf0f2021-12-21 10:28:05.946root 11241100x8000000000000000354816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b796ffc7583dcb852021-12-21 10:28:05.946root 11241100x8000000000000000354817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7af739928e07dd52021-12-21 10:28:05.946root 11241100x8000000000000000354818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c10811c2686a7f2021-12-21 10:28:05.946root 11241100x8000000000000000354819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea53c13d28b55d742021-12-21 10:28:05.947root 11241100x8000000000000000354820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a16106a54300b9f22021-12-21 10:28:05.947root 11241100x8000000000000000354821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d7f850d19989152021-12-21 10:28:05.947root 11241100x8000000000000000354822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcb95923968d3b82021-12-21 10:28:05.947root 11241100x8000000000000000354823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6a9c48188d4e882021-12-21 10:28:05.947root 11241100x8000000000000000354824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6bcd21025b889282021-12-21 10:28:05.947root 11241100x8000000000000000354825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf87abb80c618ff22021-12-21 10:28:05.947root 11241100x8000000000000000354826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a036e3664d8dd7ae2021-12-21 10:28:05.947root 11241100x8000000000000000354827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331b45ae750f4c132021-12-21 10:28:05.947root 11241100x8000000000000000354828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351ee9f14a0d061e2021-12-21 10:28:05.947root 11241100x8000000000000000354829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a92e86c3e78e342021-12-21 10:28:05.947root 11241100x8000000000000000354830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae9ca93ab87fe262021-12-21 10:28:05.947root 11241100x8000000000000000354831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57258435f386928c2021-12-21 10:28:05.947root 11241100x8000000000000000354832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706d7e9f1979015a2021-12-21 10:28:05.947root 11241100x8000000000000000354833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43b25e72737cea42021-12-21 10:28:05.947root 11241100x8000000000000000354834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1288fe3ee976103d2021-12-21 10:28:05.947root 11241100x8000000000000000354835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747867e49bd236682021-12-21 10:28:05.948root 11241100x8000000000000000354836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134410bdcb151c152021-12-21 10:28:05.948root 11241100x8000000000000000354837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:05.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d785055d837cda2021-12-21 10:28:05.948root 11241100x8000000000000000354838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.348{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:28:06.348root 11241100x8000000000000000354839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bffd6959ea952b312021-12-21 10:28:06.349root 11241100x8000000000000000354840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16fca7419dcb6b732021-12-21 10:28:06.349root 11241100x8000000000000000354841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ec2f56aeb9f8592021-12-21 10:28:06.349root 11241100x8000000000000000354842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5959c130aa78fde22021-12-21 10:28:06.349root 11241100x8000000000000000354843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984ac4a9f7397fdc2021-12-21 10:28:06.349root 11241100x8000000000000000354844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7af8569f483cc2cd2021-12-21 10:28:06.349root 11241100x8000000000000000354845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846632481790a51a2021-12-21 10:28:06.349root 11241100x8000000000000000354846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694c0cbc08aec4b92021-12-21 10:28:06.349root 11241100x8000000000000000354847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ee2af0a42f6cfb2021-12-21 10:28:06.349root 11241100x8000000000000000354848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908d45b5b6ee177c2021-12-21 10:28:06.349root 11241100x8000000000000000354849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc9da4a021d4ccfa2021-12-21 10:28:06.349root 11241100x8000000000000000354850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078d538b418fb3d82021-12-21 10:28:06.349root 11241100x8000000000000000354851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438cc982873e8d572021-12-21 10:28:06.349root 11241100x8000000000000000354852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47b0b1920ea5112c2021-12-21 10:28:06.349root 11241100x8000000000000000354853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5362d5eae78834062021-12-21 10:28:06.350root 11241100x8000000000000000354854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75dddc16be070a5d2021-12-21 10:28:06.350root 11241100x8000000000000000354855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6125d7ff762553dd2021-12-21 10:28:06.350root 11241100x8000000000000000354856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b3c8ea7a1836a52021-12-21 10:28:06.350root 11241100x8000000000000000354857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cfd65302775f9762021-12-21 10:28:06.350root 11241100x8000000000000000354858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4be843b21d2e652021-12-21 10:28:06.350root 11241100x8000000000000000354859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454ee12ac83457f82021-12-21 10:28:06.350root 11241100x8000000000000000354860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f37c5bf7b30414a22021-12-21 10:28:06.350root 11241100x8000000000000000354861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391bd8dee3eea45a2021-12-21 10:28:06.350root 11241100x8000000000000000354862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b48c2d8b14e0682021-12-21 10:28:06.350root 11241100x8000000000000000354863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0d2d7eb1b618292021-12-21 10:28:06.350root 11241100x8000000000000000354864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.164b94ffbadb4dfd2021-12-21 10:28:06.350root 11241100x8000000000000000354865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63865d46da22dbab2021-12-21 10:28:06.350root 11241100x8000000000000000354866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0160bc9dea9aad7a2021-12-21 10:28:06.350root 11241100x8000000000000000354867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8885876d155b6d92021-12-21 10:28:06.350root 11241100x8000000000000000354868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87c61373faa82da2021-12-21 10:28:06.350root 11241100x8000000000000000354869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7c6241153aedbcb2021-12-21 10:28:06.351root 11241100x8000000000000000354870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7beffe36e110f1e2021-12-21 10:28:06.351root 11241100x8000000000000000354871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86a35a5030b448f2021-12-21 10:28:06.351root 11241100x8000000000000000354872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ab91c8c2c0580d2021-12-21 10:28:06.351root 11241100x8000000000000000354873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6226abca1745dda2021-12-21 10:28:06.351root 11241100x8000000000000000354874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def2b37a469b145c2021-12-21 10:28:06.693root 11241100x8000000000000000354875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fcbee4304e7c91c2021-12-21 10:28:06.693root 11241100x8000000000000000354876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384aafbf188766b12021-12-21 10:28:06.694root 11241100x8000000000000000354877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63fa6aa8e2ff54d72021-12-21 10:28:06.694root 11241100x8000000000000000354878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef15836732c9966d2021-12-21 10:28:06.694root 11241100x8000000000000000354879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f174f9a2ded97ba62021-12-21 10:28:06.694root 11241100x8000000000000000354880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61270cc22f8147fa2021-12-21 10:28:06.694root 11241100x8000000000000000354881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c864f620ccbdae182021-12-21 10:28:06.694root 11241100x8000000000000000354882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.884ee9deb141ea8e2021-12-21 10:28:06.694root 11241100x8000000000000000354883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121aba0d773d3e0c2021-12-21 10:28:06.695root 11241100x8000000000000000354884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbdf94dd3f2d3f3c2021-12-21 10:28:06.695root 11241100x8000000000000000354885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a97298c6714dba2021-12-21 10:28:06.695root 11241100x8000000000000000354886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b458b9c39152341b2021-12-21 10:28:06.696root 11241100x8000000000000000354887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7024fbae73eab6022021-12-21 10:28:06.697root 11241100x8000000000000000354888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455d972085da27fa2021-12-21 10:28:06.697root 11241100x8000000000000000354889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2592c37380d3f9322021-12-21 10:28:06.697root 11241100x8000000000000000354890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c7e9c4e3c0e6072021-12-21 10:28:06.697root 11241100x8000000000000000354891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4ef9d8f5ea69322021-12-21 10:28:06.697root 11241100x8000000000000000354892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40d25199acb15d72021-12-21 10:28:06.697root 11241100x8000000000000000354893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa65217bbf86ed682021-12-21 10:28:06.698root 11241100x8000000000000000354894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24d90f378d1d9412021-12-21 10:28:06.698root 11241100x8000000000000000354895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d27990c80afe290f2021-12-21 10:28:06.698root 11241100x8000000000000000354896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519d5cf0645f8c442021-12-21 10:28:06.698root 11241100x8000000000000000354897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6363ccce680edd872021-12-21 10:28:06.698root 11241100x8000000000000000354898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde374ab17a6110f2021-12-21 10:28:06.698root 11241100x8000000000000000354899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b045698641468632021-12-21 10:28:06.698root 11241100x8000000000000000354900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.539476b686b73b1b2021-12-21 10:28:06.698root 11241100x8000000000000000354901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479ecbdd5264b2b02021-12-21 10:28:06.698root 11241100x8000000000000000354902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3bd744643371ce2021-12-21 10:28:06.698root 11241100x8000000000000000354903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7afe3ef6b6b2e362021-12-21 10:28:06.699root 11241100x8000000000000000354904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425e195019f3231d2021-12-21 10:28:06.699root 11241100x8000000000000000354905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7676f906154f17d2021-12-21 10:28:06.699root 11241100x8000000000000000354906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba83f6391820f70e2021-12-21 10:28:06.699root 11241100x8000000000000000354907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431dee5bc72879332021-12-21 10:28:06.699root 11241100x8000000000000000354908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b08e265e682a8462021-12-21 10:28:06.699root 11241100x8000000000000000354909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115cd09a3972c8b32021-12-21 10:28:06.699root 11241100x8000000000000000354910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e2a33d9fa1b2b82021-12-21 10:28:06.699root 11241100x8000000000000000354911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f2cb1c6288b9e02021-12-21 10:28:06.700root 11241100x8000000000000000354912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a1d9dc9692efae2021-12-21 10:28:06.700root 11241100x8000000000000000354913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb45806da9d127f2021-12-21 10:28:06.700root 11241100x8000000000000000354914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ad4e515e68c3b32021-12-21 10:28:06.700root 11241100x8000000000000000354915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49cf9334f92aa3a2021-12-21 10:28:06.700root 11241100x8000000000000000354916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2dc8b8526403c252021-12-21 10:28:06.700root 11241100x8000000000000000354917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14958af8e9b7f012021-12-21 10:28:06.700root 11241100x8000000000000000354918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b7b0299c5549142021-12-21 10:28:06.700root 11241100x8000000000000000354919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdbb4b94a6f7f3232021-12-21 10:28:06.701root 11241100x8000000000000000354920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592eb22bec793a672021-12-21 10:28:06.701root 11241100x8000000000000000354921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970caa4993bc82cd2021-12-21 10:28:06.701root 11241100x8000000000000000354922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:06.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3f6ec6abd6ba692021-12-21 10:28:06.701root 11241100x8000000000000000354923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e15ff1f3fc11e32021-12-21 10:28:07.193root 11241100x8000000000000000354924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8068ba737bdee922021-12-21 10:28:07.193root 11241100x8000000000000000354925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8162d7538441a8e72021-12-21 10:28:07.193root 11241100x8000000000000000354926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e908aa50ac18bc2021-12-21 10:28:07.193root 11241100x8000000000000000354927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e11250e56e426c412021-12-21 10:28:07.193root 11241100x8000000000000000354928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deda3aeaf673b9852021-12-21 10:28:07.193root 11241100x8000000000000000354929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b067067ea1f5ad722021-12-21 10:28:07.193root 11241100x8000000000000000354930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78764c20d44909392021-12-21 10:28:07.193root 11241100x8000000000000000354931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054bdd35a32be53f2021-12-21 10:28:07.194root 11241100x8000000000000000354932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5330a69515510d102021-12-21 10:28:07.194root 11241100x8000000000000000354933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd045902fa02f752021-12-21 10:28:07.194root 11241100x8000000000000000354934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a02b1564f654892021-12-21 10:28:07.194root 11241100x8000000000000000354935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a483b59e0029459a2021-12-21 10:28:07.194root 11241100x8000000000000000354936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f06b6a60ec734e72021-12-21 10:28:07.194root 11241100x8000000000000000354937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6cae1075b7cfc6f2021-12-21 10:28:07.194root 11241100x8000000000000000354938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14861290cb97d0ff2021-12-21 10:28:07.194root 11241100x8000000000000000354939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa4acfb9c008fd62021-12-21 10:28:07.195root 11241100x8000000000000000354940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49977a4758f8cff2021-12-21 10:28:07.195root 11241100x8000000000000000354941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83729e8f3c8184622021-12-21 10:28:07.195root 11241100x8000000000000000354942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c69d95fbc0cdbb02021-12-21 10:28:07.195root 11241100x8000000000000000354943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcc75532f38f2e02021-12-21 10:28:07.195root 11241100x8000000000000000354944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638b0417ee807a7b2021-12-21 10:28:07.195root 11241100x8000000000000000354945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5af89ac276f498b2021-12-21 10:28:07.195root 11241100x8000000000000000354946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ededbe796be64062021-12-21 10:28:07.195root 11241100x8000000000000000354947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec2d652223b1aeb2021-12-21 10:28:07.195root 11241100x8000000000000000354948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c9c1c8425b91cf2021-12-21 10:28:07.195root 11241100x8000000000000000354949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e65403cca5d37332021-12-21 10:28:07.196root 11241100x8000000000000000354950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9465ea5f4759cdb52021-12-21 10:28:07.196root 11241100x8000000000000000354951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b4596e6cdd68722021-12-21 10:28:07.196root 11241100x8000000000000000354952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac48e5db9f8abef52021-12-21 10:28:07.196root 11241100x8000000000000000354953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3640b13cb56e5cf2021-12-21 10:28:07.196root 11241100x8000000000000000354954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cce5d401b2e123b2021-12-21 10:28:07.196root 11241100x8000000000000000354955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900d2d3e16055b172021-12-21 10:28:07.196root 11241100x8000000000000000354956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a354482a95e73002021-12-21 10:28:07.196root 11241100x8000000000000000354957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a75a0e8be3a4262021-12-21 10:28:07.196root 11241100x8000000000000000354958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c64baab8450c4cf82021-12-21 10:28:07.196root 11241100x8000000000000000354959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f338322c273fd1bc2021-12-21 10:28:07.197root 11241100x8000000000000000354960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f05901f550da0502021-12-21 10:28:07.197root 11241100x8000000000000000354961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac11ef83c57c56bd2021-12-21 10:28:07.197root 11241100x8000000000000000354962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.368188dfbb1e23f92021-12-21 10:28:07.197root 11241100x8000000000000000354963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb1b2e3b6537770e2021-12-21 10:28:07.197root 11241100x8000000000000000354964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534f4292cf30ec7e2021-12-21 10:28:07.197root 11241100x8000000000000000354965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe20a871a63e11f32021-12-21 10:28:07.197root 11241100x8000000000000000354966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ad889d1a5b60c52021-12-21 10:28:07.197root 11241100x8000000000000000354967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25e25f2c671096f2021-12-21 10:28:07.197root 11241100x8000000000000000354968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5034b34afc744de82021-12-21 10:28:07.197root 11241100x8000000000000000354969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c516672c16d15ba2021-12-21 10:28:07.197root 11241100x8000000000000000354970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ffce43a02d4c6d2021-12-21 10:28:07.198root 11241100x8000000000000000354971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.facdfd09e056b9b02021-12-21 10:28:07.198root 11241100x8000000000000000354972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5183d1f082c1322021-12-21 10:28:07.198root 11241100x8000000000000000354973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a705a7c46c0ca7392021-12-21 10:28:07.198root 11241100x8000000000000000354974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed0bfe07afb68672021-12-21 10:28:07.198root 11241100x8000000000000000354975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b0ca03bb45013892021-12-21 10:28:07.198root 11241100x8000000000000000354976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f52e98aa05822c252021-12-21 10:28:07.198root 11241100x8000000000000000354977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f94c18a44a88652021-12-21 10:28:07.198root 11241100x8000000000000000354978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4ceef1143687662021-12-21 10:28:07.198root 11241100x8000000000000000354979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab6eaccad19616612021-12-21 10:28:07.198root 11241100x8000000000000000354980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc9c0771fe3bb752021-12-21 10:28:07.198root 11241100x8000000000000000354981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec04e285ce5063f12021-12-21 10:28:07.198root 11241100x8000000000000000354982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7180b48e0606b2cf2021-12-21 10:28:07.199root 11241100x8000000000000000354983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4151d25c17ff99a42021-12-21 10:28:07.199root 11241100x8000000000000000354984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb80cc9f691580c2021-12-21 10:28:07.199root 11241100x8000000000000000354985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5603ac3ff471c02021-12-21 10:28:07.199root 11241100x8000000000000000354986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a498debb190d4bc02021-12-21 10:28:07.199root 11241100x8000000000000000354987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b45d8d4f5fcefb72021-12-21 10:28:07.199root 11241100x8000000000000000354988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad197104c31f0f82021-12-21 10:28:07.199root 11241100x8000000000000000354989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d075f9e208e7a6e42021-12-21 10:28:07.693root 11241100x8000000000000000354990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6582f7cca1a161372021-12-21 10:28:07.693root 11241100x8000000000000000354991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29dc35e3209f02032021-12-21 10:28:07.693root 11241100x8000000000000000354992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c83ba3cb656d522021-12-21 10:28:07.693root 11241100x8000000000000000354993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5420b7ca9b9fb42021-12-21 10:28:07.693root 11241100x8000000000000000354994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9ba399b1f2c8c12021-12-21 10:28:07.693root 11241100x8000000000000000354995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73c74516cdf0d5682021-12-21 10:28:07.693root 11241100x8000000000000000354996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12d4f664f817c1ca2021-12-21 10:28:07.693root 11241100x8000000000000000354997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd24238ef45d8f82021-12-21 10:28:07.694root 11241100x8000000000000000354998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14552a2d5322eec22021-12-21 10:28:07.694root 11241100x8000000000000000354999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac9bab53a31885d2021-12-21 10:28:07.694root 11241100x8000000000000000355000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d8f424a6f239792021-12-21 10:28:07.695root 11241100x8000000000000000355001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678a351a71fa13d32021-12-21 10:28:07.695root 11241100x8000000000000000355002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d2ea9e9f2a8e992021-12-21 10:28:07.695root 11241100x8000000000000000355003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f855407e93c3d372021-12-21 10:28:07.695root 11241100x8000000000000000355004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d473d3e8dc8640eb2021-12-21 10:28:07.696root 11241100x8000000000000000355005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445371710a95de922021-12-21 10:28:07.696root 11241100x8000000000000000355006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a59d540c1619e832021-12-21 10:28:07.696root 11241100x8000000000000000355007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3391461f322d446f2021-12-21 10:28:07.696root 11241100x8000000000000000355008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a9a0a31ee2d3fd2021-12-21 10:28:07.697root 11241100x8000000000000000355009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.065cd58dca053ddd2021-12-21 10:28:07.697root 11241100x8000000000000000355010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3778ec6480b2ae42021-12-21 10:28:07.697root 11241100x8000000000000000355011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a610724adb2f66a2021-12-21 10:28:07.697root 11241100x8000000000000000355012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237e4036c12e6a642021-12-21 10:28:07.698root 11241100x8000000000000000355013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5abb7f14dbc2e72021-12-21 10:28:07.698root 11241100x8000000000000000355014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca8f329c13b84272021-12-21 10:28:07.698root 11241100x8000000000000000355015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8716bcd2caf504562021-12-21 10:28:07.698root 11241100x8000000000000000355016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f767365eae376312021-12-21 10:28:07.699root 11241100x8000000000000000355017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f696ac796f9ec9452021-12-21 10:28:07.699root 11241100x8000000000000000355018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54881500cb9d09ac2021-12-21 10:28:07.699root 11241100x8000000000000000355019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a5b5fed4a2544d2021-12-21 10:28:07.699root 11241100x8000000000000000355020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04884e5154c82f3e2021-12-21 10:28:07.700root 11241100x8000000000000000355021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f2df448f50b4912021-12-21 10:28:07.700root 11241100x8000000000000000355022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f3c0281ef33d092021-12-21 10:28:07.700root 11241100x8000000000000000355023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0c6ac3de5baf662021-12-21 10:28:07.700root 11241100x8000000000000000355024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97a080ce3c364992021-12-21 10:28:07.700root 11241100x8000000000000000355025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148b8dbd21f9ddb42021-12-21 10:28:07.700root 11241100x8000000000000000355026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc1babec88db83d2021-12-21 10:28:07.700root 11241100x8000000000000000355027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9e46367cdd7dc02021-12-21 10:28:07.700root 11241100x8000000000000000355028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67090622731c89ac2021-12-21 10:28:07.700root 11241100x8000000000000000355029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c177ace6722f1f2021-12-21 10:28:07.700root 11241100x8000000000000000355030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae041f0eb2cf0a722021-12-21 10:28:07.700root 11241100x8000000000000000355031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbeebeba2c2ef3062021-12-21 10:28:07.700root 11241100x8000000000000000355032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a352cf01aabc462021-12-21 10:28:07.701root 11241100x8000000000000000355033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea318e6235e737d2021-12-21 10:28:07.701root 11241100x8000000000000000355034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.741099ce62dc636e2021-12-21 10:28:07.701root 11241100x8000000000000000355035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99a6c3fb03c59ba2021-12-21 10:28:07.701root 11241100x8000000000000000355036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d36b69790d4c7a2021-12-21 10:28:07.701root 11241100x8000000000000000355037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf39ef047de793e52021-12-21 10:28:07.701root 11241100x8000000000000000355038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0688bff7ae328e6f2021-12-21 10:28:07.701root 11241100x8000000000000000355039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:07.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67bbd3aafd571b62021-12-21 10:28:07.701root 11241100x8000000000000000355040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fefdc0149c22bdc2021-12-21 10:28:08.193root 11241100x8000000000000000355041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a76f116b4eb8cf2021-12-21 10:28:08.194root 11241100x8000000000000000355042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb8eadffff4ea662021-12-21 10:28:08.194root 11241100x8000000000000000355043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f7ace7d6a592462021-12-21 10:28:08.194root 11241100x8000000000000000355044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af9968b44055ffd2021-12-21 10:28:08.194root 11241100x8000000000000000355045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0b3d21b649960b2021-12-21 10:28:08.194root 11241100x8000000000000000355046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c88cd425668e1472021-12-21 10:28:08.194root 11241100x8000000000000000355047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baffcfb981139e452021-12-21 10:28:08.194root 11241100x8000000000000000355048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2726055faafc4fd22021-12-21 10:28:08.194root 11241100x8000000000000000355049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d6ab3eb2fbdeac2021-12-21 10:28:08.194root 11241100x8000000000000000355050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eae5c88cbf0defe2021-12-21 10:28:08.194root 11241100x8000000000000000355051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2239bcae557804a2021-12-21 10:28:08.195root 11241100x8000000000000000355052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cce1e01f573161b2021-12-21 10:28:08.195root 11241100x8000000000000000355053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c270a05b6b28eeb2021-12-21 10:28:08.195root 11241100x8000000000000000355054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b990aa653e0f4a832021-12-21 10:28:08.195root 11241100x8000000000000000355055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb0f36c2521850d2021-12-21 10:28:08.195root 11241100x8000000000000000355056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b308ec6b27815b2021-12-21 10:28:08.195root 11241100x8000000000000000355057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b8b531ecd746902021-12-21 10:28:08.195root 11241100x8000000000000000355058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4bcc06ca6f05b22021-12-21 10:28:08.195root 11241100x8000000000000000355059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0a89e4a2bf086a2021-12-21 10:28:08.196root 11241100x8000000000000000355060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1486b9a6f7bfa6512021-12-21 10:28:08.196root 11241100x8000000000000000355061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81629ffe5ebcdd122021-12-21 10:28:08.196root 11241100x8000000000000000355062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70290189ce47be22021-12-21 10:28:08.197root 11241100x8000000000000000355063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be51604373d87aa2021-12-21 10:28:08.197root 11241100x8000000000000000355064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507e238b0bc913132021-12-21 10:28:08.197root 11241100x8000000000000000355065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e3c3f1338c0b2eb2021-12-21 10:28:08.197root 11241100x8000000000000000355066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a5fd5a8a9c716c2021-12-21 10:28:08.197root 11241100x8000000000000000355067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad022a07f8d20d682021-12-21 10:28:08.197root 11241100x8000000000000000355068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c449ecd120dd0ab92021-12-21 10:28:08.197root 11241100x8000000000000000355069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d547d65680aedada2021-12-21 10:28:08.197root 11241100x8000000000000000355070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42aefdaf1c5041f2021-12-21 10:28:08.198root 11241100x8000000000000000355071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d188c53993c95faa2021-12-21 10:28:08.198root 11241100x8000000000000000355072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c7fc9417109c2fa2021-12-21 10:28:08.198root 11241100x8000000000000000355073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19511f7f4791db22021-12-21 10:28:08.198root 11241100x8000000000000000355074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adfb60f895b815dc2021-12-21 10:28:08.198root 11241100x8000000000000000355075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f7726d27e2ab5d2021-12-21 10:28:08.693root 11241100x8000000000000000355076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8e2f266dbfc7e82021-12-21 10:28:08.693root 11241100x8000000000000000355077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0047dcfbfb80c7d2021-12-21 10:28:08.693root 11241100x8000000000000000355078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806e00223c2ab6602021-12-21 10:28:08.693root 11241100x8000000000000000355079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04212718a9f37212021-12-21 10:28:08.693root 11241100x8000000000000000355080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c07a42af84db1e0d2021-12-21 10:28:08.693root 11241100x8000000000000000355081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df38fbfbbd752652021-12-21 10:28:08.693root 11241100x8000000000000000355082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba9fb0d897ec6d12021-12-21 10:28:08.694root 11241100x8000000000000000355083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa087ae906b8e272021-12-21 10:28:08.694root 11241100x8000000000000000355084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d497a08137a65d372021-12-21 10:28:08.694root 11241100x8000000000000000355085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911e3dd29d1d5c1d2021-12-21 10:28:08.694root 11241100x8000000000000000355086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9901f365ae894b862021-12-21 10:28:08.694root 11241100x8000000000000000355087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c088025cfdf5f8592021-12-21 10:28:08.694root 11241100x8000000000000000355088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8210ee0afe5e09fd2021-12-21 10:28:08.694root 11241100x8000000000000000355089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9639364cadf7fb2021-12-21 10:28:08.694root 11241100x8000000000000000355090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d50fed5bd695f99e2021-12-21 10:28:08.694root 11241100x8000000000000000355091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec8b6bfef5aa5ef2021-12-21 10:28:08.694root 11241100x8000000000000000355092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c3d23520d95c0d2021-12-21 10:28:08.695root 11241100x8000000000000000355093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19659a35610868fc2021-12-21 10:28:08.695root 11241100x8000000000000000355094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121f4640351650862021-12-21 10:28:08.695root 11241100x8000000000000000355095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061ee0091249d0362021-12-21 10:28:08.695root 11241100x8000000000000000355096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c90e004633d32192021-12-21 10:28:08.695root 11241100x8000000000000000355097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af3355d1a0c306f2021-12-21 10:28:08.695root 11241100x8000000000000000355098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3099524dabe6fbcb2021-12-21 10:28:08.695root 11241100x8000000000000000355099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57408cb0f7d40abc2021-12-21 10:28:08.695root 11241100x8000000000000000355100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc8a6ab0ee872012021-12-21 10:28:08.695root 11241100x8000000000000000355101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61003774ee4a350c2021-12-21 10:28:08.695root 11241100x8000000000000000355102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267d1bedb7ffae6b2021-12-21 10:28:08.696root 11241100x8000000000000000355103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345886bd9d35627f2021-12-21 10:28:08.696root 11241100x8000000000000000355104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adfd33b8092ff6952021-12-21 10:28:08.696root 11241100x8000000000000000355105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020a7be26a5ac0c92021-12-21 10:28:08.696root 11241100x8000000000000000355106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b64499a9b4bd7782021-12-21 10:28:08.696root 11241100x8000000000000000355107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85dfa97457042e9b2021-12-21 10:28:08.696root 11241100x8000000000000000355108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460adf5ce65cf7f52021-12-21 10:28:08.696root 11241100x8000000000000000355109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd117f9bda9481c2021-12-21 10:28:08.696root 11241100x8000000000000000355110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605dbe13845aa5df2021-12-21 10:28:08.696root 11241100x8000000000000000355111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2704be08c8499692021-12-21 10:28:08.697root 11241100x8000000000000000355112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44972a329aa35c422021-12-21 10:28:08.697root 11241100x8000000000000000355113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed58241f4feb25a2021-12-21 10:28:08.697root 11241100x8000000000000000355114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffdb2e7a666db322021-12-21 10:28:08.697root 11241100x8000000000000000355115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747c614b1c0cdf9e2021-12-21 10:28:08.697root 11241100x8000000000000000355116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc0a9c54959e7b92021-12-21 10:28:08.697root 11241100x8000000000000000355117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f475baf7155b42a82021-12-21 10:28:08.697root 11241100x8000000000000000355118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28cf9874d93168c92021-12-21 10:28:08.697root 11241100x8000000000000000355119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5051244a780389742021-12-21 10:28:08.697root 11241100x8000000000000000355120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4143b36c4d64982021-12-21 10:28:08.697root 11241100x8000000000000000355121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e50dd84c42b77802021-12-21 10:28:08.698root 11241100x8000000000000000355122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67bd03b79ba5aa1e2021-12-21 10:28:08.698root 11241100x8000000000000000355123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1234961becdb172021-12-21 10:28:08.698root 11241100x8000000000000000355124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd032597cf1ca12c2021-12-21 10:28:08.698root 11241100x8000000000000000355125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f962657dec05c5d82021-12-21 10:28:08.698root 11241100x8000000000000000355126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0653554fdb566c092021-12-21 10:28:08.698root 11241100x8000000000000000355127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2102542342b7a87a2021-12-21 10:28:08.698root 11241100x8000000000000000355128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f759a278789a80b92021-12-21 10:28:08.699root 11241100x8000000000000000355129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:08.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a193e10fd4535c42021-12-21 10:28:08.699root 11241100x8000000000000000355130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ccf2615d358f42e2021-12-21 10:28:09.193root 11241100x8000000000000000355131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e575744acd483bc2021-12-21 10:28:09.193root 11241100x8000000000000000355132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f97d2b2132f27d2021-12-21 10:28:09.194root 11241100x8000000000000000355133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4ecd8584e4c47b2021-12-21 10:28:09.194root 11241100x8000000000000000355134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31418aeebf13e84e2021-12-21 10:28:09.194root 11241100x8000000000000000355135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f220129d45dd45e52021-12-21 10:28:09.194root 11241100x8000000000000000355136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31415b46f8e9c822021-12-21 10:28:09.195root 11241100x8000000000000000355137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508afc7799a5d6762021-12-21 10:28:09.195root 11241100x8000000000000000355138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ae43b00ad2e5342021-12-21 10:28:09.195root 11241100x8000000000000000355139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865405b0aa1d412d2021-12-21 10:28:09.195root 11241100x8000000000000000355140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b86ebcc96326ef2021-12-21 10:28:09.195root 11241100x8000000000000000355141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7131118198de1e02021-12-21 10:28:09.196root 11241100x8000000000000000355142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.057e35b65a5f0b222021-12-21 10:28:09.196root 11241100x8000000000000000355143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79dce1171ac828222021-12-21 10:28:09.196root 11241100x8000000000000000355144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a101f2cf2f478aa02021-12-21 10:28:09.196root 11241100x8000000000000000355145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a704678f99a83032021-12-21 10:28:09.197root 11241100x8000000000000000355146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f98db016fc2f5f92021-12-21 10:28:09.197root 11241100x8000000000000000355147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651f54f1f241bbff2021-12-21 10:28:09.197root 11241100x8000000000000000355148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab060afe4db438032021-12-21 10:28:09.197root 11241100x8000000000000000355149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66ded963a0c58252021-12-21 10:28:09.197root 11241100x8000000000000000355150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c939d66fa3102b582021-12-21 10:28:09.197root 11241100x8000000000000000355151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c4577edebb71452021-12-21 10:28:09.197root 11241100x8000000000000000355152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1612ea7eacce82f02021-12-21 10:28:09.198root 11241100x8000000000000000355153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858c04dcc3a923332021-12-21 10:28:09.198root 11241100x8000000000000000355154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a9a9a77e57baf82021-12-21 10:28:09.198root 11241100x8000000000000000355155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40845bc71c82440a2021-12-21 10:28:09.198root 11241100x8000000000000000355156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46ee7396343e6142021-12-21 10:28:09.198root 11241100x8000000000000000355157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcfd339ee7a11752021-12-21 10:28:09.199root 11241100x8000000000000000355158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aefd80794d2c312b2021-12-21 10:28:09.199root 11241100x8000000000000000355159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8e4d27f5dec13b2021-12-21 10:28:09.199root 11241100x8000000000000000355160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c8c5eef214d6392021-12-21 10:28:09.199root 11241100x8000000000000000355161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58eb780dd657aa12021-12-21 10:28:09.200root 11241100x8000000000000000355162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902f928703329b5c2021-12-21 10:28:09.200root 11241100x8000000000000000355163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53661c213b2c94c2021-12-21 10:28:09.200root 11241100x8000000000000000355164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2cebb7c6d0cb002021-12-21 10:28:09.200root 11241100x8000000000000000355165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad834ffe368dc5372021-12-21 10:28:09.200root 11241100x8000000000000000355166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a542347db1af20dd2021-12-21 10:28:09.200root 11241100x8000000000000000355167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c265f526d25124a2021-12-21 10:28:09.201root 11241100x8000000000000000355168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7485e84e00ac4dd2021-12-21 10:28:09.201root 11241100x8000000000000000355169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f0ab571dd1d7e42021-12-21 10:28:09.201root 11241100x8000000000000000355170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd2b876e9bb8ddba2021-12-21 10:28:09.201root 11241100x8000000000000000355171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bab05e625a639f4f2021-12-21 10:28:09.201root 23542300x8000000000000000355172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.346{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000355173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e59de9d25908a4b2021-12-21 10:28:09.693root 11241100x8000000000000000355174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c15dd5d300313252021-12-21 10:28:09.693root 11241100x8000000000000000355175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5260ff4d9c61fe722021-12-21 10:28:09.693root 11241100x8000000000000000355176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a111ed0e693db842021-12-21 10:28:09.693root 11241100x8000000000000000355177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a604ab782cad3d882021-12-21 10:28:09.694root 11241100x8000000000000000355178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d44eb5019524e872021-12-21 10:28:09.694root 11241100x8000000000000000355179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484446e172f2042b2021-12-21 10:28:09.694root 11241100x8000000000000000355180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fa43e917d037c12021-12-21 10:28:09.694root 11241100x8000000000000000355181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d7f0451d6fd6282021-12-21 10:28:09.694root 11241100x8000000000000000355182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf42f8f8b7bd85d72021-12-21 10:28:09.694root 11241100x8000000000000000355183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38091af9068271da2021-12-21 10:28:09.694root 11241100x8000000000000000355184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d37521cdb8e74962021-12-21 10:28:09.694root 11241100x8000000000000000355185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2144518bcd8fff2021-12-21 10:28:09.694root 11241100x8000000000000000355186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b93747157535642021-12-21 10:28:09.694root 11241100x8000000000000000355187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ddb05f71e43be42021-12-21 10:28:09.694root 11241100x8000000000000000355188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a88f1cd50536f02021-12-21 10:28:09.695root 11241100x8000000000000000355189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67761ac7e2a9e0592021-12-21 10:28:09.695root 11241100x8000000000000000355190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe652464f7aacc342021-12-21 10:28:09.695root 11241100x8000000000000000355191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2277689ba099e9312021-12-21 10:28:09.695root 11241100x8000000000000000355192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8680898a5f32a3b2021-12-21 10:28:09.695root 11241100x8000000000000000355193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20ac887d65887712021-12-21 10:28:09.695root 11241100x8000000000000000355194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c22bccf3bee3d5d2021-12-21 10:28:09.695root 11241100x8000000000000000355195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d9aa1e96709faa2021-12-21 10:28:09.695root 11241100x8000000000000000355196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1538c61aa76c30d2021-12-21 10:28:09.695root 11241100x8000000000000000355197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7fc63b7b6c229f42021-12-21 10:28:09.695root 11241100x8000000000000000355198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebb599e0484f80b92021-12-21 10:28:09.696root 11241100x8000000000000000355199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b958da3715dc962021-12-21 10:28:09.696root 11241100x8000000000000000355200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6357e8d67408a352021-12-21 10:28:09.696root 11241100x8000000000000000355201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb7bed741eb35c92021-12-21 10:28:09.696root 11241100x8000000000000000355202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa185625d6fe4cc2021-12-21 10:28:09.696root 11241100x8000000000000000355203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a398572e346b4bb72021-12-21 10:28:09.696root 11241100x8000000000000000355204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43d871c72206025b2021-12-21 10:28:09.696root 11241100x8000000000000000355205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7226f08c129254c2021-12-21 10:28:09.696root 11241100x8000000000000000355206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39d9ae3ec5dac2c2021-12-21 10:28:09.696root 11241100x8000000000000000355207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29131a694c04dec32021-12-21 10:28:09.696root 11241100x8000000000000000355208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a89c89ce9e7a432021-12-21 10:28:09.697root 11241100x8000000000000000355209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dfb441550446d882021-12-21 10:28:09.697root 11241100x8000000000000000355210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e5b30eabd3f43e2021-12-21 10:28:09.697root 11241100x8000000000000000355211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c956a600faca5fc2021-12-21 10:28:09.697root 11241100x8000000000000000355212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.513a1baf4480afcd2021-12-21 10:28:09.697root 11241100x8000000000000000355213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2a4d89f05c3c562021-12-21 10:28:09.698root 11241100x8000000000000000355214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d12ab161799e0c12021-12-21 10:28:09.698root 11241100x8000000000000000355215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34ebb1cc93a713d72021-12-21 10:28:09.698root 11241100x8000000000000000355216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e4118ac552bae42021-12-21 10:28:09.698root 11241100x8000000000000000355217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa30ac0b0801b8412021-12-21 10:28:09.698root 11241100x8000000000000000355218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a3d971816523d52021-12-21 10:28:09.698root 11241100x8000000000000000355219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4442f0e547cb6f2021-12-21 10:28:09.698root 11241100x8000000000000000355220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4c76219f14dec52021-12-21 10:28:09.698root 11241100x8000000000000000355221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14167ea51828fd22021-12-21 10:28:09.698root 11241100x8000000000000000355222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc04286702ce0ef2021-12-21 10:28:09.698root 11241100x8000000000000000355223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12432812d5ad3b72021-12-21 10:28:09.699root 11241100x8000000000000000355224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df831d7ffe336d822021-12-21 10:28:09.699root 11241100x8000000000000000355225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81cab0c1e78a47bb2021-12-21 10:28:09.699root 11241100x8000000000000000355226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d82ade349be16b72021-12-21 10:28:09.699root 11241100x8000000000000000355227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cd7087d92e02ff72021-12-21 10:28:09.699root 11241100x8000000000000000355228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7cdda1cd7e89e1a2021-12-21 10:28:09.699root 11241100x8000000000000000355229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe7cce4b471b6762021-12-21 10:28:09.699root 11241100x8000000000000000355230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6afb41a86a2e9b02021-12-21 10:28:09.701root 11241100x8000000000000000355231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75672003615a70192021-12-21 10:28:09.702root 11241100x8000000000000000355232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65921a853b859f72021-12-21 10:28:09.702root 11241100x8000000000000000355233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5f42c54685075f2021-12-21 10:28:09.702root 11241100x8000000000000000355234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25668ae4b414c1632021-12-21 10:28:09.702root 11241100x8000000000000000355235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a2f621b40df0252021-12-21 10:28:09.702root 11241100x8000000000000000355236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb4e24bba8521912021-12-21 10:28:09.702root 11241100x8000000000000000355237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1606c392915bf3062021-12-21 10:28:09.702root 11241100x8000000000000000355238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f138d8f20ca1e1ab2021-12-21 10:28:09.702root 11241100x8000000000000000355239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0778ae9c262866042021-12-21 10:28:09.703root 11241100x8000000000000000355240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da4dcdfa9ca42bc2021-12-21 10:28:09.703root 11241100x8000000000000000355241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7174a0f326f3972f2021-12-21 10:28:09.703root 11241100x8000000000000000355242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59b8bd5cdc5409c92021-12-21 10:28:09.704root 11241100x8000000000000000355243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf93240a3ef17eb2021-12-21 10:28:09.704root 11241100x8000000000000000355244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67de3596f3a8f6a62021-12-21 10:28:09.704root 11241100x8000000000000000355245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.642107f21b6bf1842021-12-21 10:28:09.705root 11241100x8000000000000000355246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6550b44d3db0002021-12-21 10:28:09.705root 11241100x8000000000000000355247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d353424bfba8c072021-12-21 10:28:09.705root 11241100x8000000000000000355248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca06fc905131c53f2021-12-21 10:28:09.708root 11241100x8000000000000000355249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f865223d0652b0c2021-12-21 10:28:09.708root 11241100x8000000000000000355250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79e4bd79c840e4c2021-12-21 10:28:09.708root 11241100x8000000000000000355251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ec0f5c1ccc5b882021-12-21 10:28:09.708root 11241100x8000000000000000355252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f98ff9cb67ed98c62021-12-21 10:28:09.709root 11241100x8000000000000000355253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a50508dc9fdfcb842021-12-21 10:28:09.709root 11241100x8000000000000000355254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d197fe6ec29e96232021-12-21 10:28:09.709root 11241100x8000000000000000355255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ce3035947e1853c2021-12-21 10:28:09.709root 11241100x8000000000000000355256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8b40c0384cefb02021-12-21 10:28:09.709root 11241100x8000000000000000355257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4a5258009bf6c22021-12-21 10:28:09.709root 11241100x8000000000000000355258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28255894f215b332021-12-21 10:28:09.709root 11241100x8000000000000000355259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b03548c0f3447892021-12-21 10:28:09.709root 11241100x8000000000000000355260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b73b48f905f575c32021-12-21 10:28:09.709root 11241100x8000000000000000355261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7e39c349dbb2e02021-12-21 10:28:09.709root 11241100x8000000000000000355262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e682deb13c180c2021-12-21 10:28:09.709root 11241100x8000000000000000355263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d6dd0ab2afa1dc32021-12-21 10:28:09.710root 11241100x8000000000000000355264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847955d5a4a4efca2021-12-21 10:28:09.710root 11241100x8000000000000000355265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:09.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71f11f7fb52b3d22021-12-21 10:28:09.710root 11241100x8000000000000000355266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a09414f47c2ab302021-12-21 10:28:10.193root 11241100x8000000000000000355267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee31c6e3f275d902021-12-21 10:28:10.194root 11241100x8000000000000000355268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0481f380ff45a952021-12-21 10:28:10.194root 11241100x8000000000000000355269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7786aea0706c64f02021-12-21 10:28:10.194root 11241100x8000000000000000355270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49645cffb216738f2021-12-21 10:28:10.194root 11241100x8000000000000000355271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49356443b9099b82021-12-21 10:28:10.194root 11241100x8000000000000000355272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f916b6de8d57c22021-12-21 10:28:10.194root 11241100x8000000000000000355273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6dd73e48e46850d2021-12-21 10:28:10.194root 11241100x8000000000000000355274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5c3003ae656d8e2021-12-21 10:28:10.194root 11241100x8000000000000000355275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad10763845782b572021-12-21 10:28:10.194root 11241100x8000000000000000355276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d105237e34d9d55a2021-12-21 10:28:10.195root 11241100x8000000000000000355277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201d1133f42004aa2021-12-21 10:28:10.195root 11241100x8000000000000000355278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405171711fe4a9bf2021-12-21 10:28:10.195root 11241100x8000000000000000355279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fecda402ad5e6d62021-12-21 10:28:10.195root 11241100x8000000000000000355280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe8d14beb4194f52021-12-21 10:28:10.195root 11241100x8000000000000000355281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0265d27b4b8938d2021-12-21 10:28:10.195root 11241100x8000000000000000355282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3e915dd77e3dfe2021-12-21 10:28:10.195root 11241100x8000000000000000355283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4930f896cc405432021-12-21 10:28:10.195root 11241100x8000000000000000355284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfade99cd48f3a62021-12-21 10:28:10.196root 11241100x8000000000000000355285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7cc5af26c43754e2021-12-21 10:28:10.196root 11241100x8000000000000000355286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61fd1432974735df2021-12-21 10:28:10.196root 11241100x8000000000000000355287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e793194830d2969e2021-12-21 10:28:10.196root 11241100x8000000000000000355288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f49059972304f4b2021-12-21 10:28:10.196root 11241100x8000000000000000355289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cea055a3fbc48ac42021-12-21 10:28:10.196root 11241100x8000000000000000355290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7ab6f5f255a2112021-12-21 10:28:10.196root 11241100x8000000000000000355291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb5011859cdfeb52021-12-21 10:28:10.196root 11241100x8000000000000000355292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7753ddfaf9d6d36b2021-12-21 10:28:10.196root 11241100x8000000000000000355293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.385f20a8c71aaa4e2021-12-21 10:28:10.196root 11241100x8000000000000000355294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63524026d30fccc02021-12-21 10:28:10.197root 11241100x8000000000000000355295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d0614e9fe719322021-12-21 10:28:10.197root 11241100x8000000000000000355296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119ea0c7237239db2021-12-21 10:28:10.197root 11241100x8000000000000000355297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783e0db97f67d4652021-12-21 10:28:10.197root 11241100x8000000000000000355298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45be83aa54c52d202021-12-21 10:28:10.197root 11241100x8000000000000000355299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25364c4fc5d93afe2021-12-21 10:28:10.197root 11241100x8000000000000000355300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a5459c4e4f4cb32021-12-21 10:28:10.197root 11241100x8000000000000000355301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f64ad7bf08f0ce52021-12-21 10:28:10.197root 11241100x8000000000000000355302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6c82d8b29f0ddf2021-12-21 10:28:10.197root 11241100x8000000000000000355303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ebd0aec1d510122021-12-21 10:28:10.693root 11241100x8000000000000000355304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0280f8fb2c732d2021-12-21 10:28:10.694root 11241100x8000000000000000355305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce26d44e676e4c042021-12-21 10:28:10.694root 11241100x8000000000000000355306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a343fb55ea0363f2021-12-21 10:28:10.694root 11241100x8000000000000000355307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1f61a31ce6b4982021-12-21 10:28:10.694root 11241100x8000000000000000355308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d718b49bb85107f2021-12-21 10:28:10.695root 11241100x8000000000000000355309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac07be32afecb522021-12-21 10:28:10.695root 11241100x8000000000000000355310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef24236f75312362021-12-21 10:28:10.695root 11241100x8000000000000000355311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c055ceac5b7ac22021-12-21 10:28:10.695root 11241100x8000000000000000355312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce2f1664a6ce5abb2021-12-21 10:28:10.696root 11241100x8000000000000000355313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855b831c2b9b59c52021-12-21 10:28:10.696root 11241100x8000000000000000355314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d51dc7d4ed38a9e2021-12-21 10:28:10.696root 11241100x8000000000000000355315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10eaf80d8a48e7f22021-12-21 10:28:10.697root 11241100x8000000000000000355316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a55bc45c28da1432021-12-21 10:28:10.697root 11241100x8000000000000000355317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66da5e03894dba542021-12-21 10:28:10.697root 11241100x8000000000000000355318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1f1ee074409d6d2021-12-21 10:28:10.697root 11241100x8000000000000000355319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75f5d797e1c7fe02021-12-21 10:28:10.697root 11241100x8000000000000000355320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d3d897821d968a2021-12-21 10:28:10.698root 11241100x8000000000000000355321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6d25a702ed6cf02021-12-21 10:28:10.698root 11241100x8000000000000000355322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bb2eb2991d6db862021-12-21 10:28:10.698root 11241100x8000000000000000355323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d45ffadfc249b962021-12-21 10:28:10.698root 11241100x8000000000000000355324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f24c2557d1a9382021-12-21 10:28:10.698root 11241100x8000000000000000355325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a838ee21663c8ff2021-12-21 10:28:10.699root 11241100x8000000000000000355326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58a7825be39f8de2021-12-21 10:28:10.699root 11241100x8000000000000000355327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8eaea65f62dc9972021-12-21 10:28:10.699root 11241100x8000000000000000355328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c83300e6671a7c2021-12-21 10:28:10.700root 11241100x8000000000000000355329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e897582ae24e052021-12-21 10:28:10.700root 11241100x8000000000000000355330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46d02b8a1c9311e2021-12-21 10:28:10.701root 11241100x8000000000000000355331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4386a746f1444f952021-12-21 10:28:10.701root 11241100x8000000000000000355332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6abd9d922b21a6242021-12-21 10:28:10.701root 11241100x8000000000000000355333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4972c0adc0b5cd92021-12-21 10:28:10.701root 11241100x8000000000000000355334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b423fe5fb5d8745a2021-12-21 10:28:10.701root 11241100x8000000000000000355335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5bf8867bcca695a2021-12-21 10:28:10.701root 11241100x8000000000000000355336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb711c7f12dadcb2021-12-21 10:28:10.701root 11241100x8000000000000000355337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ad31c24e7790692021-12-21 10:28:10.701root 11241100x8000000000000000355338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686d6a28925ac0e82021-12-21 10:28:10.702root 11241100x8000000000000000355339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949b4fe3f7ab75652021-12-21 10:28:10.702root 11241100x8000000000000000355340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec9732314d7bac62021-12-21 10:28:10.702root 11241100x8000000000000000355341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05302c3e779f12672021-12-21 10:28:10.702root 11241100x8000000000000000355342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7328f39995dec992021-12-21 10:28:10.702root 11241100x8000000000000000355343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:10.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b824598cf121cd782021-12-21 10:28:10.702root 354300x8000000000000000355344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.135{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47142-false10.0.1.12-8000- 11241100x8000000000000000355345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b91816e351d9952021-12-21 10:28:11.135root 11241100x8000000000000000355346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.135{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a786bf82692058f2021-12-21 10:28:11.135root 11241100x8000000000000000355347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4ae5095c8baa022021-12-21 10:28:11.136root 11241100x8000000000000000355348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3177eccd434f0512021-12-21 10:28:11.136root 11241100x8000000000000000355349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c1877b5d3475fe2021-12-21 10:28:11.136root 11241100x8000000000000000355350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.136{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5321654cdb20410e2021-12-21 10:28:11.136root 11241100x8000000000000000355351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21ab2905df273ca2021-12-21 10:28:11.137root 11241100x8000000000000000355352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82e948d1d850fa92021-12-21 10:28:11.137root 11241100x8000000000000000355353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea46df4e49765742021-12-21 10:28:11.137root 11241100x8000000000000000355354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4eb8b828c2c54c62021-12-21 10:28:11.137root 11241100x8000000000000000355355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6d3504841511992021-12-21 10:28:11.137root 11241100x8000000000000000355356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c9ef1ad42a4a9b2021-12-21 10:28:11.137root 11241100x8000000000000000355357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.137{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cdb1b0e4622ac062021-12-21 10:28:11.137root 11241100x8000000000000000355358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47d8d41de3f177d2021-12-21 10:28:11.138root 11241100x8000000000000000355359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c33661f209b1872021-12-21 10:28:11.138root 11241100x8000000000000000355360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16761b24f760a2e72021-12-21 10:28:11.138root 11241100x8000000000000000355361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4d1c06464e2e622021-12-21 10:28:11.138root 11241100x8000000000000000355362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38dd532a0c82208c2021-12-21 10:28:11.138root 11241100x8000000000000000355363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.100fe412dfb802672021-12-21 10:28:11.138root 11241100x8000000000000000355364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b9cb1462e9895452021-12-21 10:28:11.138root 11241100x8000000000000000355365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f85d1e810ae4f7b2021-12-21 10:28:11.138root 11241100x8000000000000000355366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773a0c158660f3dc2021-12-21 10:28:11.138root 11241100x8000000000000000355367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.138{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12aa02377e5d64cc2021-12-21 10:28:11.138root 11241100x8000000000000000355368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c64c64f53afff42021-12-21 10:28:11.139root 11241100x8000000000000000355369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b266bec444ca282d2021-12-21 10:28:11.139root 11241100x8000000000000000355370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.283e492217f57b3d2021-12-21 10:28:11.139root 11241100x8000000000000000355371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e568a3d1e28c7bc2021-12-21 10:28:11.139root 11241100x8000000000000000355372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa799874fc68e78d2021-12-21 10:28:11.139root 11241100x8000000000000000355373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7c8b0045b5c9932021-12-21 10:28:11.139root 11241100x8000000000000000355374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.854d45cb6b8cf7602021-12-21 10:28:11.139root 11241100x8000000000000000355375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e01828241796012021-12-21 10:28:11.139root 11241100x8000000000000000355376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9775692b80e4ec2021-12-21 10:28:11.139root 11241100x8000000000000000355377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36cbdcbc140ba3c2021-12-21 10:28:11.139root 11241100x8000000000000000355378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.139{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f1b6aaf64888012021-12-21 10:28:11.139root 11241100x8000000000000000355379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2aeff6b89b23102021-12-21 10:28:11.140root 11241100x8000000000000000355380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b46302dc7e255082021-12-21 10:28:11.140root 11241100x8000000000000000355381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ba491d87b59b1c2021-12-21 10:28:11.140root 11241100x8000000000000000355382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8824154147deff2021-12-21 10:28:11.140root 11241100x8000000000000000355383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.377cf8de8d121fcf2021-12-21 10:28:11.140root 11241100x8000000000000000355384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9fe21041775a6d2021-12-21 10:28:11.140root 11241100x8000000000000000355385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128206f098b103d22021-12-21 10:28:11.140root 11241100x8000000000000000355386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e1c7dbfc8158042021-12-21 10:28:11.140root 11241100x8000000000000000355387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bdea1ee61e69a462021-12-21 10:28:11.140root 11241100x8000000000000000355388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178b0346911391f82021-12-21 10:28:11.140root 11241100x8000000000000000355389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.140{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4373862ddfe201f2021-12-21 10:28:11.140root 11241100x8000000000000000355390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea05e8d5ec1300102021-12-21 10:28:11.141root 11241100x8000000000000000355391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.141{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1abb5c3432e64df22021-12-21 10:28:11.141root 11241100x8000000000000000355392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.143{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837edb4b7fd58f132021-12-21 10:28:11.143root 11241100x8000000000000000355393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.facdb77f439044e92021-12-21 10:28:11.144root 11241100x8000000000000000355394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0f3ba54d0cf4a12021-12-21 10:28:11.144root 11241100x8000000000000000355395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dc118d2480ba8be2021-12-21 10:28:11.144root 11241100x8000000000000000355396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79cb28b6b6cba4f62021-12-21 10:28:11.144root 11241100x8000000000000000355397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d41a744cd3721c52021-12-21 10:28:11.144root 11241100x8000000000000000355398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2403843114095832021-12-21 10:28:11.144root 11241100x8000000000000000355399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d170c42c9e3615502021-12-21 10:28:11.144root 11241100x8000000000000000355400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf98db5498e25a62021-12-21 10:28:11.144root 11241100x8000000000000000355401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6003cae0574dab932021-12-21 10:28:11.144root 11241100x8000000000000000355402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.144{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62800a50b1ed3d32021-12-21 10:28:11.144root 11241100x8000000000000000355403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bdd4d278333b2882021-12-21 10:28:11.145root 11241100x8000000000000000355404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13b0559455686c12021-12-21 10:28:11.145root 11241100x8000000000000000355405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c295f5c98b23adee2021-12-21 10:28:11.145root 11241100x8000000000000000355406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.904114ab133a117c2021-12-21 10:28:11.145root 11241100x8000000000000000355407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95024f8cf5896bc92021-12-21 10:28:11.145root 11241100x8000000000000000355408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a929f32497a6552021-12-21 10:28:11.145root 11241100x8000000000000000355409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c6d9726afbc512b2021-12-21 10:28:11.145root 11241100x8000000000000000355410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbbf0e7aec19afa62021-12-21 10:28:11.145root 11241100x8000000000000000355411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.145{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.531ef74feba086d42021-12-21 10:28:11.145root 11241100x8000000000000000355412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44a49795a4cc5fb52021-12-21 10:28:11.146root 11241100x8000000000000000355413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0eb296b00900182021-12-21 10:28:11.146root 11241100x8000000000000000355414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61b6bc60eaf4d5d62021-12-21 10:28:11.146root 11241100x8000000000000000355415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1cac6c190e983f82021-12-21 10:28:11.146root 11241100x8000000000000000355416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf46cc01f3bf7ae2021-12-21 10:28:11.146root 11241100x8000000000000000355417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ca36f364bc12e342021-12-21 10:28:11.146root 11241100x8000000000000000355418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465d03f1b33cfbfd2021-12-21 10:28:11.146root 11241100x8000000000000000355419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b7af42cfbf78d72021-12-21 10:28:11.146root 11241100x8000000000000000355420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.146{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76131d5a1d94dcf52021-12-21 10:28:11.146root 11241100x8000000000000000355421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.147{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea54f954d8fda8f2021-12-21 10:28:11.147root 11241100x8000000000000000355422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927920859179daf72021-12-21 10:28:11.443root 11241100x8000000000000000355423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90d57a03ca0541e32021-12-21 10:28:11.443root 11241100x8000000000000000355424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68004fc64966fda12021-12-21 10:28:11.443root 11241100x8000000000000000355425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.267789ba09a915dd2021-12-21 10:28:11.443root 11241100x8000000000000000355426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8b69cdc8b2f2332021-12-21 10:28:11.443root 11241100x8000000000000000355427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9367f34faca7cb702021-12-21 10:28:11.443root 11241100x8000000000000000355428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0900aa2bee3a33922021-12-21 10:28:11.444root 11241100x8000000000000000355429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de93edb7a962a952021-12-21 10:28:11.444root 11241100x8000000000000000355430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d719d9b2c875bdb2021-12-21 10:28:11.444root 11241100x8000000000000000355431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f0bd7d31d99b2c2021-12-21 10:28:11.444root 11241100x8000000000000000355432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd8c75ecf957d3a2021-12-21 10:28:11.444root 11241100x8000000000000000355433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c68163ef21a3eb2021-12-21 10:28:11.444root 11241100x8000000000000000355434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63abcbb5d55ec1532021-12-21 10:28:11.444root 11241100x8000000000000000355435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b05e93f2c2e4d7e2021-12-21 10:28:11.444root 11241100x8000000000000000355436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfaedc27267b2e1d2021-12-21 10:28:11.444root 11241100x8000000000000000355437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc37e08f1733e87f2021-12-21 10:28:11.445root 11241100x8000000000000000355438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38191a1d75a0b072021-12-21 10:28:11.445root 11241100x8000000000000000355439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aee1339df900f3f2021-12-21 10:28:11.445root 11241100x8000000000000000355440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fcf2e511d01241d2021-12-21 10:28:11.445root 11241100x8000000000000000355441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbab0899ed34a0f12021-12-21 10:28:11.445root 11241100x8000000000000000355442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a4565bdf31bb5e2021-12-21 10:28:11.445root 11241100x8000000000000000355443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e13bd860bb5d4a42021-12-21 10:28:11.445root 11241100x8000000000000000355444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b86f2b7e79ff5e02021-12-21 10:28:11.445root 11241100x8000000000000000355445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035a44377faa47612021-12-21 10:28:11.445root 11241100x8000000000000000355446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c6d9a6917648a02021-12-21 10:28:11.445root 11241100x8000000000000000355447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1792c2cf5a0d85902021-12-21 10:28:11.446root 11241100x8000000000000000355448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1723d370025c5182021-12-21 10:28:11.446root 11241100x8000000000000000355449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750b7f28c7ecee442021-12-21 10:28:11.446root 11241100x8000000000000000355450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ea28cc0a5bea422021-12-21 10:28:11.446root 11241100x8000000000000000355451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a5d9115e757a132021-12-21 10:28:11.446root 11241100x8000000000000000355452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4c7437f445609b92021-12-21 10:28:11.446root 11241100x8000000000000000355453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6d9cb3ab7199092021-12-21 10:28:11.446root 11241100x8000000000000000355454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b3fd02f4bdcb9a2021-12-21 10:28:11.446root 11241100x8000000000000000355455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f601c82a4102d632021-12-21 10:28:11.447root 11241100x8000000000000000355456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c6def43e5fdb2e82021-12-21 10:28:11.447root 11241100x8000000000000000355457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.689d390ba53832e52021-12-21 10:28:11.448root 11241100x8000000000000000355458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813a2fb53c44c5c02021-12-21 10:28:11.448root 11241100x8000000000000000355459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2159d04947fb7ee22021-12-21 10:28:11.448root 11241100x8000000000000000355460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f44c091f9451a82021-12-21 10:28:11.448root 11241100x8000000000000000355461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6464f8b770ea8dd82021-12-21 10:28:11.449root 11241100x8000000000000000355462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe620d76838c8c952021-12-21 10:28:11.450root 11241100x8000000000000000355463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02cb6ff0f952dec42021-12-21 10:28:11.450root 11241100x8000000000000000355464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41920465b63fc2c92021-12-21 10:28:11.450root 11241100x8000000000000000355465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aecd59c18bc01d812021-12-21 10:28:11.450root 11241100x8000000000000000355466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a65a5e998e21c3d2021-12-21 10:28:11.450root 11241100x8000000000000000355467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e1984d390d53c82021-12-21 10:28:11.450root 11241100x8000000000000000355468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373159ea7d00b8db2021-12-21 10:28:11.450root 11241100x8000000000000000355469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0450b6563c779e2021-12-21 10:28:11.450root 11241100x8000000000000000355470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2acf6a1f4ce4eec2021-12-21 10:28:11.450root 11241100x8000000000000000355471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce43013b1c87df42021-12-21 10:28:11.450root 11241100x8000000000000000355472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db10f52a23235f152021-12-21 10:28:11.450root 11241100x8000000000000000355473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0821bd5f89f0c8902021-12-21 10:28:11.454root 11241100x8000000000000000355474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b4bd89a79996c12021-12-21 10:28:11.454root 11241100x8000000000000000355475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676b4f965242db712021-12-21 10:28:11.454root 11241100x8000000000000000355476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3255b753f98be72021-12-21 10:28:11.454root 11241100x8000000000000000355477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7fa5d57611d2392021-12-21 10:28:11.454root 11241100x8000000000000000355478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d243f03fa3448a312021-12-21 10:28:11.455root 11241100x8000000000000000355479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532a996780e9bafd2021-12-21 10:28:11.455root 11241100x8000000000000000355480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b37b672f4774732021-12-21 10:28:11.455root 11241100x8000000000000000355481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c34f626c73bd122021-12-21 10:28:11.455root 11241100x8000000000000000355482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54881ee7b2f8452c2021-12-21 10:28:11.455root 11241100x8000000000000000355483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4bc72abcf500162021-12-21 10:28:11.455root 11241100x8000000000000000355484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79dfc848955449412021-12-21 10:28:11.455root 11241100x8000000000000000355485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc05ede8e3607382021-12-21 10:28:11.455root 11241100x8000000000000000355486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c4f737f484d3692021-12-21 10:28:11.456root 11241100x8000000000000000355487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef9c00e83b91a4b92021-12-21 10:28:11.456root 11241100x8000000000000000355488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d81e93b442cdb5c2021-12-21 10:28:11.456root 11241100x8000000000000000355489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6359efff77ecd5902021-12-21 10:28:11.456root 11241100x8000000000000000355490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85bf95bd198ca0d52021-12-21 10:28:11.456root 11241100x8000000000000000355491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d00e54d0f637212021-12-21 10:28:11.456root 11241100x8000000000000000355492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a823d0c81f49112021-12-21 10:28:11.456root 11241100x8000000000000000355493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac23ea010ba684982021-12-21 10:28:11.456root 11241100x8000000000000000355494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1298e86fa91c52fb2021-12-21 10:28:11.456root 11241100x8000000000000000355495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f288f57a44f8932021-12-21 10:28:11.456root 11241100x8000000000000000355496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08fbcf1dfbdc7c902021-12-21 10:28:11.456root 11241100x8000000000000000355497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979830f31fea06df2021-12-21 10:28:11.457root 11241100x8000000000000000355498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3787c985b9dd5c2021-12-21 10:28:11.457root 11241100x8000000000000000355499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7a51375f589d9f2021-12-21 10:28:11.457root 11241100x8000000000000000355500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486fad48b551b5d12021-12-21 10:28:11.457root 11241100x8000000000000000355501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d62d0704b640172021-12-21 10:28:11.943root 11241100x8000000000000000355502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811d60503c701e2a2021-12-21 10:28:11.943root 11241100x8000000000000000355503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd780422736e0122021-12-21 10:28:11.943root 11241100x8000000000000000355504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd371825a5edf3252021-12-21 10:28:11.943root 11241100x8000000000000000355505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a32919fb63c11ae2021-12-21 10:28:11.943root 11241100x8000000000000000355506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20cb8ba31f06b4d22021-12-21 10:28:11.943root 11241100x8000000000000000355507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5dd534fe2d93d572021-12-21 10:28:11.943root 11241100x8000000000000000355508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d21ef12980bb012021-12-21 10:28:11.943root 11241100x8000000000000000355509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1bdec3bc34d3472021-12-21 10:28:11.944root 11241100x8000000000000000355510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c4f20e82c258402021-12-21 10:28:11.944root 11241100x8000000000000000355511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a3238d512fb01242021-12-21 10:28:11.944root 11241100x8000000000000000355512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aee4222f6429d2d2021-12-21 10:28:11.944root 11241100x8000000000000000355513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6c9719f29e364b2021-12-21 10:28:11.944root 11241100x8000000000000000355514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae578bc59f1b9cc2021-12-21 10:28:11.944root 11241100x8000000000000000355515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8af150ec7b878502021-12-21 10:28:11.944root 11241100x8000000000000000355516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3eae371eb00faa2021-12-21 10:28:11.944root 11241100x8000000000000000355517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59fb9ffd1d6531d62021-12-21 10:28:11.944root 11241100x8000000000000000355518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1ec36254b6f4eec2021-12-21 10:28:11.945root 11241100x8000000000000000355519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b45655f2c0b6212021-12-21 10:28:11.945root 11241100x8000000000000000355520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034784fd257de8da2021-12-21 10:28:11.945root 11241100x8000000000000000355521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87790a3ce97ed702021-12-21 10:28:11.945root 11241100x8000000000000000355522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a93f4e776ead3322021-12-21 10:28:11.945root 11241100x8000000000000000355523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1473a4488fabb82021-12-21 10:28:11.945root 11241100x8000000000000000355524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edb47e3e29a036032021-12-21 10:28:11.946root 11241100x8000000000000000355525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e5ff33f19e64f82021-12-21 10:28:11.946root 11241100x8000000000000000355526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498ac6afe28420ce2021-12-21 10:28:11.946root 11241100x8000000000000000355527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae87a3660c70ccff2021-12-21 10:28:11.946root 11241100x8000000000000000355528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b4cbb0a323094a2021-12-21 10:28:11.946root 11241100x8000000000000000355529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c973eb941aab50a42021-12-21 10:28:11.946root 11241100x8000000000000000355530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b2b79005db989442021-12-21 10:28:11.947root 11241100x8000000000000000355531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888b8b8d60cf96032021-12-21 10:28:11.947root 11241100x8000000000000000355532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9df61e6a029d5562021-12-21 10:28:11.947root 11241100x8000000000000000355533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55a2ca72f3ad0a92021-12-21 10:28:11.947root 11241100x8000000000000000355534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2596a70e491f0c632021-12-21 10:28:11.947root 11241100x8000000000000000355535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31891d0d44c427ae2021-12-21 10:28:11.948root 11241100x8000000000000000355536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e502ca898ce4a1e62021-12-21 10:28:11.948root 11241100x8000000000000000355537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25d141ae773122ae2021-12-21 10:28:11.948root 11241100x8000000000000000355538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aded6ad2a30b2132021-12-21 10:28:11.948root 11241100x8000000000000000355539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150a4fa5553ffc252021-12-21 10:28:11.948root 11241100x8000000000000000355540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dcb3a52d25058e52021-12-21 10:28:11.948root 11241100x8000000000000000355541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61610a98c2ffa6eb2021-12-21 10:28:11.949root 11241100x8000000000000000355542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a7603306d0e9e82021-12-21 10:28:11.949root 11241100x8000000000000000355543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25adeb4dd4ea60b92021-12-21 10:28:11.949root 11241100x8000000000000000355544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca952147db068c72021-12-21 10:28:11.949root 11241100x8000000000000000355545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c32bcd88e7fae52021-12-21 10:28:11.949root 11241100x8000000000000000355546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24799fa4e131fae2021-12-21 10:28:11.949root 11241100x8000000000000000355547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77744e1cd8757fd92021-12-21 10:28:11.950root 11241100x8000000000000000355548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03aa66d4f24439f02021-12-21 10:28:11.950root 11241100x8000000000000000355549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b9cce1dc40ef292021-12-21 10:28:11.950root 11241100x8000000000000000355550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9844f89e19762af52021-12-21 10:28:11.950root 11241100x8000000000000000355551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9a1e071af67e402021-12-21 10:28:11.950root 11241100x8000000000000000355552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012d924a72cb643f2021-12-21 10:28:11.950root 11241100x8000000000000000355553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da501e7511b6d7032021-12-21 10:28:11.950root 11241100x8000000000000000355554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf2fd51ca00c3f62021-12-21 10:28:11.950root 11241100x8000000000000000355555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee67e728ac7439692021-12-21 10:28:11.950root 11241100x8000000000000000355556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6af24e34185e1e2021-12-21 10:28:11.950root 11241100x8000000000000000355557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec226061497e88e2021-12-21 10:28:11.950root 11241100x8000000000000000355558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c9143c35a000d2c2021-12-21 10:28:11.950root 11241100x8000000000000000355559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cfb603da013338a2021-12-21 10:28:11.951root 11241100x8000000000000000355560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa98f11de4273212021-12-21 10:28:11.951root 11241100x8000000000000000355561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b01492f45ab4ac2021-12-21 10:28:11.951root 11241100x8000000000000000355562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88b0929ba81b8942021-12-21 10:28:11.951root 11241100x8000000000000000355563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5bd7bec0a48dcfc2021-12-21 10:28:11.951root 11241100x8000000000000000355564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce369ebf25221a092021-12-21 10:28:11.951root 11241100x8000000000000000355565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46e94c0940ae8e92021-12-21 10:28:11.951root 11241100x8000000000000000355566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2491b8c4e52de71d2021-12-21 10:28:11.951root 11241100x8000000000000000355567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:11.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87b98966b0de3282021-12-21 10:28:11.951root 11241100x8000000000000000355568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4bfd7b6e6e0f16d2021-12-21 10:28:12.443root 11241100x8000000000000000355569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dccaa80c3cfa92712021-12-21 10:28:12.443root 11241100x8000000000000000355570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6990d9f6da99e8802021-12-21 10:28:12.443root 11241100x8000000000000000355571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cb81c2c5311d9352021-12-21 10:28:12.443root 11241100x8000000000000000355572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e543302105774a312021-12-21 10:28:12.443root 11241100x8000000000000000355573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9dfd2174806a5602021-12-21 10:28:12.443root 11241100x8000000000000000355574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a26b99cfa4444d2021-12-21 10:28:12.443root 11241100x8000000000000000355575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c17f694c46877222021-12-21 10:28:12.444root 11241100x8000000000000000355576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a58d62d5948da62021-12-21 10:28:12.444root 11241100x8000000000000000355577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83433ba32e00ab082021-12-21 10:28:12.444root 11241100x8000000000000000355578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53cfc72eb66776d62021-12-21 10:28:12.444root 11241100x8000000000000000355579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06819ddf5cca6382021-12-21 10:28:12.444root 11241100x8000000000000000355580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8511b36eb9bbb122021-12-21 10:28:12.444root 11241100x8000000000000000355581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1794dd642536b52021-12-21 10:28:12.444root 11241100x8000000000000000355582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b6c3bfe2e002c12021-12-21 10:28:12.444root 11241100x8000000000000000355583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0384eca3b4081302021-12-21 10:28:12.444root 11241100x8000000000000000355584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df893992cddab592021-12-21 10:28:12.444root 11241100x8000000000000000355585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eebef9b85f484b62021-12-21 10:28:12.444root 11241100x8000000000000000355586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348449b9dc629b672021-12-21 10:28:12.445root 11241100x8000000000000000355587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe6e8f62725308f2021-12-21 10:28:12.445root 11241100x8000000000000000355588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb4bf271e20a4f92021-12-21 10:28:12.445root 11241100x8000000000000000355589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7edcdafc2fe772ef2021-12-21 10:28:12.445root 11241100x8000000000000000355590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ec176a89b153bd32021-12-21 10:28:12.445root 11241100x8000000000000000355591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e61c863096228442021-12-21 10:28:12.445root 11241100x8000000000000000355592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0767e0b2f9dcf11b2021-12-21 10:28:12.445root 11241100x8000000000000000355593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d067abcbac735c6f2021-12-21 10:28:12.445root 11241100x8000000000000000355594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7088e11e0cb0a7f62021-12-21 10:28:12.445root 11241100x8000000000000000355595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f7f4a7eee89bc0b2021-12-21 10:28:12.446root 11241100x8000000000000000355596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.871b73f725de4bd52021-12-21 10:28:12.446root 11241100x8000000000000000355597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0793a5936ef395602021-12-21 10:28:12.446root 11241100x8000000000000000355598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41359c674813d4d2021-12-21 10:28:12.446root 11241100x8000000000000000355599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ed90a74bf20b9a2021-12-21 10:28:12.446root 11241100x8000000000000000355600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612ddb2bf597aa332021-12-21 10:28:12.446root 11241100x8000000000000000355601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b67ab6970fafb792021-12-21 10:28:12.446root 11241100x8000000000000000355602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450eebf0ce4d0da02021-12-21 10:28:12.446root 11241100x8000000000000000355603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37114708d464c8b2021-12-21 10:28:12.446root 11241100x8000000000000000355604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f36d83bf5dd5892021-12-21 10:28:12.446root 11241100x8000000000000000355605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f9f7b21bbd0f302021-12-21 10:28:12.447root 11241100x8000000000000000355606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16882690b9aecb312021-12-21 10:28:12.447root 11241100x8000000000000000355607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d6176e4ec194c572021-12-21 10:28:12.447root 11241100x8000000000000000355608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8da5b14886a80d2021-12-21 10:28:12.447root 11241100x8000000000000000355609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0944063a76f7d1712021-12-21 10:28:12.447root 11241100x8000000000000000355610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17663a6f4fa138a2021-12-21 10:28:12.447root 11241100x8000000000000000355611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5faf907386095db2021-12-21 10:28:12.447root 11241100x8000000000000000355612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0dbf158e8cc4d3c2021-12-21 10:28:12.447root 11241100x8000000000000000355613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525207876ce12bc72021-12-21 10:28:12.447root 11241100x8000000000000000355614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499e6a9bba47f3f72021-12-21 10:28:12.447root 11241100x8000000000000000355615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.366c12805c3f33c52021-12-21 10:28:12.448root 11241100x8000000000000000355616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98257d848534d5ae2021-12-21 10:28:12.448root 11241100x8000000000000000355617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3209f39d36de225a2021-12-21 10:28:12.448root 11241100x8000000000000000355618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ebdf19facde74982021-12-21 10:28:12.448root 11241100x8000000000000000355619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab6f1af070f5b732021-12-21 10:28:12.448root 11241100x8000000000000000355620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ca15ee6e4ad99b2021-12-21 10:28:12.448root 11241100x8000000000000000355621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0752b7b71b967ab62021-12-21 10:28:12.449root 11241100x8000000000000000355622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868b285bbb3ca7a92021-12-21 10:28:12.449root 11241100x8000000000000000355623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee09ff7e42eea3d2021-12-21 10:28:12.449root 11241100x8000000000000000355624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e55d1a62cd49751a2021-12-21 10:28:12.449root 11241100x8000000000000000355625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d11918daeaeb1482021-12-21 10:28:12.449root 11241100x8000000000000000355626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2513facc32173c472021-12-21 10:28:12.449root 11241100x8000000000000000355627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0e3b605646bfa12021-12-21 10:28:12.449root 11241100x8000000000000000355628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dee7e3b98005d862021-12-21 10:28:12.449root 11241100x8000000000000000355629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fabc121a3769ad22021-12-21 10:28:12.449root 11241100x8000000000000000355630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29f9989fe2f2b1b2021-12-21 10:28:12.450root 11241100x8000000000000000355631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4874a1736bd35a4b2021-12-21 10:28:12.450root 11241100x8000000000000000355632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb72a426e6ceeeca2021-12-21 10:28:12.450root 11241100x8000000000000000355633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3374b71a54dfa22021-12-21 10:28:12.450root 11241100x8000000000000000355634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.141ad4b66dd9bf4a2021-12-21 10:28:12.450root 11241100x8000000000000000355635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5bf24b94814a1892021-12-21 10:28:12.450root 11241100x8000000000000000355636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04b0595902148352021-12-21 10:28:12.450root 11241100x8000000000000000355637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12b1c7243b1b6a142021-12-21 10:28:12.450root 11241100x8000000000000000355638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a8e4cbc766d7682021-12-21 10:28:12.450root 11241100x8000000000000000355639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4b3e87ea4461262021-12-21 10:28:12.450root 11241100x8000000000000000355640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45e877b0cca6e8712021-12-21 10:28:12.451root 11241100x8000000000000000355641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf4727656a086252021-12-21 10:28:12.451root 11241100x8000000000000000355642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68dfc0e72a70fc672021-12-21 10:28:12.451root 11241100x8000000000000000355643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4d6ab2e1e36dbb2021-12-21 10:28:12.451root 11241100x8000000000000000355644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157f0759b0a51e622021-12-21 10:28:12.451root 11241100x8000000000000000355645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e52493db69fcf82021-12-21 10:28:12.451root 11241100x8000000000000000355646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da63c4b8de184ecc2021-12-21 10:28:12.451root 11241100x8000000000000000355647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac2278565d6503f2021-12-21 10:28:12.451root 11241100x8000000000000000355648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b22023321acacb72021-12-21 10:28:12.451root 11241100x8000000000000000355649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d26f5f9951a32d12021-12-21 10:28:12.451root 11241100x8000000000000000355650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f48cb82c780875b2021-12-21 10:28:12.451root 11241100x8000000000000000355651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40218082282bf1502021-12-21 10:28:12.451root 11241100x8000000000000000355652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ced056a08df87102021-12-21 10:28:12.451root 11241100x8000000000000000355653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649d61ffcf5b7b9b2021-12-21 10:28:12.452root 11241100x8000000000000000355654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5add51f047c10d902021-12-21 10:28:12.452root 11241100x8000000000000000355655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b971ed18c9d7ea2021-12-21 10:28:12.452root 11241100x8000000000000000355656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8ea3e7306998512021-12-21 10:28:12.452root 11241100x8000000000000000355657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d78f783111519a52021-12-21 10:28:12.452root 11241100x8000000000000000355658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b58ed34f01119ac72021-12-21 10:28:12.452root 11241100x8000000000000000355659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb85398f8b9ee27f2021-12-21 10:28:12.452root 11241100x8000000000000000355660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cefcb8d7dcb293ca2021-12-21 10:28:12.452root 11241100x8000000000000000355661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d24e7aff06b14a22021-12-21 10:28:12.452root 11241100x8000000000000000355662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ba0e68aba8b4862021-12-21 10:28:12.452root 11241100x8000000000000000355663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a255fd870a19b7a72021-12-21 10:28:12.452root 11241100x8000000000000000355664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1496d997979df5582021-12-21 10:28:12.452root 11241100x8000000000000000355665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d651bb932e66bbd2021-12-21 10:28:12.943root 11241100x8000000000000000355666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4764ce88a135a6cd2021-12-21 10:28:12.943root 11241100x8000000000000000355667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d471d4ce9d597b2021-12-21 10:28:12.943root 11241100x8000000000000000355668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f114a91d9756312021-12-21 10:28:12.943root 11241100x8000000000000000355669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ef95dc187359102021-12-21 10:28:12.943root 11241100x8000000000000000355670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88dac65b169ce6412021-12-21 10:28:12.944root 11241100x8000000000000000355671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ea4665a59aaf2882021-12-21 10:28:12.944root 11241100x8000000000000000355672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033e17a23809c6072021-12-21 10:28:12.944root 11241100x8000000000000000355673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62788a26d5bdfcd62021-12-21 10:28:12.944root 11241100x8000000000000000355674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b271406228ff282021-12-21 10:28:12.944root 11241100x8000000000000000355675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020bc518b4d2c6582021-12-21 10:28:12.944root 11241100x8000000000000000355676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0ee23f344638e32021-12-21 10:28:12.944root 11241100x8000000000000000355677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8411dde0ebb81a2021-12-21 10:28:12.944root 11241100x8000000000000000355678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac783d6db22e9a12021-12-21 10:28:12.944root 11241100x8000000000000000355679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177441326e03fb2f2021-12-21 10:28:12.944root 11241100x8000000000000000355680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.450077a8e167a3ca2021-12-21 10:28:12.944root 11241100x8000000000000000355681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e474f7dfd22d4d122021-12-21 10:28:12.944root 11241100x8000000000000000355682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765eeff8b346fd132021-12-21 10:28:12.944root 11241100x8000000000000000355683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76dcf7628d6d4e402021-12-21 10:28:12.944root 11241100x8000000000000000355684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e13e6ffab3f88552021-12-21 10:28:12.944root 11241100x8000000000000000355685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09f117742f22a8a22021-12-21 10:28:12.944root 11241100x8000000000000000355686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27eb3211616d6b352021-12-21 10:28:12.945root 11241100x8000000000000000355687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3eb98d52a902b72021-12-21 10:28:12.945root 11241100x8000000000000000355688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5cee2195777a87c2021-12-21 10:28:12.945root 11241100x8000000000000000355689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36fb9008b5f806c82021-12-21 10:28:12.945root 11241100x8000000000000000355690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51a7c23bcbf821c2021-12-21 10:28:12.945root 11241100x8000000000000000355691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20e258cfdd2ed0a2021-12-21 10:28:12.945root 11241100x8000000000000000355692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afa4737eaa309c52021-12-21 10:28:12.945root 11241100x8000000000000000355693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8ae6a9636949ab2021-12-21 10:28:12.945root 11241100x8000000000000000355694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078a4424a8d629a22021-12-21 10:28:12.945root 11241100x8000000000000000355695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a93cddf7346ee42021-12-21 10:28:12.945root 11241100x8000000000000000355696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82a8a8b9dbbd00b2021-12-21 10:28:12.945root 11241100x8000000000000000355697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a826be8c5a290a2021-12-21 10:28:12.945root 11241100x8000000000000000355698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76cc7310826d94b72021-12-21 10:28:12.945root 11241100x8000000000000000355699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1536751424cc1e02021-12-21 10:28:12.945root 11241100x8000000000000000355700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d0a57663a42a7d2021-12-21 10:28:12.945root 11241100x8000000000000000355701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:12.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6d70b6b3dfb1682021-12-21 10:28:12.945root 11241100x8000000000000000355702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e1aaf5b8cfafcc72021-12-21 10:28:13.443root 11241100x8000000000000000355703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b228518b8293e1f62021-12-21 10:28:13.443root 11241100x8000000000000000355704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82b103b9f4fa2b5f2021-12-21 10:28:13.443root 11241100x8000000000000000355705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85251a5dbf33ae82021-12-21 10:28:13.444root 11241100x8000000000000000355706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d2a5ba3573df3912021-12-21 10:28:13.444root 11241100x8000000000000000355707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e687f894b012de4f2021-12-21 10:28:13.444root 11241100x8000000000000000355708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd5304793e4d97952021-12-21 10:28:13.444root 11241100x8000000000000000355709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d276678ecb4ff242021-12-21 10:28:13.444root 11241100x8000000000000000355710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9724a0326962f6af2021-12-21 10:28:13.444root 11241100x8000000000000000355711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad183beab49857e2021-12-21 10:28:13.444root 11241100x8000000000000000355712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3815e472948b372021-12-21 10:28:13.444root 11241100x8000000000000000355713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381a473a9f868db82021-12-21 10:28:13.444root 11241100x8000000000000000355714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1b5defe17a9a9d2021-12-21 10:28:13.444root 11241100x8000000000000000355715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5398e74b1947a7162021-12-21 10:28:13.445root 11241100x8000000000000000355716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ff6dae58480cf12021-12-21 10:28:13.445root 11241100x8000000000000000355717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01547589989e459e2021-12-21 10:28:13.445root 11241100x8000000000000000355718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55b0971dcced8f52021-12-21 10:28:13.445root 11241100x8000000000000000355719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56ad298825f84b522021-12-21 10:28:13.445root 11241100x8000000000000000355720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1204ac885e8898662021-12-21 10:28:13.445root 11241100x8000000000000000355721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5403209c301795f2021-12-21 10:28:13.445root 11241100x8000000000000000355722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e907ddf46aaab2f32021-12-21 10:28:13.445root 11241100x8000000000000000355723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b823dfa4404ef372021-12-21 10:28:13.445root 11241100x8000000000000000355724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00e84753c6810f9d2021-12-21 10:28:13.445root 11241100x8000000000000000355725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.501a59a56e2c07592021-12-21 10:28:13.445root 11241100x8000000000000000355726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d2d1ed36996e0d2021-12-21 10:28:13.446root 11241100x8000000000000000355727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0433c388558269f2021-12-21 10:28:13.446root 11241100x8000000000000000355728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d398ec459022a7402021-12-21 10:28:13.446root 11241100x8000000000000000355729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fee9846037ecb0b2021-12-21 10:28:13.446root 11241100x8000000000000000355730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ebbd694dfdab5542021-12-21 10:28:13.446root 11241100x8000000000000000355731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c332c470cd98912021-12-21 10:28:13.446root 11241100x8000000000000000355732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c49eb64d424f3762021-12-21 10:28:13.446root 11241100x8000000000000000355733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed2b118fcf56559f2021-12-21 10:28:13.446root 11241100x8000000000000000355734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775d0fe54a93e38f2021-12-21 10:28:13.446root 11241100x8000000000000000355735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bace1474eab8e5292021-12-21 10:28:13.446root 11241100x8000000000000000355736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0369f6125701172021-12-21 10:28:13.446root 11241100x8000000000000000355737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77b96b58eb265922021-12-21 10:28:13.446root 11241100x8000000000000000355738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3163a47a14deeee62021-12-21 10:28:13.446root 11241100x8000000000000000355739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e6cf807ee8293d2021-12-21 10:28:13.447root 11241100x8000000000000000355740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5366a9f72461f972021-12-21 10:28:13.447root 11241100x8000000000000000355741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0c0d59fb16a2432021-12-21 10:28:13.447root 11241100x8000000000000000355742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9331d697eef25d542021-12-21 10:28:13.447root 11241100x8000000000000000355743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150cbfb0ffe51c452021-12-21 10:28:13.943root 11241100x8000000000000000355744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b159464658dad55b2021-12-21 10:28:13.943root 11241100x8000000000000000355745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077d2360d5923a2f2021-12-21 10:28:13.943root 11241100x8000000000000000355746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54c8b6dd719e8d122021-12-21 10:28:13.943root 11241100x8000000000000000355747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdbd55dde21c50df2021-12-21 10:28:13.944root 11241100x8000000000000000355748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f8da2eae3056772021-12-21 10:28:13.944root 11241100x8000000000000000355749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eecc8781482992c2021-12-21 10:28:13.944root 11241100x8000000000000000355750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4364fbb3b40c4b2021-12-21 10:28:13.944root 11241100x8000000000000000355751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1b4623e6d2fe3f2021-12-21 10:28:13.944root 11241100x8000000000000000355752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f11083b45bedc6c2021-12-21 10:28:13.944root 11241100x8000000000000000355753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7affa5a6270c7f462021-12-21 10:28:13.944root 11241100x8000000000000000355754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f4839ea65f9d1d2021-12-21 10:28:13.944root 11241100x8000000000000000355755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee5ede444560f2992021-12-21 10:28:13.944root 11241100x8000000000000000355756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fa2a39d507f80c2021-12-21 10:28:13.944root 11241100x8000000000000000355757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50abe0ecc0e23aa2021-12-21 10:28:13.944root 11241100x8000000000000000355758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55af5be863effac72021-12-21 10:28:13.944root 11241100x8000000000000000355759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01c045acdf37a102021-12-21 10:28:13.944root 11241100x8000000000000000355760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13248d3455ef1e72021-12-21 10:28:13.944root 11241100x8000000000000000355761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db089cdb9124d39a2021-12-21 10:28:13.944root 11241100x8000000000000000355762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2107459bbf95958a2021-12-21 10:28:13.944root 11241100x8000000000000000355763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4cfe6a63221c0ee2021-12-21 10:28:13.945root 11241100x8000000000000000355764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d97613011d5f5b962021-12-21 10:28:13.945root 11241100x8000000000000000355765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20372012a25978cc2021-12-21 10:28:13.945root 11241100x8000000000000000355766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88587f778d177cdc2021-12-21 10:28:13.945root 11241100x8000000000000000355767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb0063d78b12db32021-12-21 10:28:13.945root 11241100x8000000000000000355768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4b64e2112b4f562021-12-21 10:28:13.945root 11241100x8000000000000000355769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a94532bf4dcae952021-12-21 10:28:13.945root 11241100x8000000000000000355770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.263207a50795531a2021-12-21 10:28:13.945root 11241100x8000000000000000355771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d567b9da1b2e6ce2021-12-21 10:28:13.945root 11241100x8000000000000000355772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6af3932483ff092021-12-21 10:28:13.945root 11241100x8000000000000000355773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb730303e42e6f612021-12-21 10:28:13.945root 11241100x8000000000000000355774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cacf9f9ec27adc02021-12-21 10:28:13.945root 11241100x8000000000000000355775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d9ed5b43ce2a4722021-12-21 10:28:13.945root 11241100x8000000000000000355776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6cb35c780fa4da2021-12-21 10:28:13.945root 11241100x8000000000000000355777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c222278e537f912021-12-21 10:28:13.945root 11241100x8000000000000000355778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c9040676e00c23c2021-12-21 10:28:13.945root 11241100x8000000000000000355779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0f5a4b2162cf212021-12-21 10:28:13.945root 11241100x8000000000000000355780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e049031c9058a902021-12-21 10:28:13.946root 11241100x8000000000000000355781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6306e923443dce252021-12-21 10:28:13.946root 11241100x8000000000000000355782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f117339801e43dc2021-12-21 10:28:13.946root 11241100x8000000000000000355783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:13.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8008e88abee2bec72021-12-21 10:28:13.946root 11241100x8000000000000000355784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14eb6ff05d7dc1522021-12-21 10:28:14.443root 11241100x8000000000000000355785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e339c6cbaddc8dc2021-12-21 10:28:14.443root 11241100x8000000000000000355786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507bedd1bfb4dc082021-12-21 10:28:14.443root 11241100x8000000000000000355787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fab2b100643b2062021-12-21 10:28:14.444root 11241100x8000000000000000355788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.443909deb96792c32021-12-21 10:28:14.444root 11241100x8000000000000000355789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f72de566fafa0bc2021-12-21 10:28:14.444root 11241100x8000000000000000355790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41da5e3e73a0d2b2021-12-21 10:28:14.444root 11241100x8000000000000000355791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed0fce41f5b0a092021-12-21 10:28:14.444root 11241100x8000000000000000355792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd6b4840b6f56732021-12-21 10:28:14.445root 11241100x8000000000000000355793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee211d73513a7cd2021-12-21 10:28:14.445root 11241100x8000000000000000355794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9447f95a3178b782021-12-21 10:28:14.445root 11241100x8000000000000000355795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6459137a08b1f592021-12-21 10:28:14.445root 11241100x8000000000000000355796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8b5d0c01548fc7a2021-12-21 10:28:14.445root 11241100x8000000000000000355797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1508820bc3c15132021-12-21 10:28:14.445root 11241100x8000000000000000355798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f9a9964cbf6f332021-12-21 10:28:14.445root 11241100x8000000000000000355799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ddf38e6d29c812e2021-12-21 10:28:14.446root 11241100x8000000000000000355800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97783e66490eff5c2021-12-21 10:28:14.446root 11241100x8000000000000000355801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5229cd7eea40c8a02021-12-21 10:28:14.446root 11241100x8000000000000000355802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95893c0711f39ce32021-12-21 10:28:14.447root 11241100x8000000000000000355803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f581bf9b7a5971952021-12-21 10:28:14.447root 11241100x8000000000000000355804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1506a64ecd5be63b2021-12-21 10:28:14.447root 11241100x8000000000000000355805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63b05b4d3308c7982021-12-21 10:28:14.447root 11241100x8000000000000000355806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb4dd902ab93eff2021-12-21 10:28:14.447root 11241100x8000000000000000355807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6e55beb54c81bf2021-12-21 10:28:14.448root 11241100x8000000000000000355808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e92fca0ccbd7962021-12-21 10:28:14.448root 11241100x8000000000000000355809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046144d46c0047c52021-12-21 10:28:14.448root 11241100x8000000000000000355810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1115664a7a150f2021-12-21 10:28:14.448root 11241100x8000000000000000355811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32cc1d57aca9adb92021-12-21 10:28:14.449root 11241100x8000000000000000355812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f9ec701e1787b22021-12-21 10:28:14.449root 11241100x8000000000000000355813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5f318cffeb76072021-12-21 10:28:14.450root 11241100x8000000000000000355814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231728c08c1068eb2021-12-21 10:28:14.450root 11241100x8000000000000000355815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c212e55470bc01de2021-12-21 10:28:14.450root 11241100x8000000000000000355816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3692486546408e4c2021-12-21 10:28:14.450root 11241100x8000000000000000355817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09988a6284103ff62021-12-21 10:28:14.451root 11241100x8000000000000000355818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0afa5af81e6f1cfd2021-12-21 10:28:14.451root 11241100x8000000000000000355819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1290a63394d4c32021-12-21 10:28:14.451root 11241100x8000000000000000355820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb746f2452939862021-12-21 10:28:14.451root 11241100x8000000000000000355821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1aa2976ac68ba572021-12-21 10:28:14.452root 11241100x8000000000000000355822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec01183e0188bbfe2021-12-21 10:28:14.452root 11241100x8000000000000000355823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062e7b2fc6bfe4d92021-12-21 10:28:14.452root 11241100x8000000000000000355824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b175cc3b4866b012021-12-21 10:28:14.453root 11241100x8000000000000000355825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3eaba7db20504d2021-12-21 10:28:14.453root 11241100x8000000000000000355826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7a7986ce03f02d2021-12-21 10:28:14.453root 11241100x8000000000000000355827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9be2005f264e0c2021-12-21 10:28:14.454root 11241100x8000000000000000355828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5895ced3eb3e176c2021-12-21 10:28:14.454root 11241100x8000000000000000355829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d48163e8fccf9a02021-12-21 10:28:14.454root 11241100x8000000000000000355830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e44071732a3de142021-12-21 10:28:14.454root 11241100x8000000000000000355831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09a7558bf3fa2b072021-12-21 10:28:14.455root 11241100x8000000000000000355832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1277a16cbc6197c32021-12-21 10:28:14.455root 11241100x8000000000000000355833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eca00c850808a4532021-12-21 10:28:14.455root 11241100x8000000000000000355834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5870cf68d902ff2021-12-21 10:28:14.455root 11241100x8000000000000000355835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a894167d119c5df02021-12-21 10:28:14.456root 11241100x8000000000000000355836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6541431fc7423372021-12-21 10:28:14.943root 11241100x8000000000000000355837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5b16b0d8e6cf872021-12-21 10:28:14.943root 11241100x8000000000000000355838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e39a17b34594ef82021-12-21 10:28:14.944root 11241100x8000000000000000355839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f56554a831795fb2021-12-21 10:28:14.944root 11241100x8000000000000000355840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087bc18e2b2de53a2021-12-21 10:28:14.944root 11241100x8000000000000000355841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2acc4079beac1cb72021-12-21 10:28:14.944root 11241100x8000000000000000355842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d8deece202a2c02021-12-21 10:28:14.944root 11241100x8000000000000000355843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ae802ea40b3ce52021-12-21 10:28:14.944root 11241100x8000000000000000355844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ac4cd98c5eb66a2021-12-21 10:28:14.944root 11241100x8000000000000000355845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772e0d2e76d83c882021-12-21 10:28:14.945root 11241100x8000000000000000355846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.118ebce1dd3db44d2021-12-21 10:28:14.945root 11241100x8000000000000000355847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00c92fced22e1ccf2021-12-21 10:28:14.945root 11241100x8000000000000000355848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625d12eb576ee9282021-12-21 10:28:14.945root 11241100x8000000000000000355849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79174c24bbe1f5622021-12-21 10:28:14.945root 11241100x8000000000000000355850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.227bc8ce084b5a012021-12-21 10:28:14.945root 11241100x8000000000000000355851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ad9515245b17cd2021-12-21 10:28:14.945root 11241100x8000000000000000355852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e6813f958da2c52021-12-21 10:28:14.945root 11241100x8000000000000000355853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d54e51911a341c2021-12-21 10:28:14.945root 11241100x8000000000000000355854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3180525425cce5272021-12-21 10:28:14.945root 11241100x8000000000000000355855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69c5adc409045122021-12-21 10:28:14.945root 11241100x8000000000000000355856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a46c6e6a298b282021-12-21 10:28:14.945root 11241100x8000000000000000355857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f29278a0759a7f2021-12-21 10:28:14.945root 11241100x8000000000000000355858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e50609b04ee3082021-12-21 10:28:14.945root 11241100x8000000000000000355859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250bb238552eaf452021-12-21 10:28:14.945root 11241100x8000000000000000355860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb8c4598f126bf92021-12-21 10:28:14.945root 11241100x8000000000000000355861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68dbee5fcf2396b72021-12-21 10:28:14.946root 11241100x8000000000000000355862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04d08c159ba85a22021-12-21 10:28:14.946root 11241100x8000000000000000355863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f72cec585fb8df2021-12-21 10:28:14.946root 11241100x8000000000000000355864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104aa2cc31788a2d2021-12-21 10:28:14.946root 11241100x8000000000000000355865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba0c403bee81b0ba2021-12-21 10:28:14.946root 11241100x8000000000000000355866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5cc69fc78e21662021-12-21 10:28:14.946root 11241100x8000000000000000355867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02fabc4d71a350002021-12-21 10:28:14.946root 11241100x8000000000000000355868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aa529b8e37212d22021-12-21 10:28:14.946root 11241100x8000000000000000355869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8545875c683323e2021-12-21 10:28:14.946root 11241100x8000000000000000355870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a06b3e3e4c4b9472021-12-21 10:28:14.946root 11241100x8000000000000000355871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2645bb92e2fcb22021-12-21 10:28:14.946root 11241100x8000000000000000355872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41fe1a4bcd33e2382021-12-21 10:28:14.946root 11241100x8000000000000000355873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc2b55646a221a12021-12-21 10:28:14.946root 11241100x8000000000000000355874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bed2b0ce5481c552021-12-21 10:28:14.946root 11241100x8000000000000000355875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:14.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893e4a298a7e2ef02021-12-21 10:28:14.946root 11241100x8000000000000000355876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bcfa31a3ab6e6132021-12-21 10:28:15.443root 11241100x8000000000000000355877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2849b413e2e2bf232021-12-21 10:28:15.443root 11241100x8000000000000000355878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efb70e6ab25a23d2021-12-21 10:28:15.444root 11241100x8000000000000000355879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9592037179d1b42021-12-21 10:28:15.444root 11241100x8000000000000000355880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb8724ad664fa7f2021-12-21 10:28:15.444root 11241100x8000000000000000355881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75bf7cfa8caea882021-12-21 10:28:15.444root 11241100x8000000000000000355882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b27fc52c860b2292021-12-21 10:28:15.444root 11241100x8000000000000000355883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c03176e4664fd692021-12-21 10:28:15.444root 11241100x8000000000000000355884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d7c7309adebf032021-12-21 10:28:15.444root 11241100x8000000000000000355885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b722e01a9782a6972021-12-21 10:28:15.444root 11241100x8000000000000000355886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d2af05a0fb28602021-12-21 10:28:15.444root 11241100x8000000000000000355887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9dcd26f1348de962021-12-21 10:28:15.445root 11241100x8000000000000000355888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8eee60cce5cb1de2021-12-21 10:28:15.445root 11241100x8000000000000000355889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b071a396fd812d2021-12-21 10:28:15.445root 11241100x8000000000000000355890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65f3184457f2d4f72021-12-21 10:28:15.445root 11241100x8000000000000000355891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82953083e0ec83322021-12-21 10:28:15.445root 11241100x8000000000000000355892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7452822d9ae8dc2021-12-21 10:28:15.445root 11241100x8000000000000000355893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5b44a1f1956fabb2021-12-21 10:28:15.445root 11241100x8000000000000000355894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f971b9d82c971e2021-12-21 10:28:15.445root 11241100x8000000000000000355895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1d09cdbce4c258e2021-12-21 10:28:15.445root 11241100x8000000000000000355896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbacb1b3089e5b1f2021-12-21 10:28:15.446root 11241100x8000000000000000355897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c55d692157337822021-12-21 10:28:15.446root 11241100x8000000000000000355898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cdb1baefe8bb2832021-12-21 10:28:15.446root 11241100x8000000000000000355899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f3822006c21da182021-12-21 10:28:15.446root 11241100x8000000000000000355900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b15359c1545aedd2021-12-21 10:28:15.446root 11241100x8000000000000000355901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f862313746c131a72021-12-21 10:28:15.446root 11241100x8000000000000000355902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08cc9792b0b20cb52021-12-21 10:28:15.446root 11241100x8000000000000000355903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a007600146225c2021-12-21 10:28:15.446root 11241100x8000000000000000355904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb2370e6d21599342021-12-21 10:28:15.446root 11241100x8000000000000000355905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968eea6a322245442021-12-21 10:28:15.446root 11241100x8000000000000000355906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa80692778fdb702021-12-21 10:28:15.447root 11241100x8000000000000000355907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5a0a106e4aa20a2021-12-21 10:28:15.447root 11241100x8000000000000000355908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9120a174d02d8fcd2021-12-21 10:28:15.447root 11241100x8000000000000000355909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa8cfafa9b050402021-12-21 10:28:15.447root 11241100x8000000000000000355910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e22f9a669f6b67e2021-12-21 10:28:15.447root 11241100x8000000000000000355911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a576563d89f4572021-12-21 10:28:15.447root 11241100x8000000000000000355912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07928f8b7b927fe2021-12-21 10:28:15.447root 11241100x8000000000000000355913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ccd3acd98442b42021-12-21 10:28:15.447root 11241100x8000000000000000355914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.974dd92bc8aa9c132021-12-21 10:28:15.447root 11241100x8000000000000000355915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.947317422ed149dd2021-12-21 10:28:15.447root 11241100x8000000000000000355916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649609eedb9fcda52021-12-21 10:28:15.447root 11241100x8000000000000000355917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.172e1b9099c45c492021-12-21 10:28:15.943root 11241100x8000000000000000355918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13967d41561dc352021-12-21 10:28:15.943root 11241100x8000000000000000355919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ff888fe7fb876c2021-12-21 10:28:15.943root 11241100x8000000000000000355920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04fdee382393e742021-12-21 10:28:15.943root 11241100x8000000000000000355921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6015e1ca634d032021-12-21 10:28:15.943root 11241100x8000000000000000355922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1a16b78a0a283c2021-12-21 10:28:15.943root 11241100x8000000000000000355923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641ff8f00df600cb2021-12-21 10:28:15.943root 11241100x8000000000000000355924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31df1ded299964c72021-12-21 10:28:15.944root 11241100x8000000000000000355925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c79e7618e0aeae2021-12-21 10:28:15.944root 11241100x8000000000000000355926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09233b14022e627a2021-12-21 10:28:15.944root 11241100x8000000000000000355927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e1007073a82dd52021-12-21 10:28:15.944root 11241100x8000000000000000355928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b728a55ccf13052021-12-21 10:28:15.944root 11241100x8000000000000000355929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e531529e6046d72021-12-21 10:28:15.944root 11241100x8000000000000000355930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe655d37b86bf09f2021-12-21 10:28:15.944root 11241100x8000000000000000355931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fb75dd9d5f50ba2021-12-21 10:28:15.944root 11241100x8000000000000000355932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fda117dfc392c1ac2021-12-21 10:28:15.944root 11241100x8000000000000000355933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab9745a0d7cb6dc02021-12-21 10:28:15.945root 11241100x8000000000000000355934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a01c5aa93a122f82021-12-21 10:28:15.945root 11241100x8000000000000000355935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817c90fb2893e1f82021-12-21 10:28:15.945root 11241100x8000000000000000355936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16aae0ee54ff19962021-12-21 10:28:15.945root 11241100x8000000000000000355937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8fff7b893845ce2021-12-21 10:28:15.945root 11241100x8000000000000000355938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d77a4228d3ffb922021-12-21 10:28:15.946root 11241100x8000000000000000355939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ea7281aed411a402021-12-21 10:28:15.946root 11241100x8000000000000000355940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e49fef433bc58102021-12-21 10:28:15.946root 11241100x8000000000000000355941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad04302b4bb493702021-12-21 10:28:15.946root 11241100x8000000000000000355942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddc73b5a9e6a83d22021-12-21 10:28:15.946root 11241100x8000000000000000355943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485db095209f2be72021-12-21 10:28:15.946root 11241100x8000000000000000355944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3adfbd2f4847cbb42021-12-21 10:28:15.946root 11241100x8000000000000000355945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185e906524d4281b2021-12-21 10:28:15.947root 11241100x8000000000000000355946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90163e22b3a1a002021-12-21 10:28:15.947root 11241100x8000000000000000355947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdade22796cd1c232021-12-21 10:28:15.947root 11241100x8000000000000000355948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5ea84d425018ce2021-12-21 10:28:15.947root 11241100x8000000000000000355949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725f347488e457972021-12-21 10:28:15.947root 11241100x8000000000000000355950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85cc10675b82e3a2021-12-21 10:28:15.947root 11241100x8000000000000000355951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33199496dfa353c2021-12-21 10:28:15.947root 11241100x8000000000000000355952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed55ad40ee74fb62021-12-21 10:28:15.948root 11241100x8000000000000000355953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd2af87ddafd4462021-12-21 10:28:15.948root 11241100x8000000000000000355954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87dc58ef5904e6de2021-12-21 10:28:15.948root 11241100x8000000000000000355955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e62605f598163f0a2021-12-21 10:28:15.948root 11241100x8000000000000000355956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.410da5b5734f6c632021-12-21 10:28:15.948root 11241100x8000000000000000355957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a897e992dfe5aedd2021-12-21 10:28:15.948root 11241100x8000000000000000355958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a520d2d12df229a2021-12-21 10:28:15.948root 11241100x8000000000000000355959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9fb8fad5734a97d2021-12-21 10:28:15.948root 11241100x8000000000000000355960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6c97f0e26fe8472021-12-21 10:28:15.948root 11241100x8000000000000000355961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aedd7e9950b58612021-12-21 10:28:15.948root 11241100x8000000000000000355962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca5ae20f979f0632021-12-21 10:28:15.948root 11241100x8000000000000000355963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7fe171b36c7afbe2021-12-21 10:28:15.948root 11241100x8000000000000000355964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682859f27235644b2021-12-21 10:28:15.948root 11241100x8000000000000000355965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b17544b296a6362021-12-21 10:28:15.949root 11241100x8000000000000000355966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63e93a16c8b69de2021-12-21 10:28:15.949root 11241100x8000000000000000355967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889e2354591b292b2021-12-21 10:28:15.949root 11241100x8000000000000000355968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be4d38fe4cb05682021-12-21 10:28:15.949root 11241100x8000000000000000355969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db60c69b4890c1e42021-12-21 10:28:15.949root 11241100x8000000000000000355970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a36d99b5a3d86c12021-12-21 10:28:15.949root 11241100x8000000000000000355971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54da440fcd107d682021-12-21 10:28:15.949root 11241100x8000000000000000355972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e81a1929a3b9342021-12-21 10:28:15.949root 11241100x8000000000000000355973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd867ea7da4ee8b2021-12-21 10:28:15.949root 11241100x8000000000000000355974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3d92146cd0b39b2021-12-21 10:28:15.949root 11241100x8000000000000000355975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8f45e0c18d06b8e2021-12-21 10:28:15.949root 11241100x8000000000000000355976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4c258f0e5ed8522021-12-21 10:28:15.950root 11241100x8000000000000000355977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07f79b2917fc9902021-12-21 10:28:15.950root 11241100x8000000000000000355978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4f997a49493ce92021-12-21 10:28:15.950root 11241100x8000000000000000355979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc508bada02e58122021-12-21 10:28:15.950root 11241100x8000000000000000355980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:15.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fec2aa0a618611b2021-12-21 10:28:15.950root 11241100x8000000000000000355981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0babac07217a50042021-12-21 10:28:16.443root 11241100x8000000000000000355982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a03c08046e05b7b2021-12-21 10:28:16.443root 11241100x8000000000000000355983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.924594921a1890c82021-12-21 10:28:16.443root 11241100x8000000000000000355984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4327661a267481b2021-12-21 10:28:16.444root 11241100x8000000000000000355985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca992965dd7d9a22021-12-21 10:28:16.444root 11241100x8000000000000000355986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d5aba5bd4b314812021-12-21 10:28:16.444root 11241100x8000000000000000355987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03e7f7b227fb29352021-12-21 10:28:16.444root 11241100x8000000000000000355988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec3fdcbc660578d2021-12-21 10:28:16.444root 11241100x8000000000000000355989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0d8a6763234f9e2021-12-21 10:28:16.444root 11241100x8000000000000000355990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7a5f41f9ca6a5d2021-12-21 10:28:16.444root 11241100x8000000000000000355991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ab2b8a0a87b79d2021-12-21 10:28:16.444root 11241100x8000000000000000355992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c709408fb97334c22021-12-21 10:28:16.444root 11241100x8000000000000000355993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d2237b9ba23b4d2021-12-21 10:28:16.444root 11241100x8000000000000000355994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7820c3ecb7a6a12021-12-21 10:28:16.444root 11241100x8000000000000000355995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f71d9d25f2971ca2021-12-21 10:28:16.444root 11241100x8000000000000000355996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e8131209e037292021-12-21 10:28:16.444root 11241100x8000000000000000355997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4eb614da71c54522021-12-21 10:28:16.444root 11241100x8000000000000000355998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1993d5ec7290258b2021-12-21 10:28:16.444root 11241100x8000000000000000355999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ca1ce840c028712021-12-21 10:28:16.445root 11241100x8000000000000000356000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7abb1f72f38cdf92021-12-21 10:28:16.445root 11241100x8000000000000000356001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45767fe430b205c2021-12-21 10:28:16.445root 11241100x8000000000000000356002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b568eb22bcad7d1e2021-12-21 10:28:16.445root 11241100x8000000000000000356003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5108530518583ef02021-12-21 10:28:16.445root 11241100x8000000000000000356004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7157048aacf2b1492021-12-21 10:28:16.445root 11241100x8000000000000000356005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae212f70bafd2372021-12-21 10:28:16.445root 11241100x8000000000000000356006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fca87489d2ad6fd2021-12-21 10:28:16.445root 11241100x8000000000000000356007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ad1cc6929086c12021-12-21 10:28:16.445root 11241100x8000000000000000356008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c730fcf47ba486372021-12-21 10:28:16.445root 11241100x8000000000000000356009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01d6d8bf9cd19562021-12-21 10:28:16.445root 11241100x8000000000000000356010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a5d1a9177e46e402021-12-21 10:28:16.446root 11241100x8000000000000000356011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dbde2299e10fa292021-12-21 10:28:16.446root 11241100x8000000000000000356012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e028b81a294bb1d2021-12-21 10:28:16.446root 11241100x8000000000000000356013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1965a918b2391ea32021-12-21 10:28:16.446root 11241100x8000000000000000356014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396c69a9085daea92021-12-21 10:28:16.446root 11241100x8000000000000000356015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64f219604459e8032021-12-21 10:28:16.446root 11241100x8000000000000000356016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aee761eaeba95762021-12-21 10:28:16.446root 11241100x8000000000000000356017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1835ac15bac790f12021-12-21 10:28:16.446root 11241100x8000000000000000356018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44753df670e23372021-12-21 10:28:16.446root 11241100x8000000000000000356019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad10befeb5882a072021-12-21 10:28:16.943root 11241100x8000000000000000356020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3bcdb94cd039332021-12-21 10:28:16.943root 11241100x8000000000000000356021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207c15fdcdcf76962021-12-21 10:28:16.943root 11241100x8000000000000000356022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6317e55c928fdf42021-12-21 10:28:16.943root 11241100x8000000000000000356023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341eaedb330fb3c92021-12-21 10:28:16.943root 11241100x8000000000000000356024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f161ad0449f40a9c2021-12-21 10:28:16.943root 11241100x8000000000000000356025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a5238608060afc2021-12-21 10:28:16.943root 11241100x8000000000000000356026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd61866cb2c142a32021-12-21 10:28:16.944root 11241100x8000000000000000356027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff171bf9e91773c32021-12-21 10:28:16.944root 11241100x8000000000000000356028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6870739dd66bcf422021-12-21 10:28:16.944root 11241100x8000000000000000356029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f23ee18ac8d56032021-12-21 10:28:16.944root 11241100x8000000000000000356030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7198233a6ee60712021-12-21 10:28:16.944root 11241100x8000000000000000356031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a49e9ce1f1998ba2021-12-21 10:28:16.944root 11241100x8000000000000000356032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.134773672d3a720d2021-12-21 10:28:16.944root 11241100x8000000000000000356033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a9bca15b62a5f92021-12-21 10:28:16.944root 11241100x8000000000000000356034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c92e815854279fd2021-12-21 10:28:16.945root 11241100x8000000000000000356035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0501d3cf29cbf62021-12-21 10:28:16.945root 11241100x8000000000000000356036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0124a1b281e2242021-12-21 10:28:16.945root 11241100x8000000000000000356037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d17ee2b111ddb6772021-12-21 10:28:16.945root 11241100x8000000000000000356038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82062fda7bd4d6892021-12-21 10:28:16.945root 11241100x8000000000000000356039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae464480a22c1ee2021-12-21 10:28:16.945root 11241100x8000000000000000356040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcac748bc07bcf6c2021-12-21 10:28:16.945root 11241100x8000000000000000356041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b271957289c5a62021-12-21 10:28:16.945root 11241100x8000000000000000356042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28f4923c47929da12021-12-21 10:28:16.945root 11241100x8000000000000000356043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b506ce5ff7cf64652021-12-21 10:28:16.945root 11241100x8000000000000000356044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196a8d60b603fba02021-12-21 10:28:16.946root 11241100x8000000000000000356045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12043faf8f9f0dac2021-12-21 10:28:16.946root 11241100x8000000000000000356046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6b176961f80b122021-12-21 10:28:16.946root 11241100x8000000000000000356047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a92ba9cb28c31c2021-12-21 10:28:16.946root 11241100x8000000000000000356048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cebf839a170e5c32021-12-21 10:28:16.946root 11241100x8000000000000000356049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a1b6f8f37c1f1032021-12-21 10:28:16.947root 11241100x8000000000000000356050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6188b2223920dc1d2021-12-21 10:28:16.947root 11241100x8000000000000000356051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9c97c6511416982021-12-21 10:28:16.947root 11241100x8000000000000000356052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded4c90e64d0c7482021-12-21 10:28:16.947root 11241100x8000000000000000356053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef26b5155ad61662021-12-21 10:28:16.947root 11241100x8000000000000000356054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab5f2fe952886e562021-12-21 10:28:16.947root 11241100x8000000000000000356055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e9745f5a51ee5812021-12-21 10:28:16.947root 11241100x8000000000000000356056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a45367a6e76f0d2021-12-21 10:28:16.947root 11241100x8000000000000000356057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eb96da50081bac82021-12-21 10:28:16.948root 11241100x8000000000000000356058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92e85ea6456639562021-12-21 10:28:16.948root 11241100x8000000000000000356059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8506611231624ced2021-12-21 10:28:16.948root 11241100x8000000000000000356060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.727246b219fcbcab2021-12-21 10:28:16.948root 11241100x8000000000000000356061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae9e2efc12fbe9ec2021-12-21 10:28:16.948root 11241100x8000000000000000356062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9908140a633f5702021-12-21 10:28:16.948root 11241100x8000000000000000356063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea667ccaa44afe72021-12-21 10:28:16.948root 11241100x8000000000000000356064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6526653261f946582021-12-21 10:28:16.949root 11241100x8000000000000000356065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f5ed3ec43f33fe2021-12-21 10:28:16.949root 11241100x8000000000000000356066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.605e09b591373da72021-12-21 10:28:16.949root 11241100x8000000000000000356067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879dc3afdb8aa5e92021-12-21 10:28:16.949root 11241100x8000000000000000356068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:16.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a275f7ad42b2a762021-12-21 10:28:16.949root 154100x8000000000000000356069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.089{ec2b6afe-ac41-61c1-6834-34c714560000}5700/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x8000000000000000356070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.100{ec2b6afe-ac41-61c1-6834-34c714560000}5700/bin/psroot 354300x8000000000000000356071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.114{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47144-false10.0.1.12-8000- 11241100x8000000000000000356072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b5806d83b9e1c52021-12-21 10:28:17.443root 11241100x8000000000000000356073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e35ce62f22fc5b2021-12-21 10:28:17.443root 11241100x8000000000000000356074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b4fb27a16fe47c2021-12-21 10:28:17.443root 11241100x8000000000000000356075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0c7670ad4130e82021-12-21 10:28:17.443root 11241100x8000000000000000356076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db6abae6187a7e82021-12-21 10:28:17.444root 11241100x8000000000000000356077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0848d69b3caf09952021-12-21 10:28:17.444root 11241100x8000000000000000356078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad7800b7e0149b02021-12-21 10:28:17.444root 11241100x8000000000000000356079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c318f631826b15d62021-12-21 10:28:17.444root 11241100x8000000000000000356080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ae17bf210c83e12021-12-21 10:28:17.444root 11241100x8000000000000000356081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7639ae0b285d66f72021-12-21 10:28:17.444root 11241100x8000000000000000356082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f9b65cee66688e2021-12-21 10:28:17.444root 11241100x8000000000000000356083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f127ad78336e87ed2021-12-21 10:28:17.444root 11241100x8000000000000000356084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea717760e7241852021-12-21 10:28:17.444root 11241100x8000000000000000356085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab423582805df062021-12-21 10:28:17.444root 11241100x8000000000000000356086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38a07dd5bc27c8e2021-12-21 10:28:17.444root 11241100x8000000000000000356087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a39d5859f9088732021-12-21 10:28:17.444root 11241100x8000000000000000356088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3294a0d6fca864f02021-12-21 10:28:17.444root 11241100x8000000000000000356089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0820ef593ed66a9a2021-12-21 10:28:17.444root 11241100x8000000000000000356090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c7dac4b5e3f5cc2021-12-21 10:28:17.444root 11241100x8000000000000000356091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b222eb277bce454a2021-12-21 10:28:17.444root 11241100x8000000000000000356092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a56107a39f2cfab2021-12-21 10:28:17.445root 11241100x8000000000000000356093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4259e382b157202021-12-21 10:28:17.445root 11241100x8000000000000000356094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca142c503703d2d2021-12-21 10:28:17.445root 11241100x8000000000000000356095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e67cd578435d1ee2021-12-21 10:28:17.445root 11241100x8000000000000000356096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1806dccd53b245762021-12-21 10:28:17.445root 11241100x8000000000000000356097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704d3213fb119e892021-12-21 10:28:17.445root 11241100x8000000000000000356098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd073f551dc28ac2021-12-21 10:28:17.445root 11241100x8000000000000000356099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4b4d4111ca5d262021-12-21 10:28:17.445root 11241100x8000000000000000356100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16333f34c39be5482021-12-21 10:28:17.445root 11241100x8000000000000000356101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69caf9203dda2d522021-12-21 10:28:17.446root 11241100x8000000000000000356102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f77a9a746a6b6132021-12-21 10:28:17.446root 11241100x8000000000000000356103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cad43233362a6ba02021-12-21 10:28:17.446root 11241100x8000000000000000356104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd63037e16ab3152021-12-21 10:28:17.446root 11241100x8000000000000000356105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2db57a50b1198d32021-12-21 10:28:17.446root 11241100x8000000000000000356106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66fe0558734625e2021-12-21 10:28:17.446root 11241100x8000000000000000356107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92da661ba69d35f2021-12-21 10:28:17.446root 11241100x8000000000000000356108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c739dcacedaae272021-12-21 10:28:17.446root 11241100x8000000000000000356109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bb043a7c9e3b7a92021-12-21 10:28:17.446root 11241100x8000000000000000356110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce20a143ab70cfa02021-12-21 10:28:17.446root 11241100x8000000000000000356111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.673438d641eee1792021-12-21 10:28:17.446root 11241100x8000000000000000356112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10140437b2137dba2021-12-21 10:28:17.447root 11241100x8000000000000000356113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb074472cea357352021-12-21 10:28:17.447root 11241100x8000000000000000356114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9db04137f6100cb2021-12-21 10:28:17.447root 11241100x8000000000000000356115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb95cbe4f00066b42021-12-21 10:28:17.447root 11241100x8000000000000000356116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7af8e963857d3b22021-12-21 10:28:17.447root 11241100x8000000000000000356117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2277ad10d7acc32021-12-21 10:28:17.447root 11241100x8000000000000000356118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053bfc8e766fe9982021-12-21 10:28:17.447root 11241100x8000000000000000356119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8fa9d848dafd302021-12-21 10:28:17.447root 11241100x8000000000000000356120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615cfc2e4e6bffe52021-12-21 10:28:17.447root 11241100x8000000000000000356121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd893f5f9ac4f7552021-12-21 10:28:17.447root 11241100x8000000000000000356122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3c0381981b82062021-12-21 10:28:17.447root 11241100x8000000000000000356123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba852f1649e5c3c2021-12-21 10:28:17.448root 11241100x8000000000000000356124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a3242cc41d9e662021-12-21 10:28:17.448root 11241100x8000000000000000356125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1785ea58747d83442021-12-21 10:28:17.448root 11241100x8000000000000000356126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12b6b5c6804adb02021-12-21 10:28:17.448root 11241100x8000000000000000356127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7522ce4a553eae82021-12-21 10:28:17.448root 11241100x8000000000000000356128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a945b5648b258a8a2021-12-21 10:28:17.448root 11241100x8000000000000000356129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.930fa09c673168252021-12-21 10:28:17.448root 11241100x8000000000000000356130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60b4a8acf3e14822021-12-21 10:28:17.448root 11241100x8000000000000000356131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142f33ac5ae0da3f2021-12-21 10:28:17.448root 11241100x8000000000000000356132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b15da252361b8282021-12-21 10:28:17.449root 11241100x8000000000000000356133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4bc0ab9871a04a2021-12-21 10:28:17.450root 11241100x8000000000000000356134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f59a5109d65d1ee2021-12-21 10:28:17.450root 11241100x8000000000000000356135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4164cf17ee2423312021-12-21 10:28:17.451root 11241100x8000000000000000356136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8870fed5ae95af602021-12-21 10:28:17.451root 11241100x8000000000000000356137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4cee0cc0c074e22021-12-21 10:28:17.451root 11241100x8000000000000000356138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d1b73494836dfc2021-12-21 10:28:17.451root 11241100x8000000000000000356139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc063a4dd575f1622021-12-21 10:28:17.451root 11241100x8000000000000000356140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a1d868d58a92a72021-12-21 10:28:17.451root 11241100x8000000000000000356141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a39bc84aadb73b2021-12-21 10:28:17.451root 11241100x8000000000000000356142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431f3b69243e0eca2021-12-21 10:28:17.451root 11241100x8000000000000000356143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fc0df86525ec9422021-12-21 10:28:17.451root 11241100x8000000000000000356144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb6fe99bcb725b22021-12-21 10:28:17.452root 11241100x8000000000000000356145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5afbe80bc215cc3a2021-12-21 10:28:17.452root 11241100x8000000000000000356146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f14dc3ed99423f12021-12-21 10:28:17.452root 11241100x8000000000000000356147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e02246663e3d4bd2021-12-21 10:28:17.452root 11241100x8000000000000000356148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6070c485b295d7672021-12-21 10:28:17.452root 11241100x8000000000000000356149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17dac6a114cfc5f2021-12-21 10:28:17.452root 11241100x8000000000000000356150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ed5c901da2ebef2021-12-21 10:28:17.453root 11241100x8000000000000000356151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de4d57ab3c10f3b2021-12-21 10:28:17.453root 11241100x8000000000000000356152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59ac70cf68e926f2021-12-21 10:28:17.453root 11241100x8000000000000000356153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.770738b299916eb02021-12-21 10:28:17.453root 11241100x8000000000000000356154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d823bba1f2d238f92021-12-21 10:28:17.453root 11241100x8000000000000000356155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41d5a2019773db082021-12-21 10:28:17.453root 11241100x8000000000000000356156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfdc948d46551cf2021-12-21 10:28:17.453root 11241100x8000000000000000356157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f145c22e2cba8a212021-12-21 10:28:17.453root 11241100x8000000000000000356158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d65e0fe5f0f6312021-12-21 10:28:17.453root 11241100x8000000000000000356159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.502dab1551b287e62021-12-21 10:28:17.453root 11241100x8000000000000000356160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ecee121ba38a1f2021-12-21 10:28:17.453root 11241100x8000000000000000356161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aedc79476443bc002021-12-21 10:28:17.454root 11241100x8000000000000000356162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188d8b7b84ad60b72021-12-21 10:28:17.454root 11241100x8000000000000000356163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1bb0e6a59c0f1722021-12-21 10:28:17.454root 11241100x8000000000000000356164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a47e5cb996b8632021-12-21 10:28:17.454root 11241100x8000000000000000356165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f252e378cc4c26442021-12-21 10:28:17.454root 11241100x8000000000000000356166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9747e27121127fd22021-12-21 10:28:17.455root 11241100x8000000000000000356167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa1c6cd90c02f132021-12-21 10:28:17.455root 11241100x8000000000000000356168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff5cee968df94412021-12-21 10:28:17.456root 11241100x8000000000000000356169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0777f343d0ac40882021-12-21 10:28:17.456root 11241100x8000000000000000356170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e14da4e0ee305092021-12-21 10:28:17.456root 11241100x8000000000000000356171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec353818946cd5722021-12-21 10:28:17.460root 11241100x8000000000000000356172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029124e56ea0ec922021-12-21 10:28:17.461root 11241100x8000000000000000356173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c56dca917dcec802021-12-21 10:28:17.461root 11241100x8000000000000000356174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe4318347e0a5ca2021-12-21 10:28:17.461root 11241100x8000000000000000356175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50c3e69a4b7c8d82021-12-21 10:28:17.461root 11241100x8000000000000000356176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4b14e67c84d5772021-12-21 10:28:17.461root 11241100x8000000000000000356177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.461{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59907031b77233962021-12-21 10:28:17.461root 11241100x8000000000000000356178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0588e72a3f2337f2021-12-21 10:28:17.462root 11241100x8000000000000000356179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d3c32436dabc4ca2021-12-21 10:28:17.462root 11241100x8000000000000000356180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.462{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177586030b63cab12021-12-21 10:28:17.462root 11241100x8000000000000000356181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4672536eca072b8a2021-12-21 10:28:17.463root 11241100x8000000000000000356182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158e8042602cc6062021-12-21 10:28:17.463root 11241100x8000000000000000356183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc710ae77ec7e5b02021-12-21 10:28:17.463root 11241100x8000000000000000356184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9498ffa3a08f67802021-12-21 10:28:17.463root 11241100x8000000000000000356185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3be912fa40f073362021-12-21 10:28:17.463root 11241100x8000000000000000356186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03b318afa2f28b42021-12-21 10:28:17.463root 11241100x8000000000000000356187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486f1acf73baf4512021-12-21 10:28:17.463root 11241100x8000000000000000356188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66bfe4b13d6df482021-12-21 10:28:17.463root 11241100x8000000000000000356189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5c23819861d0342021-12-21 10:28:17.463root 11241100x8000000000000000356190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20230766b57578682021-12-21 10:28:17.464root 11241100x8000000000000000356191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14952dcd3b9fc86b2021-12-21 10:28:17.464root 11241100x8000000000000000356192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32456da15f881e0c2021-12-21 10:28:17.464root 11241100x8000000000000000356193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3367fd783b12b7e92021-12-21 10:28:17.464root 11241100x8000000000000000356194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d523a62e24948b2021-12-21 10:28:17.464root 11241100x8000000000000000356195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8f256fd80d614c2021-12-21 10:28:17.464root 11241100x8000000000000000356196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a4f67c7900efce2021-12-21 10:28:17.470root 11241100x8000000000000000356197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4772e6fbeca7e73d2021-12-21 10:28:17.470root 11241100x8000000000000000356198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e842a16bf6ff2e0a2021-12-21 10:28:17.470root 11241100x8000000000000000356199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde5c28e508c4bc82021-12-21 10:28:17.470root 11241100x8000000000000000356200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55eda33d55190c92021-12-21 10:28:17.470root 11241100x8000000000000000356201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b25c8cd32d4c0c2021-12-21 10:28:17.471root 11241100x8000000000000000356202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dff2c5a7913e7182021-12-21 10:28:17.471root 11241100x8000000000000000356203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a35b4a8020ebed1e2021-12-21 10:28:17.471root 11241100x8000000000000000356204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86642eca456ad84f2021-12-21 10:28:17.471root 11241100x8000000000000000356205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca8239fcf215a872021-12-21 10:28:17.471root 11241100x8000000000000000356206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.472{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99628fd4bf5d6e42021-12-21 10:28:17.472root 11241100x8000000000000000356207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ede8a3199c690cc2021-12-21 10:28:17.473root 11241100x8000000000000000356208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e495be7e3428068c2021-12-21 10:28:17.474root 11241100x8000000000000000356209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be24c0e4939392462021-12-21 10:28:17.474root 11241100x8000000000000000356210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73e31f2a56ff9c52021-12-21 10:28:17.474root 11241100x8000000000000000356211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea86e72fc7e43f392021-12-21 10:28:17.474root 11241100x8000000000000000356212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a1e5d720fa82132021-12-21 10:28:17.477root 11241100x8000000000000000356213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54ec9ee332b23962021-12-21 10:28:17.477root 11241100x8000000000000000356214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790459cfafc2b6f62021-12-21 10:28:17.477root 11241100x8000000000000000356215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1511cfdaf402e99c2021-12-21 10:28:17.477root 11241100x8000000000000000356216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9100714f3fb486112021-12-21 10:28:17.478root 11241100x8000000000000000356217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8ef6b81897895d2021-12-21 10:28:17.479root 11241100x8000000000000000356218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360836394784f6e02021-12-21 10:28:17.483root 11241100x8000000000000000356219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a82911a5c9905872021-12-21 10:28:17.943root 11241100x8000000000000000356220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23cdc26fa7c29da2021-12-21 10:28:17.943root 11241100x8000000000000000356221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d504d04a2f8c3592021-12-21 10:28:17.943root 11241100x8000000000000000356222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9742becdf5a75ed2021-12-21 10:28:17.944root 11241100x8000000000000000356223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffe3acabd43e4ee42021-12-21 10:28:17.944root 11241100x8000000000000000356224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbf57dc9fdde5872021-12-21 10:28:17.944root 11241100x8000000000000000356225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b841beb67ffeade2021-12-21 10:28:17.944root 11241100x8000000000000000356226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70694c99fc47b6be2021-12-21 10:28:17.944root 11241100x8000000000000000356227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4467ba959814aa52021-12-21 10:28:17.944root 11241100x8000000000000000356228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45406e4c4f5b24cc2021-12-21 10:28:17.944root 11241100x8000000000000000356229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ee37aaefa122002021-12-21 10:28:17.944root 11241100x8000000000000000356230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16bef0da5d669352021-12-21 10:28:17.944root 11241100x8000000000000000356231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f97a7ed69783ba02021-12-21 10:28:17.944root 11241100x8000000000000000356232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431271777656ec422021-12-21 10:28:17.944root 11241100x8000000000000000356233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06114c713427f89f2021-12-21 10:28:17.944root 11241100x8000000000000000356234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4e887ba0838d552021-12-21 10:28:17.944root 11241100x8000000000000000356235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.743eb7302b04f9532021-12-21 10:28:17.945root 11241100x8000000000000000356236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62601dc954e4cc42021-12-21 10:28:17.945root 11241100x8000000000000000356237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f71b9b3080dcff2021-12-21 10:28:17.945root 11241100x8000000000000000356238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e18a44d60fcb3d2021-12-21 10:28:17.945root 11241100x8000000000000000356239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae0653625289a472021-12-21 10:28:17.945root 11241100x8000000000000000356240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c11b381e5acda442021-12-21 10:28:17.945root 11241100x8000000000000000356241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73ffbf9a7d0b79252021-12-21 10:28:17.945root 11241100x8000000000000000356242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.126e27f04c2d4c442021-12-21 10:28:17.945root 11241100x8000000000000000356243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620cec74818fb7dc2021-12-21 10:28:17.945root 11241100x8000000000000000356244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf5731f173edfe42021-12-21 10:28:17.945root 11241100x8000000000000000356245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560530c0cd31f9fd2021-12-21 10:28:17.945root 11241100x8000000000000000356246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d525379e13bfaa2021-12-21 10:28:17.945root 11241100x8000000000000000356247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85185bab3f1752922021-12-21 10:28:17.945root 11241100x8000000000000000356248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4177bac2fdabe5862021-12-21 10:28:17.945root 11241100x8000000000000000356249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c7c3b1f1bdf9762021-12-21 10:28:17.945root 11241100x8000000000000000356250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d487ed16767166a92021-12-21 10:28:17.946root 11241100x8000000000000000356251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94adcdef953077dc2021-12-21 10:28:17.946root 11241100x8000000000000000356252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a6474c5c8d3eb92021-12-21 10:28:17.946root 11241100x8000000000000000356253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.197261855a08046a2021-12-21 10:28:17.946root 11241100x8000000000000000356254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8eae75aafa1b00b2021-12-21 10:28:17.946root 11241100x8000000000000000356255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0462eb59440a745e2021-12-21 10:28:17.946root 11241100x8000000000000000356256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190213179a9dc4332021-12-21 10:28:17.946root 11241100x8000000000000000356257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa8f583e436ebcd2021-12-21 10:28:17.946root 11241100x8000000000000000356258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71efc2fd5b139592021-12-21 10:28:17.946root 11241100x8000000000000000356259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23031bda360f8e32021-12-21 10:28:17.946root 11241100x8000000000000000356260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73a118081c221c52021-12-21 10:28:17.946root 11241100x8000000000000000356261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d2b5b7fe8adff0d2021-12-21 10:28:17.946root 11241100x8000000000000000356262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:17.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89d972f971cbcd992021-12-21 10:28:17.946root 11241100x8000000000000000356263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6cdb579fe3b88c2021-12-21 10:28:18.443root 11241100x8000000000000000356264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d3a38cf74564392021-12-21 10:28:18.443root 11241100x8000000000000000356265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6aab736209200412021-12-21 10:28:18.443root 11241100x8000000000000000356266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4355830616aeb722021-12-21 10:28:18.444root 11241100x8000000000000000356267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cfde58cdb5377f92021-12-21 10:28:18.444root 11241100x8000000000000000356268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48fe7688b0bfb04c2021-12-21 10:28:18.444root 11241100x8000000000000000356269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4f49bca277ecaf2021-12-21 10:28:18.444root 11241100x8000000000000000356270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a1441fcf5516a72021-12-21 10:28:18.444root 11241100x8000000000000000356271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8f6e23f30a815892021-12-21 10:28:18.444root 11241100x8000000000000000356272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.640231720552f65f2021-12-21 10:28:18.444root 11241100x8000000000000000356273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b284173741a0b72021-12-21 10:28:18.445root 11241100x8000000000000000356274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8d12036ac5308c2021-12-21 10:28:18.445root 11241100x8000000000000000356275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1e28eb36940c56e2021-12-21 10:28:18.445root 11241100x8000000000000000356276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd4074de594a5a12021-12-21 10:28:18.445root 11241100x8000000000000000356277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e0a9505d15248e2021-12-21 10:28:18.445root 11241100x8000000000000000356278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439ba331dd52d6752021-12-21 10:28:18.446root 11241100x8000000000000000356279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c484f13a99b925052021-12-21 10:28:18.446root 11241100x8000000000000000356280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454b1876e396a9be2021-12-21 10:28:18.446root 11241100x8000000000000000356281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.849cb44a06c393ff2021-12-21 10:28:18.446root 11241100x8000000000000000356282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f426819e8e378af32021-12-21 10:28:18.446root 11241100x8000000000000000356283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634d16da858b2e782021-12-21 10:28:18.446root 11241100x8000000000000000356284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f815e804dccba16e2021-12-21 10:28:18.446root 11241100x8000000000000000356285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa15e8a7042eeb462021-12-21 10:28:18.446root 11241100x8000000000000000356286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbd3a5b1e3a7d862021-12-21 10:28:18.447root 11241100x8000000000000000356287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386e206989d0f82e2021-12-21 10:28:18.447root 11241100x8000000000000000356288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651df135350409f72021-12-21 10:28:18.447root 11241100x8000000000000000356289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a639f77f95ecea2021-12-21 10:28:18.447root 11241100x8000000000000000356290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a394bbef7d34042021-12-21 10:28:18.447root 11241100x8000000000000000356291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4ef8324fd789262021-12-21 10:28:18.447root 11241100x8000000000000000356292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd584e0b39ab8602021-12-21 10:28:18.447root 11241100x8000000000000000356293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18aedec142027bec2021-12-21 10:28:18.447root 11241100x8000000000000000356294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c8784f2e29029c2021-12-21 10:28:18.448root 11241100x8000000000000000356295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5379ef2e31bec092021-12-21 10:28:18.448root 11241100x8000000000000000356296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11eb51128ddf3f592021-12-21 10:28:18.448root 11241100x8000000000000000356297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a8de2a826d8d7e2021-12-21 10:28:18.448root 11241100x8000000000000000356298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ac55f9c58d193312021-12-21 10:28:18.448root 11241100x8000000000000000356299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c75e1fbdbbb34f2021-12-21 10:28:18.448root 11241100x8000000000000000356300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc46e59fd05c80602021-12-21 10:28:18.449root 11241100x8000000000000000356301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e89a9d7f758076c2021-12-21 10:28:18.449root 11241100x8000000000000000356302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.670252dc5c9de1e22021-12-21 10:28:18.449root 11241100x8000000000000000356303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3e15a71272abe52021-12-21 10:28:18.449root 11241100x8000000000000000356304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faed36354b84c5702021-12-21 10:28:18.449root 11241100x8000000000000000356305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0269c60bb2c0a22021-12-21 10:28:18.449root 11241100x8000000000000000356306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e82158d7b84a472021-12-21 10:28:18.943root 11241100x8000000000000000356307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25aca6daed3532e2021-12-21 10:28:18.943root 11241100x8000000000000000356308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e53d28ad6aa8ce2021-12-21 10:28:18.943root 11241100x8000000000000000356309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509765d9befaf7aa2021-12-21 10:28:18.943root 11241100x8000000000000000356310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2dcbe53795738bf2021-12-21 10:28:18.943root 11241100x8000000000000000356311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604085bb1060ac0a2021-12-21 10:28:18.943root 11241100x8000000000000000356312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9ef73e755c1ccf92021-12-21 10:28:18.944root 11241100x8000000000000000356313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e117e5e30779205b2021-12-21 10:28:18.944root 11241100x8000000000000000356314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41b9579d93914002021-12-21 10:28:18.944root 11241100x8000000000000000356315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c843a2cb357f1ac2021-12-21 10:28:18.944root 11241100x8000000000000000356316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e023edf39228ce302021-12-21 10:28:18.944root 11241100x8000000000000000356317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc4abe21b967a172021-12-21 10:28:18.944root 11241100x8000000000000000356318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c049cbe3f506c92c2021-12-21 10:28:18.945root 11241100x8000000000000000356319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ba1b5e374e78c872021-12-21 10:28:18.945root 11241100x8000000000000000356320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6e69e0897178bc2021-12-21 10:28:18.945root 11241100x8000000000000000356321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d188d089acdef2c2021-12-21 10:28:18.945root 11241100x8000000000000000356322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4838dc9b2375aa662021-12-21 10:28:18.945root 11241100x8000000000000000356323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29743d154d0c4ca02021-12-21 10:28:18.945root 11241100x8000000000000000356324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6ef0ea3973484d2021-12-21 10:28:18.945root 11241100x8000000000000000356325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177c943ed05c1f9e2021-12-21 10:28:18.945root 11241100x8000000000000000356326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121ab98651a209bb2021-12-21 10:28:18.945root 11241100x8000000000000000356327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cb270c4e57dc5592021-12-21 10:28:18.946root 11241100x8000000000000000356328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1e2183b25b76a72021-12-21 10:28:18.946root 11241100x8000000000000000356329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a910e673b8ed16b2021-12-21 10:28:18.946root 11241100x8000000000000000356330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0323219ca6f15622021-12-21 10:28:18.946root 11241100x8000000000000000356331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137c52dc71fbc0222021-12-21 10:28:18.946root 11241100x8000000000000000356332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86c28de307e68832021-12-21 10:28:18.946root 11241100x8000000000000000356333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae469a68ec787a632021-12-21 10:28:18.946root 11241100x8000000000000000356334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5f9d5afa4094702021-12-21 10:28:18.946root 11241100x8000000000000000356335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e4be2b0caecf912021-12-21 10:28:18.947root 11241100x8000000000000000356336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbf206bf114f85b2021-12-21 10:28:18.947root 11241100x8000000000000000356337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b8497e555339d72021-12-21 10:28:18.947root 11241100x8000000000000000356338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcc291720e9c2612021-12-21 10:28:18.947root 11241100x8000000000000000356339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae41d096e709b2b2021-12-21 10:28:18.947root 11241100x8000000000000000356340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e074d8f10e5668b2021-12-21 10:28:18.947root 11241100x8000000000000000356341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1165c3643f33c122021-12-21 10:28:18.947root 11241100x8000000000000000356342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d4fff73fc446cd2021-12-21 10:28:18.947root 11241100x8000000000000000356343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb496061b6abd6ac2021-12-21 10:28:18.947root 11241100x8000000000000000356344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70dcf94bd00b22e22021-12-21 10:28:18.948root 11241100x8000000000000000356345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b491e158243c8752021-12-21 10:28:18.948root 11241100x8000000000000000356346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5f18c701bde92122021-12-21 10:28:18.948root 11241100x8000000000000000356347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64108ee0346b14a2021-12-21 10:28:18.948root 11241100x8000000000000000356348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d23b8a499ff58762021-12-21 10:28:18.948root 11241100x8000000000000000356349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0321f239a1fa0d2021-12-21 10:28:18.948root 11241100x8000000000000000356350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63eb1840e09380f62021-12-21 10:28:18.948root 11241100x8000000000000000356351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88b9499e6da5af2c2021-12-21 10:28:18.948root 11241100x8000000000000000356352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649e81d21526ffbc2021-12-21 10:28:18.948root 11241100x8000000000000000356353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39ea0b0d9026f852021-12-21 10:28:18.948root 11241100x8000000000000000356354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3575b645297057d2021-12-21 10:28:18.948root 11241100x8000000000000000356355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990058b377c50aed2021-12-21 10:28:18.949root 11241100x8000000000000000356356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408902fcebc2fff12021-12-21 10:28:18.949root 11241100x8000000000000000356357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc35530f929220e2021-12-21 10:28:18.949root 11241100x8000000000000000356358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3538dbc1c928c37f2021-12-21 10:28:18.949root 11241100x8000000000000000356359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d75558afe04fdb912021-12-21 10:28:18.949root 11241100x8000000000000000356360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d59b2db371569cd2021-12-21 10:28:18.949root 11241100x8000000000000000356361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f10f8af16c3b2792021-12-21 10:28:18.949root 11241100x8000000000000000356362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6942b6db482bab342021-12-21 10:28:18.949root 11241100x8000000000000000356363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef883ae91ce8fcc52021-12-21 10:28:18.949root 11241100x8000000000000000356364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e1a1b7620eeb3f2021-12-21 10:28:18.950root 11241100x8000000000000000356365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f89e1463b9d3da42021-12-21 10:28:18.950root 11241100x8000000000000000356366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2221c4f3045291c92021-12-21 10:28:18.950root 11241100x8000000000000000356367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4b6e7e4535bac72021-12-21 10:28:18.950root 11241100x8000000000000000356368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e98af3818255182021-12-21 10:28:18.950root 11241100x8000000000000000356369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b64c3a8f0715a312021-12-21 10:28:18.950root 11241100x8000000000000000356370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69903529622d69872021-12-21 10:28:18.950root 11241100x8000000000000000356371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2505dbfc94e23622021-12-21 10:28:18.950root 11241100x8000000000000000356372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5e6f7e2e92e7192021-12-21 10:28:18.950root 11241100x8000000000000000356373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93cb428bed3ad6b02021-12-21 10:28:18.951root 11241100x8000000000000000356374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6df1a35b74ff3062021-12-21 10:28:18.951root 11241100x8000000000000000356375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67671fb91066b7222021-12-21 10:28:18.951root 11241100x8000000000000000356376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3753606a8e2d1a2021-12-21 10:28:18.951root 11241100x8000000000000000356377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b1ba56ed9b166a2021-12-21 10:28:18.951root 11241100x8000000000000000356378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1068ebc931c264c62021-12-21 10:28:18.951root 11241100x8000000000000000356379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef1dda7315736be32021-12-21 10:28:18.951root 11241100x8000000000000000356380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:18.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2621ad06a65d5f2021-12-21 10:28:18.951root 154100x8000000000000000356381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.034{ec2b6afe-ac43-61c1-1010-508fed550000}5701/bin/touch-----touch mod_sudoer.sh/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash-bashubuntu 11241100x8000000000000000356382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.035{ec2b6afe-ac43-61c1-1010-508fed550000}5701/bin/touch/home/ubuntu/mod_sudoer.sh2021-12-21 10:28:19.035ubuntu 534500x8000000000000000356383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.035{ec2b6afe-ac43-61c1-1010-508fed550000}5701/bin/touchubuntu 11241100x8000000000000000356384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c2421cee001e5102021-12-21 10:28:19.443root 11241100x8000000000000000356385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94e79d9b407afd92021-12-21 10:28:19.443root 11241100x8000000000000000356386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1bb32609b672afa2021-12-21 10:28:19.443root 11241100x8000000000000000356387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e644c867739468a2021-12-21 10:28:19.443root 11241100x8000000000000000356388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5387e77e1b995f1e2021-12-21 10:28:19.443root 11241100x8000000000000000356389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dda453d6815e4302021-12-21 10:28:19.443root 11241100x8000000000000000356390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d99c949791a86ed2021-12-21 10:28:19.443root 11241100x8000000000000000356391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53c0c488b3592bf2021-12-21 10:28:19.443root 11241100x8000000000000000356392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0edc3f686f44a5472021-12-21 10:28:19.444root 11241100x8000000000000000356393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a77e634ea8961192021-12-21 10:28:19.444root 11241100x8000000000000000356394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc37e9eeec0bc4b72021-12-21 10:28:19.444root 11241100x8000000000000000356395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c17cd9e25ef74502021-12-21 10:28:19.444root 11241100x8000000000000000356396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7aeeb7dff07d622021-12-21 10:28:19.444root 11241100x8000000000000000356397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72bbe29a98c71322021-12-21 10:28:19.444root 11241100x8000000000000000356398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9eb62fd49f32372021-12-21 10:28:19.444root 11241100x8000000000000000356399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f25310f63605690b2021-12-21 10:28:19.444root 11241100x8000000000000000356400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a06c8075884b9e4a2021-12-21 10:28:19.444root 11241100x8000000000000000356401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.781b71608367b9512021-12-21 10:28:19.444root 11241100x8000000000000000356402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e6f5dcf8ea90f52021-12-21 10:28:19.445root 11241100x8000000000000000356403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d24cf383ae434f12021-12-21 10:28:19.445root 11241100x8000000000000000356404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c596c5dd0d4bc0b2021-12-21 10:28:19.445root 11241100x8000000000000000356405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235dff3331ce351c2021-12-21 10:28:19.445root 11241100x8000000000000000356406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cabae4ffa1c0c482021-12-21 10:28:19.445root 11241100x8000000000000000356407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b8d7c34b80e5bb2021-12-21 10:28:19.445root 11241100x8000000000000000356408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78253429149dc78e2021-12-21 10:28:19.445root 11241100x8000000000000000356409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a8e6dd0393693a2021-12-21 10:28:19.445root 11241100x8000000000000000356410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5320aaac2f290d182021-12-21 10:28:19.445root 11241100x8000000000000000356411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917df36a882d88e12021-12-21 10:28:19.445root 11241100x8000000000000000356412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a611aa163e4803ea2021-12-21 10:28:19.445root 11241100x8000000000000000356413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a428a77a901f8f22021-12-21 10:28:19.446root 11241100x8000000000000000356414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f9e1477f571d1c62021-12-21 10:28:19.446root 11241100x8000000000000000356415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a706b87358a0ec2021-12-21 10:28:19.446root 11241100x8000000000000000356416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a6e5bab65a47ca2021-12-21 10:28:19.446root 11241100x8000000000000000356417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad22ada08135b382021-12-21 10:28:19.446root 11241100x8000000000000000356418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b7d3631260823f2021-12-21 10:28:19.446root 11241100x8000000000000000356419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26129ac8081c04ed2021-12-21 10:28:19.446root 11241100x8000000000000000356420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa1b4228ee40e972021-12-21 10:28:19.446root 11241100x8000000000000000356421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8e4284e9c2c5392021-12-21 10:28:19.447root 11241100x8000000000000000356422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24fa9f55a2be7bd2021-12-21 10:28:19.447root 11241100x8000000000000000356423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e62b190940e3a3e2021-12-21 10:28:19.447root 11241100x8000000000000000356424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5626e628250966a2021-12-21 10:28:19.447root 11241100x8000000000000000356425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8017248011462c12021-12-21 10:28:19.447root 11241100x8000000000000000356426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34885ca4085da6052021-12-21 10:28:19.447root 11241100x8000000000000000356427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650cde09cf893f492021-12-21 10:28:19.448root 11241100x8000000000000000356428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3263d2904a75ee42021-12-21 10:28:19.448root 11241100x8000000000000000356429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399372772bbdae312021-12-21 10:28:19.448root 11241100x8000000000000000356430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e0a1cefbcda5462021-12-21 10:28:19.448root 11241100x8000000000000000356431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e18d8a015c24cf2021-12-21 10:28:19.448root 11241100x8000000000000000356432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b839f254a6a83312021-12-21 10:28:19.448root 11241100x8000000000000000356433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b05676e21c676172021-12-21 10:28:19.448root 11241100x8000000000000000356434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf728497c11710f12021-12-21 10:28:19.448root 11241100x8000000000000000356435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0cba272b8aba0c32021-12-21 10:28:19.448root 11241100x8000000000000000356436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31240451fedfcb4b2021-12-21 10:28:19.448root 11241100x8000000000000000356437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d17263c5ffac312021-12-21 10:28:19.449root 11241100x8000000000000000356438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc7dee7ce72a2d52021-12-21 10:28:19.449root 11241100x8000000000000000356439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601cd96e4fe3a5502021-12-21 10:28:19.449root 11241100x8000000000000000356440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bc4da3c80067d622021-12-21 10:28:19.449root 11241100x8000000000000000356441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9cf30e034f66812021-12-21 10:28:19.449root 11241100x8000000000000000356442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8709f6c5cc59b6a2021-12-21 10:28:19.449root 11241100x8000000000000000356443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2f307cd869a8c12021-12-21 10:28:19.449root 11241100x8000000000000000356444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c90a3860cc4edbb2021-12-21 10:28:19.449root 11241100x8000000000000000356445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22064618ea408e072021-12-21 10:28:19.449root 11241100x8000000000000000356446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfe2476902b8cd982021-12-21 10:28:19.943root 11241100x8000000000000000356447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.956414ba6c86a23c2021-12-21 10:28:19.943root 11241100x8000000000000000356448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d227f9b999f2337d2021-12-21 10:28:19.943root 11241100x8000000000000000356449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73923ce168f6dfe22021-12-21 10:28:19.944root 11241100x8000000000000000356450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c53f4a19aec47a2021-12-21 10:28:19.944root 11241100x8000000000000000356451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2d5a68ae7a5b682021-12-21 10:28:19.944root 11241100x8000000000000000356452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a46462c3d740fd2021-12-21 10:28:19.944root 11241100x8000000000000000356453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20124a9f91860ac02021-12-21 10:28:19.944root 11241100x8000000000000000356454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a5cb12a4ff25e82021-12-21 10:28:19.944root 11241100x8000000000000000356455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8913312c6a3c4b72021-12-21 10:28:19.945root 11241100x8000000000000000356456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d395c1b83223a32021-12-21 10:28:19.945root 11241100x8000000000000000356457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695317512b8704022021-12-21 10:28:19.945root 11241100x8000000000000000356458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54d296d69deeaaf2021-12-21 10:28:19.945root 11241100x8000000000000000356459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37998477a54aacd92021-12-21 10:28:19.945root 11241100x8000000000000000356460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ea9fb882a4073a2021-12-21 10:28:19.945root 11241100x8000000000000000356461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06fa9f181155dce52021-12-21 10:28:19.945root 11241100x8000000000000000356462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e475a5af508f4a12021-12-21 10:28:19.945root 11241100x8000000000000000356463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a3af665e59816b2021-12-21 10:28:19.945root 11241100x8000000000000000356464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0f210b662e99202021-12-21 10:28:19.945root 11241100x8000000000000000356465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b92694d72b41cfb2021-12-21 10:28:19.946root 11241100x8000000000000000356466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9fc3e5613787da32021-12-21 10:28:19.946root 11241100x8000000000000000356467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8d6094c305d1432021-12-21 10:28:19.946root 11241100x8000000000000000356468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3d9228d04920b42021-12-21 10:28:19.946root 11241100x8000000000000000356469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69e0608c83cc912a2021-12-21 10:28:19.946root 11241100x8000000000000000356470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97bb5cf72eb37b632021-12-21 10:28:19.946root 11241100x8000000000000000356471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37372d6425e34592021-12-21 10:28:19.946root 11241100x8000000000000000356472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebdde157907e9f452021-12-21 10:28:19.946root 11241100x8000000000000000356473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a34633d4b080b42021-12-21 10:28:19.946root 11241100x8000000000000000356474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542d03092aefe62e2021-12-21 10:28:19.946root 11241100x8000000000000000356475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121bca2f4228c9c42021-12-21 10:28:19.946root 11241100x8000000000000000356476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c889c536e5dd342a2021-12-21 10:28:19.947root 11241100x8000000000000000356477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23690d55b1b14002021-12-21 10:28:19.947root 11241100x8000000000000000356478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221c024469dfc4052021-12-21 10:28:19.947root 11241100x8000000000000000356479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1364715e3dea99cf2021-12-21 10:28:19.947root 11241100x8000000000000000356480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0019c8f354405a9f2021-12-21 10:28:19.947root 11241100x8000000000000000356481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b5177a0a9387842021-12-21 10:28:19.947root 11241100x8000000000000000356482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a45d2b37a2a2da2021-12-21 10:28:19.947root 11241100x8000000000000000356483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fdcf7eae3a63ebb2021-12-21 10:28:19.947root 11241100x8000000000000000356484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1373be8eaed5ef72021-12-21 10:28:19.947root 11241100x8000000000000000356485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e3895fb6af7bb42021-12-21 10:28:19.947root 11241100x8000000000000000356486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d306785f318b33a42021-12-21 10:28:19.948root 11241100x8000000000000000356487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3add209fe1e15632021-12-21 10:28:19.948root 11241100x8000000000000000356488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e001d0d56d0f1082021-12-21 10:28:19.948root 11241100x8000000000000000356489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17f4b31f3ede7bf42021-12-21 10:28:19.948root 11241100x8000000000000000356490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289cb50553838d4a2021-12-21 10:28:19.948root 11241100x8000000000000000356491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ec59d48c0c68ba2021-12-21 10:28:19.948root 11241100x8000000000000000356492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f534bd9de8c9c272021-12-21 10:28:19.948root 11241100x8000000000000000356493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8591c19645bdec2021-12-21 10:28:19.948root 11241100x8000000000000000356494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888ee8bee53465022021-12-21 10:28:19.948root 11241100x8000000000000000356495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0902bbd6ebe2f1322021-12-21 10:28:19.948root 11241100x8000000000000000356496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b935844167d5992021-12-21 10:28:19.948root 11241100x8000000000000000356497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c7e058b15a70012021-12-21 10:28:19.948root 11241100x8000000000000000356498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab4f1689e124350c2021-12-21 10:28:19.949root 11241100x8000000000000000356499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b807ef970887c0e2021-12-21 10:28:19.949root 11241100x8000000000000000356500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8dcf5029e1232e2021-12-21 10:28:19.949root 11241100x8000000000000000356501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c24f1ce909a2792021-12-21 10:28:19.949root 11241100x8000000000000000356502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937edc62054e71e42021-12-21 10:28:19.949root 11241100x8000000000000000356503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e2cfa5cc6879382021-12-21 10:28:19.949root 11241100x8000000000000000356504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80bb7818651f89ad2021-12-21 10:28:19.949root 11241100x8000000000000000356505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c0597033614d9c2021-12-21 10:28:19.949root 11241100x8000000000000000356506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f2b0b91fa9003e2021-12-21 10:28:19.949root 11241100x8000000000000000356507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4aa5ebced54e4c2021-12-21 10:28:19.949root 11241100x8000000000000000356508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f0d1b2132fb0452021-12-21 10:28:19.949root 11241100x8000000000000000356509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf89d37d21af9dd2021-12-21 10:28:19.949root 11241100x8000000000000000356510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8613b98dc5cc563f2021-12-21 10:28:19.950root 11241100x8000000000000000356511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5e178afa6fa71842021-12-21 10:28:19.950root 11241100x8000000000000000356512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1029610f5c146ab22021-12-21 10:28:19.950root 11241100x8000000000000000356513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c918b5379c6206992021-12-21 10:28:19.950root 11241100x8000000000000000356514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:19.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8906b2877efa210a2021-12-21 10:28:19.950root 11241100x8000000000000000356515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c8ada4a4e9d6f62021-12-21 10:28:20.443root 11241100x8000000000000000356516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341c03bc0a65dc502021-12-21 10:28:20.443root 11241100x8000000000000000356517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d780a56bdc2c90c92021-12-21 10:28:20.443root 11241100x8000000000000000356518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d43cd75299aad62021-12-21 10:28:20.443root 11241100x8000000000000000356519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a925a3ffa06e0e2021-12-21 10:28:20.443root 11241100x8000000000000000356520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.845d44f5477c7a662021-12-21 10:28:20.443root 11241100x8000000000000000356521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bccc859002474c72021-12-21 10:28:20.443root 11241100x8000000000000000356522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1db32a9edd093dc2021-12-21 10:28:20.443root 11241100x8000000000000000356523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12174665db02b55c2021-12-21 10:28:20.444root 11241100x8000000000000000356524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a70d96dfe5d42a742021-12-21 10:28:20.444root 11241100x8000000000000000356525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d83ecc8098cf3c52021-12-21 10:28:20.444root 11241100x8000000000000000356526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ac140991cd952732021-12-21 10:28:20.444root 11241100x8000000000000000356527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96195acb29e0a3c92021-12-21 10:28:20.444root 11241100x8000000000000000356528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e46f342e439c5a2021-12-21 10:28:20.444root 11241100x8000000000000000356529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd2b0b64eb602ab2021-12-21 10:28:20.444root 11241100x8000000000000000356530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5747c7e239e2a3f32021-12-21 10:28:20.444root 11241100x8000000000000000356531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b17a908d55ddab22021-12-21 10:28:20.444root 11241100x8000000000000000356532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef19d7dda597a5f42021-12-21 10:28:20.444root 11241100x8000000000000000356533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4034db813c024b2021-12-21 10:28:20.445root 11241100x8000000000000000356534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d99ea53ea7a70bb2021-12-21 10:28:20.445root 11241100x8000000000000000356535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9d3d8957b651832021-12-21 10:28:20.445root 11241100x8000000000000000356536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7666a78281fb9e2021-12-21 10:28:20.445root 11241100x8000000000000000356537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f86a2c248a7f7b2021-12-21 10:28:20.445root 11241100x8000000000000000356538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12cecb0c1d9252112021-12-21 10:28:20.445root 11241100x8000000000000000356539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40e81e00d76ade72021-12-21 10:28:20.445root 11241100x8000000000000000356540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d5f5fa628b868672021-12-21 10:28:20.445root 11241100x8000000000000000356541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f32fdd16ce8fc42021-12-21 10:28:20.445root 11241100x8000000000000000356542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3515adddca91d6972021-12-21 10:28:20.446root 11241100x8000000000000000356543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac90d7b113a1647e2021-12-21 10:28:20.446root 11241100x8000000000000000356544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c2694f90485813b2021-12-21 10:28:20.446root 11241100x8000000000000000356545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d99eb9419ac4c62021-12-21 10:28:20.446root 11241100x8000000000000000356546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a664cacbe11a55762021-12-21 10:28:20.446root 11241100x8000000000000000356547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217c532114f887f42021-12-21 10:28:20.446root 11241100x8000000000000000356548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b152d3b7455181a72021-12-21 10:28:20.446root 11241100x8000000000000000356549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b8e44f9bc955b5c2021-12-21 10:28:20.446root 11241100x8000000000000000356550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac81e121871d5de2021-12-21 10:28:20.447root 11241100x8000000000000000356551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0855191b80fb6ffa2021-12-21 10:28:20.447root 11241100x8000000000000000356552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864a1675d5f28c302021-12-21 10:28:20.447root 11241100x8000000000000000356553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a85ea6c46465012021-12-21 10:28:20.447root 11241100x8000000000000000356554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9490395305f9152021-12-21 10:28:20.447root 11241100x8000000000000000356555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c91cea9a1035e02021-12-21 10:28:20.447root 11241100x8000000000000000356556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20cd2630d692c152021-12-21 10:28:20.447root 11241100x8000000000000000356557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5176257ee81e1c32021-12-21 10:28:20.448root 11241100x8000000000000000356558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9af55951935c63602021-12-21 10:28:20.448root 11241100x8000000000000000356559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.771f8c7c9d3eb3d62021-12-21 10:28:20.448root 11241100x8000000000000000356560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dae4aed33eecedd2021-12-21 10:28:20.448root 11241100x8000000000000000356561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4fbc342d5a6794e2021-12-21 10:28:20.448root 11241100x8000000000000000356562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.560dd4ca8091df7a2021-12-21 10:28:20.448root 11241100x8000000000000000356563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b099a24d0016e0a02021-12-21 10:28:20.449root 11241100x8000000000000000356564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec257353d51c7052021-12-21 10:28:20.449root 11241100x8000000000000000356565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cea8b72d788ace12021-12-21 10:28:20.449root 11241100x8000000000000000356566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c590a511bcfd560b2021-12-21 10:28:20.449root 11241100x8000000000000000356567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee26e526475d6802021-12-21 10:28:20.449root 11241100x8000000000000000356568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55a74257a91c49d2021-12-21 10:28:20.450root 11241100x8000000000000000356569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a58f8dcb30e6a2a2021-12-21 10:28:20.450root 11241100x8000000000000000356570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a512eaae982f1322021-12-21 10:28:20.450root 11241100x8000000000000000356571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23970d50ebb71af72021-12-21 10:28:20.451root 11241100x8000000000000000356572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b0c755dd69779942021-12-21 10:28:20.451root 11241100x8000000000000000356573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe26686a044d3af42021-12-21 10:28:20.451root 11241100x8000000000000000356574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d59aadbcc980c412021-12-21 10:28:20.452root 11241100x8000000000000000356575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b92535b19e9c1372021-12-21 10:28:20.452root 11241100x8000000000000000356576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe62313b18841d372021-12-21 10:28:20.452root 11241100x8000000000000000356577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b263ef07fb1edd2021-12-21 10:28:20.452root 11241100x8000000000000000356578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4be7041202a5592021-12-21 10:28:20.453root 11241100x8000000000000000356579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c3865242de8dce2021-12-21 10:28:20.453root 11241100x8000000000000000356580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13cdad63b7284a62021-12-21 10:28:20.453root 11241100x8000000000000000356581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174c470a4d54ad4a2021-12-21 10:28:20.453root 11241100x8000000000000000356582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ade5d8fd92be6c2021-12-21 10:28:20.453root 11241100x8000000000000000356583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e15545987f7a942021-12-21 10:28:20.454root 11241100x8000000000000000356584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d88e4c59a7ded92021-12-21 10:28:20.454root 11241100x8000000000000000356585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcdf0d31e41112c2021-12-21 10:28:20.454root 11241100x8000000000000000356586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9ec9bac838ada62021-12-21 10:28:20.454root 11241100x8000000000000000356587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3296b9bd76c223b2021-12-21 10:28:20.454root 11241100x8000000000000000356588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a8567ebcef63b12021-12-21 10:28:20.454root 11241100x8000000000000000356589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.369f5515fcbb6aec2021-12-21 10:28:20.455root 11241100x8000000000000000356590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6ee40af36cedeb2021-12-21 10:28:20.455root 11241100x8000000000000000356591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b90c2bb85cd22d2021-12-21 10:28:20.455root 11241100x8000000000000000356592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8809a7c9ba742a2021-12-21 10:28:20.455root 11241100x8000000000000000356593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d053542efd0fd15a2021-12-21 10:28:20.455root 11241100x8000000000000000356594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf1093faa3e55362021-12-21 10:28:20.455root 11241100x8000000000000000356595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b785b8b032b6b12021-12-21 10:28:20.456root 11241100x8000000000000000356596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dca188cf6c618802021-12-21 10:28:20.943root 11241100x8000000000000000356597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d745c80763c0871c2021-12-21 10:28:20.943root 11241100x8000000000000000356598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a68aa6decbe8a12021-12-21 10:28:20.943root 11241100x8000000000000000356599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c91d17652924c22021-12-21 10:28:20.943root 11241100x8000000000000000356600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21cce7555755c2292021-12-21 10:28:20.944root 11241100x8000000000000000356601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c674491cc3cac8452021-12-21 10:28:20.944root 11241100x8000000000000000356602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2816eb339ee1efb42021-12-21 10:28:20.944root 11241100x8000000000000000356603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d56b003fdc351392021-12-21 10:28:20.944root 11241100x8000000000000000356604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff75b73e10ff4e62021-12-21 10:28:20.944root 11241100x8000000000000000356605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31fad9e1f3f76442021-12-21 10:28:20.944root 11241100x8000000000000000356606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e1ee50479e753d52021-12-21 10:28:20.945root 11241100x8000000000000000356607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739eb51aebfe35702021-12-21 10:28:20.945root 11241100x8000000000000000356608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0e70d13835b0d72021-12-21 10:28:20.945root 11241100x8000000000000000356609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4534b7b209229cf2021-12-21 10:28:20.945root 11241100x8000000000000000356610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de302481984d05c2021-12-21 10:28:20.945root 11241100x8000000000000000356611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d02373552ccad2112021-12-21 10:28:20.945root 11241100x8000000000000000356612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4597bb3af56dfb6f2021-12-21 10:28:20.945root 11241100x8000000000000000356613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fad667fac06846e92021-12-21 10:28:20.945root 11241100x8000000000000000356614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea1b2de03a3c20052021-12-21 10:28:20.945root 11241100x8000000000000000356615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004289e6cf2c8bee2021-12-21 10:28:20.945root 11241100x8000000000000000356616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963956733256336a2021-12-21 10:28:20.946root 11241100x8000000000000000356617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04af5ae2927367f2021-12-21 10:28:20.946root 11241100x8000000000000000356618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce16ef275ddc42d2021-12-21 10:28:20.946root 11241100x8000000000000000356619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68b23b19d0b624562021-12-21 10:28:20.946root 11241100x8000000000000000356620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0864680467715b2021-12-21 10:28:20.946root 11241100x8000000000000000356621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0f0832a2504db42021-12-21 10:28:20.946root 11241100x8000000000000000356622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1626eb363e37734d2021-12-21 10:28:20.946root 11241100x8000000000000000356623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e062da676f44ec32021-12-21 10:28:20.946root 11241100x8000000000000000356624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94a2ce8ba07c7c8e2021-12-21 10:28:20.946root 11241100x8000000000000000356625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b75434fea05c0bda2021-12-21 10:28:20.946root 11241100x8000000000000000356626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce73d4255ad33b612021-12-21 10:28:20.947root 11241100x8000000000000000356627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b862c9ede18de9a2021-12-21 10:28:20.947root 11241100x8000000000000000356628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6468be88cd57c612021-12-21 10:28:20.947root 11241100x8000000000000000356629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff4a533d2c3b39c2021-12-21 10:28:20.947root 11241100x8000000000000000356630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e435e9e6843c95b2021-12-21 10:28:20.948root 11241100x8000000000000000356631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f270fba59484d7702021-12-21 10:28:20.948root 11241100x8000000000000000356632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3e69e19b20ebbc2021-12-21 10:28:20.948root 11241100x8000000000000000356633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f565c5c97062e2a2021-12-21 10:28:20.948root 11241100x8000000000000000356634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaae5e69ffbc765b2021-12-21 10:28:20.949root 11241100x8000000000000000356635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f1aff078d29f2c2021-12-21 10:28:20.949root 11241100x8000000000000000356636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dcd37a3a59179652021-12-21 10:28:20.949root 11241100x8000000000000000356637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdde90c68d51bb292021-12-21 10:28:20.949root 11241100x8000000000000000356638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eb1ff8f6bf1fa5e2021-12-21 10:28:20.949root 11241100x8000000000000000356639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2944ced27744550f2021-12-21 10:28:20.949root 11241100x8000000000000000356640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe561632d048dd82021-12-21 10:28:20.949root 11241100x8000000000000000356641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cfab178badfa4f82021-12-21 10:28:20.950root 11241100x8000000000000000356642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d90a27ce1ec671872021-12-21 10:28:20.950root 11241100x8000000000000000356643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec9f515c36048082021-12-21 10:28:20.950root 11241100x8000000000000000356644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e84ba891679e8e2021-12-21 10:28:20.950root 11241100x8000000000000000356645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa68e29fe097ee52021-12-21 10:28:20.950root 11241100x8000000000000000356646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049daa43621f18f42021-12-21 10:28:20.950root 11241100x8000000000000000356647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d5469cb04b992f2021-12-21 10:28:20.950root 11241100x8000000000000000356648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6e5aef7425aa0532021-12-21 10:28:20.950root 11241100x8000000000000000356649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b905129e7c6e19182021-12-21 10:28:20.950root 11241100x8000000000000000356650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:20.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530f1dccf45e1b542021-12-21 10:28:20.950root 11241100x8000000000000000356651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0173054203fa2e232021-12-21 10:28:21.443root 11241100x8000000000000000356652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c20947ad87c4a1992021-12-21 10:28:21.443root 11241100x8000000000000000356653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453a52f9a30a19e72021-12-21 10:28:21.443root 11241100x8000000000000000356654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dca568a7ef0b1c52021-12-21 10:28:21.443root 11241100x8000000000000000356655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433388aaed6513472021-12-21 10:28:21.444root 11241100x8000000000000000356656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98328b602747aa442021-12-21 10:28:21.444root 11241100x8000000000000000356657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822ddd9439fbf4962021-12-21 10:28:21.444root 11241100x8000000000000000356658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf14600c1a1118012021-12-21 10:28:21.444root 11241100x8000000000000000356659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c4a028b4db60502021-12-21 10:28:21.444root 11241100x8000000000000000356660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77dfecf6f49f43de2021-12-21 10:28:21.444root 11241100x8000000000000000356661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985b05632d4ba41a2021-12-21 10:28:21.445root 11241100x8000000000000000356662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c56ab3e4ca8375922021-12-21 10:28:21.445root 11241100x8000000000000000356663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33e3900eca57fdf52021-12-21 10:28:21.445root 11241100x8000000000000000356664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dbe52f0286a1a8e2021-12-21 10:28:21.445root 11241100x8000000000000000356665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67168d8c5696ca232021-12-21 10:28:21.445root 11241100x8000000000000000356666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.659cf48db729c2062021-12-21 10:28:21.445root 11241100x8000000000000000356667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1297aec1bcaf76c72021-12-21 10:28:21.445root 11241100x8000000000000000356668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d47090636107b8fa2021-12-21 10:28:21.446root 11241100x8000000000000000356669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c45db99d961024a2021-12-21 10:28:21.446root 11241100x8000000000000000356670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6899cceafa746d2021-12-21 10:28:21.446root 11241100x8000000000000000356671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c0e71ad024d5df52021-12-21 10:28:21.446root 11241100x8000000000000000356672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f1bb506519013f2021-12-21 10:28:21.446root 11241100x8000000000000000356673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e527636e0eb639592021-12-21 10:28:21.447root 11241100x8000000000000000356674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8d27363d68755a2021-12-21 10:28:21.447root 11241100x8000000000000000356675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6686fe19aa1684402021-12-21 10:28:21.447root 11241100x8000000000000000356676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b619da3648afed532021-12-21 10:28:21.447root 11241100x8000000000000000356677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41876f1a51c32e712021-12-21 10:28:21.448root 11241100x8000000000000000356678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba573239dd28bb4a2021-12-21 10:28:21.448root 11241100x8000000000000000356679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b38d7284015f26f2021-12-21 10:28:21.448root 11241100x8000000000000000356680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c61f1f44ff906f8b2021-12-21 10:28:21.449root 11241100x8000000000000000356681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafacc6d6d54fe282021-12-21 10:28:21.449root 11241100x8000000000000000356682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1c5d149e5b478c2021-12-21 10:28:21.449root 11241100x8000000000000000356683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a0efd43d6f89052021-12-21 10:28:21.449root 11241100x8000000000000000356684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.933659c2ed195e252021-12-21 10:28:21.450root 11241100x8000000000000000356685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5b37498bab84312021-12-21 10:28:21.451root 11241100x8000000000000000356686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3156001bcb795a9f2021-12-21 10:28:21.451root 11241100x8000000000000000356687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d19db88e21fd0d82021-12-21 10:28:21.451root 11241100x8000000000000000356688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0615514f6c3c47ad2021-12-21 10:28:21.451root 11241100x8000000000000000356689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e639ce974d7ed9ea2021-12-21 10:28:21.452root 11241100x8000000000000000356690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6094d687d197db2021-12-21 10:28:21.452root 11241100x8000000000000000356691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e725583bf4722d842021-12-21 10:28:21.452root 11241100x8000000000000000356692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.498574d97220d65a2021-12-21 10:28:21.452root 11241100x8000000000000000356693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a88cdf339a4bb1872021-12-21 10:28:21.452root 11241100x8000000000000000356694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fff807cd5380f572021-12-21 10:28:21.452root 11241100x8000000000000000356695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99df66b76957f1e62021-12-21 10:28:21.452root 11241100x8000000000000000356696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6606f142350c7312021-12-21 10:28:21.453root 11241100x8000000000000000356697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcab5f2d4f83ce72021-12-21 10:28:21.453root 11241100x8000000000000000356698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785642d6ccc75b112021-12-21 10:28:21.453root 11241100x8000000000000000356699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2112954f7610f8142021-12-21 10:28:21.453root 11241100x8000000000000000356700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf89ab3891b66d4a2021-12-21 10:28:21.454root 11241100x8000000000000000356701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc08e6eb6590f1352021-12-21 10:28:21.454root 11241100x8000000000000000356702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1ad0a858d15054b2021-12-21 10:28:21.454root 11241100x8000000000000000356703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145f46c692a266da2021-12-21 10:28:21.454root 11241100x8000000000000000356704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.154401db4e619d312021-12-21 10:28:21.455root 11241100x8000000000000000356705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545a26e6754353e52021-12-21 10:28:21.455root 11241100x8000000000000000356706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b598479ce802f49e2021-12-21 10:28:21.455root 11241100x8000000000000000356707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685fb2c45deab9192021-12-21 10:28:21.455root 11241100x8000000000000000356708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1d2637468720e1a2021-12-21 10:28:21.455root 11241100x8000000000000000356709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f5fe389a52387e2021-12-21 10:28:21.456root 11241100x8000000000000000356710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6836f462fb24572021-12-21 10:28:21.456root 11241100x8000000000000000356711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5522fb5063ab1e32021-12-21 10:28:21.456root 11241100x8000000000000000356712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486b90f993a9f9a62021-12-21 10:28:21.456root 11241100x8000000000000000356713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ddf9af4a85e22a2021-12-21 10:28:21.943root 11241100x8000000000000000356714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2d93e7d5430308e2021-12-21 10:28:21.943root 11241100x8000000000000000356715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6060e870f5470192021-12-21 10:28:21.943root 11241100x8000000000000000356716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a31536efcc5b292021-12-21 10:28:21.943root 11241100x8000000000000000356717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f26ac36cd52566c2021-12-21 10:28:21.943root 11241100x8000000000000000356718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05959bf8614b9bc42021-12-21 10:28:21.943root 11241100x8000000000000000356719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157c9d9ece47ec4d2021-12-21 10:28:21.943root 11241100x8000000000000000356720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ba03baf20c424e2021-12-21 10:28:21.943root 11241100x8000000000000000356721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6df17f25201d42c2021-12-21 10:28:21.944root 11241100x8000000000000000356722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e271f895dfd4730e2021-12-21 10:28:21.944root 11241100x8000000000000000356723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d32d4cca1e83492021-12-21 10:28:21.944root 11241100x8000000000000000356724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6974cc43eb00b222021-12-21 10:28:21.944root 11241100x8000000000000000356725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b87b829fad8ece2021-12-21 10:28:21.944root 11241100x8000000000000000356726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9aecde06ed5e9cf2021-12-21 10:28:21.944root 11241100x8000000000000000356727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d0afd44c2d48fc42021-12-21 10:28:21.944root 11241100x8000000000000000356728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef32c29717e410582021-12-21 10:28:21.944root 11241100x8000000000000000356729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82a0dbdbb7564f52021-12-21 10:28:21.944root 11241100x8000000000000000356730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f3a0ea3cd86dc72021-12-21 10:28:21.944root 11241100x8000000000000000356731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.194202a4d283a87a2021-12-21 10:28:21.944root 11241100x8000000000000000356732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f3b26774370ede2021-12-21 10:28:21.944root 11241100x8000000000000000356733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7701c2328059f9c12021-12-21 10:28:21.945root 11241100x8000000000000000356734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1dc0d8dd7bab902021-12-21 10:28:21.945root 11241100x8000000000000000356735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3d19ba92e081592021-12-21 10:28:21.945root 11241100x8000000000000000356736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ec31ead1fa1efa2021-12-21 10:28:21.945root 11241100x8000000000000000356737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95a474476b0a9e892021-12-21 10:28:21.945root 11241100x8000000000000000356738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f910aba12eab07432021-12-21 10:28:21.945root 11241100x8000000000000000356739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8fe774fa30e3642021-12-21 10:28:21.945root 11241100x8000000000000000356740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0123a117a2ddbe362021-12-21 10:28:21.945root 11241100x8000000000000000356741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fd40ca54edacd982021-12-21 10:28:21.945root 11241100x8000000000000000356742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec1a0426411ad772021-12-21 10:28:21.945root 11241100x8000000000000000356743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa94fcfa4bdce1672021-12-21 10:28:21.945root 11241100x8000000000000000356744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd436d1072a0d6472021-12-21 10:28:21.946root 11241100x8000000000000000356745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c99123e539cae782021-12-21 10:28:21.946root 11241100x8000000000000000356746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917d5b7b9c06f28d2021-12-21 10:28:21.946root 11241100x8000000000000000356747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5388e96d91936a822021-12-21 10:28:21.946root 11241100x8000000000000000356748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106e36775608a9d92021-12-21 10:28:21.946root 11241100x8000000000000000356749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d42184ede046d42021-12-21 10:28:21.946root 11241100x8000000000000000356750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20e7bb8023aafd72021-12-21 10:28:21.947root 11241100x8000000000000000356751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.145b6db1433836ba2021-12-21 10:28:21.947root 11241100x8000000000000000356752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ef280b1000ffb52021-12-21 10:28:21.947root 11241100x8000000000000000356753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439e9a7e5c0824742021-12-21 10:28:21.948root 11241100x8000000000000000356754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4676c3e774a12d9c2021-12-21 10:28:21.948root 11241100x8000000000000000356755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aece0eaf733ac062021-12-21 10:28:21.948root 11241100x8000000000000000356756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e63472a44e063c2021-12-21 10:28:21.948root 11241100x8000000000000000356757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ea10fabb8bba132021-12-21 10:28:21.948root 11241100x8000000000000000356758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2af3fc92a04da9f2021-12-21 10:28:21.948root 11241100x8000000000000000356759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adecb026156441d32021-12-21 10:28:21.949root 11241100x8000000000000000356760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f56ec5aaf981f62021-12-21 10:28:21.949root 11241100x8000000000000000356761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53c7af8adf8fe3e2021-12-21 10:28:21.949root 11241100x8000000000000000356762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a768f9509fdaa3af2021-12-21 10:28:21.949root 11241100x8000000000000000356763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a58497c453bb1402021-12-21 10:28:21.949root 11241100x8000000000000000356764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234207fbc3c77b392021-12-21 10:28:21.949root 11241100x8000000000000000356765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bea79f309867c0d2021-12-21 10:28:21.949root 11241100x8000000000000000356766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba09143857f669e2021-12-21 10:28:21.949root 11241100x8000000000000000356767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eeb03dc8bb885532021-12-21 10:28:21.949root 11241100x8000000000000000356768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf03ce9d944a0ad2021-12-21 10:28:21.949root 11241100x8000000000000000356769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84fdea63ce6cb7ea2021-12-21 10:28:21.950root 11241100x8000000000000000356770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ff0c30c3cff9bb2021-12-21 10:28:21.950root 11241100x8000000000000000356771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c3027a47bef65f2021-12-21 10:28:21.950root 11241100x8000000000000000356772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3117c86e928021e62021-12-21 10:28:21.950root 11241100x8000000000000000356773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.855edfcbecbc98e02021-12-21 10:28:21.950root 11241100x8000000000000000356774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9315fbc0150eb06e2021-12-21 10:28:21.950root 11241100x8000000000000000356775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0d3aea4e683abf2021-12-21 10:28:21.950root 11241100x8000000000000000356776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7484bb7a29fde72021-12-21 10:28:21.950root 11241100x8000000000000000356777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3686012d788b31552021-12-21 10:28:21.950root 11241100x8000000000000000356778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07475cd98a6388982021-12-21 10:28:21.950root 11241100x8000000000000000356779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1bf260b26eaf5452021-12-21 10:28:21.950root 11241100x8000000000000000356780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5094195e6b13ddad2021-12-21 10:28:21.951root 11241100x8000000000000000356781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cecefb636ca939462021-12-21 10:28:21.951root 11241100x8000000000000000356782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55f3285dc046a2372021-12-21 10:28:21.951root 11241100x8000000000000000356783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9175b171eaaaff62021-12-21 10:28:21.951root 11241100x8000000000000000356784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bdbcf8440568eef2021-12-21 10:28:21.951root 11241100x8000000000000000356785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c09e0bacf5a6cb6c2021-12-21 10:28:21.951root 11241100x8000000000000000356786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f3c89f8be95efb2021-12-21 10:28:21.951root 11241100x8000000000000000356787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c640c0adf936013a2021-12-21 10:28:21.951root 11241100x8000000000000000356788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee10decae6a1afd2021-12-21 10:28:21.951root 11241100x8000000000000000356789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b764c14dda128dc72021-12-21 10:28:21.951root 11241100x8000000000000000356790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:21.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be3487687ef2955c2021-12-21 10:28:21.951root 354300x8000000000000000356791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.155{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47146-false10.0.1.12-8000- 11241100x8000000000000000356792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1656aba4202db6a22021-12-21 10:28:22.443root 11241100x8000000000000000356793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab8dbc6204a02f5a2021-12-21 10:28:22.443root 11241100x8000000000000000356794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059f943f184f75c72021-12-21 10:28:22.444root 11241100x8000000000000000356795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70917eca6a951ade2021-12-21 10:28:22.444root 11241100x8000000000000000356796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea0c8c1feeb2fa52021-12-21 10:28:22.444root 11241100x8000000000000000356797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc601553eb243e22021-12-21 10:28:22.444root 11241100x8000000000000000356798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e84ffde11fdaf32021-12-21 10:28:22.444root 11241100x8000000000000000356799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a37cd766a7b21b2021-12-21 10:28:22.445root 11241100x8000000000000000356800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0815eb28b44c5c132021-12-21 10:28:22.445root 11241100x8000000000000000356801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33532bfac86bdbd02021-12-21 10:28:22.445root 11241100x8000000000000000356802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02990520ad0d6cbd2021-12-21 10:28:22.445root 11241100x8000000000000000356803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e080dfb7d698303e2021-12-21 10:28:22.445root 11241100x8000000000000000356804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e73e22aca787dfc2021-12-21 10:28:22.445root 11241100x8000000000000000356805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a045020426359742021-12-21 10:28:22.445root 11241100x8000000000000000356806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798f3a7d42a23a542021-12-21 10:28:22.445root 11241100x8000000000000000356807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac18c5672cea7c2d2021-12-21 10:28:22.445root 11241100x8000000000000000356808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a2a27646402ab82021-12-21 10:28:22.445root 11241100x8000000000000000356809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac27e28f1e3319052021-12-21 10:28:22.446root 11241100x8000000000000000356810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e686d808b8c02d2021-12-21 10:28:22.446root 11241100x8000000000000000356811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a34105e261198ef2021-12-21 10:28:22.446root 11241100x8000000000000000356812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c21f5c121ea98ddb2021-12-21 10:28:22.446root 11241100x8000000000000000356813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520aab53f3690dd02021-12-21 10:28:22.446root 11241100x8000000000000000356814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd1eee312cfcef02021-12-21 10:28:22.446root 11241100x8000000000000000356815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d23a8cfe86a1e1c2021-12-21 10:28:22.446root 11241100x8000000000000000356816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75818529a9f33e42021-12-21 10:28:22.446root 11241100x8000000000000000356817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81e1ae3a9960d362021-12-21 10:28:22.446root 11241100x8000000000000000356818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe1f15eccb1206eb2021-12-21 10:28:22.446root 11241100x8000000000000000356819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f60ec2f28e30b1a2021-12-21 10:28:22.447root 11241100x8000000000000000356820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f857a7aaa0779cc32021-12-21 10:28:22.447root 11241100x8000000000000000356821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e439e125801bf8f72021-12-21 10:28:22.447root 11241100x8000000000000000356822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c08de5a2ba9fa2d62021-12-21 10:28:22.447root 11241100x8000000000000000356823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e109f82684d7f5e62021-12-21 10:28:22.447root 11241100x8000000000000000356824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38cc48b6ef23aa1f2021-12-21 10:28:22.447root 11241100x8000000000000000356825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.683b3b94561cedb82021-12-21 10:28:22.447root 11241100x8000000000000000356826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d21d6dc07516f12021-12-21 10:28:22.448root 11241100x8000000000000000356827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c02eff2601c2d18a2021-12-21 10:28:22.448root 11241100x8000000000000000356828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8eca75f54acb78d2021-12-21 10:28:22.448root 11241100x8000000000000000356829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852ded4fa3f421322021-12-21 10:28:22.448root 11241100x8000000000000000356830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7358f21c7352c032021-12-21 10:28:22.448root 11241100x8000000000000000356831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26428a5ddffeb7192021-12-21 10:28:22.448root 11241100x8000000000000000356832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a75e70960b546aa2021-12-21 10:28:22.449root 11241100x8000000000000000356833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f32c463a88c17e22021-12-21 10:28:22.449root 11241100x8000000000000000356834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32eb6064e0f4e592021-12-21 10:28:22.449root 11241100x8000000000000000356835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c3f1af436ea3f22021-12-21 10:28:22.449root 11241100x8000000000000000356836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c0c5e9510fdc602021-12-21 10:28:22.449root 11241100x8000000000000000356837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c0183f5191cf902021-12-21 10:28:22.449root 11241100x8000000000000000356838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ff6a6d9e6f3bde2021-12-21 10:28:22.449root 11241100x8000000000000000356839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f7a97b046c27d02021-12-21 10:28:22.450root 11241100x8000000000000000356840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfc2afa944d835352021-12-21 10:28:22.450root 11241100x8000000000000000356841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d0fbe43c3a471e2021-12-21 10:28:22.450root 11241100x8000000000000000356842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9bf670ea14176b2021-12-21 10:28:22.450root 11241100x8000000000000000356843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd29287309ec3f82021-12-21 10:28:22.450root 11241100x8000000000000000356844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b775cc517111022021-12-21 10:28:22.450root 11241100x8000000000000000356845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831b97ca5fe264b22021-12-21 10:28:22.450root 11241100x8000000000000000356846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd2921028b4022a2021-12-21 10:28:22.451root 11241100x8000000000000000356847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af14e35cad7c94fc2021-12-21 10:28:22.451root 11241100x8000000000000000356848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59440a58a402861c2021-12-21 10:28:22.451root 11241100x8000000000000000356849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86bf94cece1304bd2021-12-21 10:28:22.451root 11241100x8000000000000000356850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b4111c142c8dc8a2021-12-21 10:28:22.451root 11241100x8000000000000000356851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d5573412f78aeb2021-12-21 10:28:22.451root 11241100x8000000000000000356852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439f3e76efee76f62021-12-21 10:28:22.943root 11241100x8000000000000000356853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fdf779262647132021-12-21 10:28:22.943root 11241100x8000000000000000356854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee301a8cdb586ae2021-12-21 10:28:22.943root 11241100x8000000000000000356855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f7f04bb0cdcb4b2021-12-21 10:28:22.943root 11241100x8000000000000000356856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f37a212dd8d55762021-12-21 10:28:22.944root 11241100x8000000000000000356857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd47e9a6233b8012021-12-21 10:28:22.944root 11241100x8000000000000000356858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88d40d9eaed070a2021-12-21 10:28:22.944root 11241100x8000000000000000356859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c0452122417866c2021-12-21 10:28:22.944root 11241100x8000000000000000356860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d161a68904701ca52021-12-21 10:28:22.944root 11241100x8000000000000000356861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3da223e9740a7fb2021-12-21 10:28:22.944root 11241100x8000000000000000356862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f977f429e7d4e1ce2021-12-21 10:28:22.944root 11241100x8000000000000000356863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f68b055598ae8c2021-12-21 10:28:22.944root 11241100x8000000000000000356864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4571e307243cf0f12021-12-21 10:28:22.945root 11241100x8000000000000000356865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a097ed6f4d53672021-12-21 10:28:22.945root 11241100x8000000000000000356866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dceb0d232cfe7f562021-12-21 10:28:22.945root 11241100x8000000000000000356867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4525ddc48efead7d2021-12-21 10:28:22.945root 11241100x8000000000000000356868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e15a7e25dcf78b2021-12-21 10:28:22.945root 11241100x8000000000000000356869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5306a405755a08a2021-12-21 10:28:22.945root 11241100x8000000000000000356870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df8243d879f27ead2021-12-21 10:28:22.945root 11241100x8000000000000000356871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.891088e4ea795d822021-12-21 10:28:22.945root 11241100x8000000000000000356872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e715c73b249b3c2021-12-21 10:28:22.945root 11241100x8000000000000000356873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bee3ac28249674a2021-12-21 10:28:22.945root 11241100x8000000000000000356874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fbfa275f4b62bb12021-12-21 10:28:22.945root 11241100x8000000000000000356875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa2082ae28382a152021-12-21 10:28:22.946root 11241100x8000000000000000356876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8293102f37a54102021-12-21 10:28:22.946root 11241100x8000000000000000356877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe623f2c2bebf352021-12-21 10:28:22.946root 11241100x8000000000000000356878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74d2886d448b1f62021-12-21 10:28:22.946root 11241100x8000000000000000356879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da553ac1a9f005c02021-12-21 10:28:22.946root 11241100x8000000000000000356880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d66a7dd5a7fadab82021-12-21 10:28:22.946root 11241100x8000000000000000356881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d154a74bf6815b62021-12-21 10:28:22.946root 11241100x8000000000000000356882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2d867b32d3232e2021-12-21 10:28:22.947root 11241100x8000000000000000356883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c60f77fd1f1c21f92021-12-21 10:28:22.947root 11241100x8000000000000000356884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c5b3a7b4a937302021-12-21 10:28:22.947root 11241100x8000000000000000356885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac8212dadfdab0c2021-12-21 10:28:22.947root 11241100x8000000000000000356886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c323f4d11a0b2ce72021-12-21 10:28:22.947root 11241100x8000000000000000356887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c7d1a3bbc2908ea2021-12-21 10:28:22.947root 11241100x8000000000000000356888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a25adda0b6abd292021-12-21 10:28:22.948root 11241100x8000000000000000356889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c6e5157d8102432021-12-21 10:28:22.948root 11241100x8000000000000000356890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50844305b56036302021-12-21 10:28:22.949root 11241100x8000000000000000356891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1359da3399d032a32021-12-21 10:28:22.949root 11241100x8000000000000000356892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d959eee0676f5a2021-12-21 10:28:22.949root 11241100x8000000000000000356893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd5ccb28fe37b6d2021-12-21 10:28:22.949root 11241100x8000000000000000356894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd571a5dce554e912021-12-21 10:28:22.950root 11241100x8000000000000000356895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889f4700c00395a32021-12-21 10:28:22.950root 11241100x8000000000000000356896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b255932c0a3bee62021-12-21 10:28:22.950root 11241100x8000000000000000356897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cb27f724408c5de2021-12-21 10:28:22.950root 11241100x8000000000000000356898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9dd5a840c788cef2021-12-21 10:28:22.950root 11241100x8000000000000000356899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a597013eb265ea582021-12-21 10:28:22.951root 11241100x8000000000000000356900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.799e420e265c80a12021-12-21 10:28:22.951root 11241100x8000000000000000356901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dea101d9884101b2021-12-21 10:28:22.951root 11241100x8000000000000000356902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b86b6ac283a0f422021-12-21 10:28:22.952root 11241100x8000000000000000356903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e1475d326118352021-12-21 10:28:22.952root 11241100x8000000000000000356904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1111bf69c645c8c22021-12-21 10:28:22.952root 11241100x8000000000000000356905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e93c28a6450da522021-12-21 10:28:22.952root 11241100x8000000000000000356906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.484aa9d89624b5c62021-12-21 10:28:22.952root 11241100x8000000000000000356907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b45a46f61e9a46cc2021-12-21 10:28:22.952root 11241100x8000000000000000356908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.889e773bc14a3bcf2021-12-21 10:28:22.953root 11241100x8000000000000000356909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45d6d5251296fa02021-12-21 10:28:22.953root 11241100x8000000000000000356910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.754495176d2b6cc62021-12-21 10:28:22.953root 11241100x8000000000000000356911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ca22703c2d43a12021-12-21 10:28:22.953root 11241100x8000000000000000356912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d1ad2c2ba75fc32021-12-21 10:28:22.954root 11241100x8000000000000000356913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67be274a001cde362021-12-21 10:28:22.954root 11241100x8000000000000000356914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff71d7f5a7ff50e2021-12-21 10:28:22.954root 11241100x8000000000000000356915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3eea45f2a47dd62021-12-21 10:28:22.954root 11241100x8000000000000000356916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34f253e121155f6e2021-12-21 10:28:22.954root 11241100x8000000000000000356917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5147bf242f9da42e2021-12-21 10:28:22.954root 11241100x8000000000000000356918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9e85ea5f8310902021-12-21 10:28:22.955root 11241100x8000000000000000356919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:22.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2445e5b2dfb4608f2021-12-21 10:28:22.955root 11241100x8000000000000000356920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b7466791a4fa302021-12-21 10:28:23.443root 11241100x8000000000000000356921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d615790d7a352fad2021-12-21 10:28:23.443root 11241100x8000000000000000356922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af11ceaea6ac4ea02021-12-21 10:28:23.444root 11241100x8000000000000000356923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.064197832419204d2021-12-21 10:28:23.444root 11241100x8000000000000000356924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c6dd58a612118e42021-12-21 10:28:23.444root 11241100x8000000000000000356925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10cb01be83ae96cf2021-12-21 10:28:23.444root 11241100x8000000000000000356926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f043a0d5205eb72021-12-21 10:28:23.444root 11241100x8000000000000000356927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ec129d07be73172021-12-21 10:28:23.445root 11241100x8000000000000000356928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bdf1a2d665b5bb2021-12-21 10:28:23.445root 11241100x8000000000000000356929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc61ab1ac84a90b2021-12-21 10:28:23.445root 11241100x8000000000000000356930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5f39787a690123e2021-12-21 10:28:23.445root 11241100x8000000000000000356931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4ac56144673c5992021-12-21 10:28:23.446root 11241100x8000000000000000356932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.003cfffd43dd1d232021-12-21 10:28:23.446root 11241100x8000000000000000356933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1ca0ff8a8c237122021-12-21 10:28:23.446root 11241100x8000000000000000356934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.572a6a15575c7c632021-12-21 10:28:23.446root 11241100x8000000000000000356935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5362936f120925a2021-12-21 10:28:23.446root 11241100x8000000000000000356936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16a259eb559d9842021-12-21 10:28:23.446root 11241100x8000000000000000356937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcaa397b989f5df62021-12-21 10:28:23.447root 11241100x8000000000000000356938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd18c6a38fd10c892021-12-21 10:28:23.447root 11241100x8000000000000000356939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb00701d6cc40392021-12-21 10:28:23.447root 11241100x8000000000000000356940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7433d6d31d22ed62021-12-21 10:28:23.447root 11241100x8000000000000000356941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0580e5b8ca0c1342021-12-21 10:28:23.447root 11241100x8000000000000000356942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29aa59eeb11efe722021-12-21 10:28:23.447root 11241100x8000000000000000356943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1064f8750ee1689c2021-12-21 10:28:23.447root 11241100x8000000000000000356944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b250862c60dca46f2021-12-21 10:28:23.447root 11241100x8000000000000000356945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79ca1307a3bdc882021-12-21 10:28:23.448root 11241100x8000000000000000356946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2e1938eaf02291a2021-12-21 10:28:23.448root 11241100x8000000000000000356947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f5bb06dcf56490c2021-12-21 10:28:23.448root 11241100x8000000000000000356948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a8e0407af5585c2021-12-21 10:28:23.448root 11241100x8000000000000000356949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e066150e3c92269f2021-12-21 10:28:23.448root 11241100x8000000000000000356950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d9367340169c8c2021-12-21 10:28:23.448root 11241100x8000000000000000356951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ee5f18ee0824972021-12-21 10:28:23.448root 11241100x8000000000000000356952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d1636255bde6f22021-12-21 10:28:23.448root 11241100x8000000000000000356953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcd2c107fe247c1e2021-12-21 10:28:23.448root 11241100x8000000000000000356954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13a216d47d83815e2021-12-21 10:28:23.449root 11241100x8000000000000000356955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbdc9d1031ff66b02021-12-21 10:28:23.449root 11241100x8000000000000000356956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66e001b598544162021-12-21 10:28:23.449root 11241100x8000000000000000356957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839ad9e285faddf22021-12-21 10:28:23.449root 11241100x8000000000000000356958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4c9023912ecb17f2021-12-21 10:28:23.449root 11241100x8000000000000000356959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d32c5e9f1d697242021-12-21 10:28:23.449root 11241100x8000000000000000356960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f854c7e52196f31a2021-12-21 10:28:23.449root 11241100x8000000000000000356961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d3960f11c5c3762021-12-21 10:28:23.449root 11241100x8000000000000000356962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4145ee74b1818a9f2021-12-21 10:28:23.449root 11241100x8000000000000000356963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb156d7dfa81323c2021-12-21 10:28:23.450root 11241100x8000000000000000356964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec2cc0e68d6334e2021-12-21 10:28:23.450root 11241100x8000000000000000356965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f14437cc57b1da1a2021-12-21 10:28:23.450root 11241100x8000000000000000356966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d327dce95e1384962021-12-21 10:28:23.450root 11241100x8000000000000000356967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0306a9717269dcb2021-12-21 10:28:23.450root 11241100x8000000000000000356968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ed78f1f5b060e12021-12-21 10:28:23.450root 11241100x8000000000000000356969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4783c0b0528032482021-12-21 10:28:23.450root 11241100x8000000000000000356970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad14e4ab9d03434c2021-12-21 10:28:23.450root 11241100x8000000000000000356971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c55af4e7cb8a6d42021-12-21 10:28:23.450root 11241100x8000000000000000356972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.348d6c7b58c669062021-12-21 10:28:23.450root 11241100x8000000000000000356973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d4494b96d910842021-12-21 10:28:23.943root 11241100x8000000000000000356974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7d038ecf6e524d2021-12-21 10:28:23.943root 11241100x8000000000000000356975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0597f243cdc05a82021-12-21 10:28:23.943root 11241100x8000000000000000356976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bff7b3e0c0e4432021-12-21 10:28:23.943root 11241100x8000000000000000356977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762199d9723edd392021-12-21 10:28:23.943root 11241100x8000000000000000356978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e91a867cbeb39a622021-12-21 10:28:23.944root 11241100x8000000000000000356979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14956ff0206baf2d2021-12-21 10:28:23.944root 11241100x8000000000000000356980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c634baf2c102a9b02021-12-21 10:28:23.944root 11241100x8000000000000000356981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3d19a31ca8f3382021-12-21 10:28:23.944root 11241100x8000000000000000356982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0321c0eea5951552021-12-21 10:28:23.944root 11241100x8000000000000000356983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.989f2743acb5c2212021-12-21 10:28:23.944root 11241100x8000000000000000356984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed362871ee97a8142021-12-21 10:28:23.944root 11241100x8000000000000000356985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24659c975821cb02021-12-21 10:28:23.944root 11241100x8000000000000000356986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4fecb4442738682021-12-21 10:28:23.945root 11241100x8000000000000000356987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff5aba2d2f095502021-12-21 10:28:23.945root 11241100x8000000000000000356988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cff720fe52d07aa2021-12-21 10:28:23.945root 11241100x8000000000000000356989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfd04d9d6fc1cdab2021-12-21 10:28:23.945root 11241100x8000000000000000356990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155214df93c79aaf2021-12-21 10:28:23.945root 11241100x8000000000000000356991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1072726aa216c5142021-12-21 10:28:23.945root 11241100x8000000000000000356992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1164c435e0a178f2021-12-21 10:28:23.945root 11241100x8000000000000000356993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942d49157f6d1f522021-12-21 10:28:23.945root 11241100x8000000000000000356994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07eb1883bf8457942021-12-21 10:28:23.945root 11241100x8000000000000000356995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd5e548ed4fe0d22021-12-21 10:28:23.946root 11241100x8000000000000000356996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76203f246a74f3b82021-12-21 10:28:23.946root 11241100x8000000000000000356997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9184afe321e9898c2021-12-21 10:28:23.946root 11241100x8000000000000000356998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85bb63649de658172021-12-21 10:28:23.946root 11241100x8000000000000000356999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b542126961551e9d2021-12-21 10:28:23.946root 11241100x8000000000000000357000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a581a724478d6d2021-12-21 10:28:23.946root 11241100x8000000000000000357001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e07de439ba06f92021-12-21 10:28:23.946root 11241100x8000000000000000357002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc93bba0445ef4b2021-12-21 10:28:23.946root 11241100x8000000000000000357003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2334334f150dab862021-12-21 10:28:23.947root 11241100x8000000000000000357004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bdd9dc47d9e32d42021-12-21 10:28:23.947root 11241100x8000000000000000357005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492b8ad588c0285b2021-12-21 10:28:23.947root 11241100x8000000000000000357006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc1d223b146cf412021-12-21 10:28:23.947root 11241100x8000000000000000357007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4082571b7b8d6e8f2021-12-21 10:28:23.947root 11241100x8000000000000000357008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.616901c9b28111552021-12-21 10:28:23.947root 11241100x8000000000000000357009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00b228475ff7e292021-12-21 10:28:23.947root 11241100x8000000000000000357010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc22074b9aaa09452021-12-21 10:28:23.947root 11241100x8000000000000000357011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68e31e2f04626402021-12-21 10:28:23.947root 11241100x8000000000000000357012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261ee8e665df7dea2021-12-21 10:28:23.947root 11241100x8000000000000000357013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbfce51576e96d622021-12-21 10:28:23.947root 11241100x8000000000000000357014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4629f86d54737a462021-12-21 10:28:23.947root 11241100x8000000000000000357015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b89b349e0b1e1032021-12-21 10:28:23.947root 11241100x8000000000000000357016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:23.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb6e26cba4f8b722021-12-21 10:28:23.948root 11241100x8000000000000000357017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a5ef2b688314762021-12-21 10:28:24.443root 11241100x8000000000000000357018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb37bb1a9a441262021-12-21 10:28:24.443root 11241100x8000000000000000357019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519c5422f8f9759f2021-12-21 10:28:24.443root 11241100x8000000000000000357020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7834d7f8f4535a72021-12-21 10:28:24.443root 11241100x8000000000000000357021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08439dd6c83baa72021-12-21 10:28:24.443root 11241100x8000000000000000357022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7dd02f9cb2f0e3f2021-12-21 10:28:24.443root 11241100x8000000000000000357023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f7043fff6206bc2021-12-21 10:28:24.443root 11241100x8000000000000000357024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b8690f470496a92021-12-21 10:28:24.443root 11241100x8000000000000000357025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ecfbf02321643292021-12-21 10:28:24.444root 11241100x8000000000000000357026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f008247c728be5ed2021-12-21 10:28:24.444root 11241100x8000000000000000357027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f17d5aa052101ac2021-12-21 10:28:24.444root 11241100x8000000000000000357028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ddf808cbf157b72021-12-21 10:28:24.444root 11241100x8000000000000000357029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59d1d3c4568c99f2021-12-21 10:28:24.444root 11241100x8000000000000000357030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5a0cd0a90ad0f02021-12-21 10:28:24.444root 11241100x8000000000000000357031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df0306d65a6783e2021-12-21 10:28:24.444root 11241100x8000000000000000357032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ef17cea94d8f662021-12-21 10:28:24.445root 11241100x8000000000000000357033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ef29b31146bbc12021-12-21 10:28:24.445root 11241100x8000000000000000357034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c9ef737c2a22322021-12-21 10:28:24.445root 11241100x8000000000000000357035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09cd250d01a49e6f2021-12-21 10:28:24.445root 11241100x8000000000000000357036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ed348a2a7292152021-12-21 10:28:24.445root 11241100x8000000000000000357037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.419b97b6df3462322021-12-21 10:28:24.445root 11241100x8000000000000000357038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf112349882e1b82021-12-21 10:28:24.445root 11241100x8000000000000000357039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92b20c13cc61bb52021-12-21 10:28:24.445root 11241100x8000000000000000357040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae59d77f7cb03ac92021-12-21 10:28:24.445root 11241100x8000000000000000357041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.306226f96488a21c2021-12-21 10:28:24.446root 11241100x8000000000000000357042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a3fd2f45f4a9352021-12-21 10:28:24.446root 11241100x8000000000000000357043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e12c0e8f617b822021-12-21 10:28:24.446root 11241100x8000000000000000357044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3afd34e612e598a52021-12-21 10:28:24.446root 11241100x8000000000000000357045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f18a9e099beb9842021-12-21 10:28:24.446root 11241100x8000000000000000357046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b850e0918534682021-12-21 10:28:24.446root 11241100x8000000000000000357047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f88ffac9fd635672021-12-21 10:28:24.446root 11241100x8000000000000000357048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38660c08c78c0402021-12-21 10:28:24.446root 11241100x8000000000000000357049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2554917e018a6adb2021-12-21 10:28:24.446root 11241100x8000000000000000357050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34634960b85005a32021-12-21 10:28:24.447root 11241100x8000000000000000357051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439ca5ff30aae0342021-12-21 10:28:24.447root 11241100x8000000000000000357052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e6f52fe70a0c882021-12-21 10:28:24.447root 11241100x8000000000000000357053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bba8d08c38a9afa2021-12-21 10:28:24.447root 11241100x8000000000000000357054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65cd692b47740962021-12-21 10:28:24.447root 11241100x8000000000000000357055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb698720b88650822021-12-21 10:28:24.447root 11241100x8000000000000000357056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e4bb364b3c4a2992021-12-21 10:28:24.448root 11241100x8000000000000000357057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4acb034d866fa5932021-12-21 10:28:24.448root 11241100x8000000000000000357058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a56a82090151a9452021-12-21 10:28:24.448root 11241100x8000000000000000357059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274dc8b5a21bdf342021-12-21 10:28:24.448root 11241100x8000000000000000357060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff45b5bfc011b7522021-12-21 10:28:24.448root 11241100x8000000000000000357061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3260e03bd4eef02021-12-21 10:28:24.448root 11241100x8000000000000000357062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e29d667c259665172021-12-21 10:28:24.448root 11241100x8000000000000000357063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.750390a57e35ef4f2021-12-21 10:28:24.448root 11241100x8000000000000000357064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df49f4be5bf8ee92021-12-21 10:28:24.448root 11241100x8000000000000000357065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e87388197f99709d2021-12-21 10:28:24.448root 11241100x8000000000000000357066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300306db631f46922021-12-21 10:28:24.448root 11241100x8000000000000000357067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ffc0c0e1537fa6f2021-12-21 10:28:24.448root 11241100x8000000000000000357068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da64c6d7f7de9b5c2021-12-21 10:28:24.448root 11241100x8000000000000000357069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d68ddb6a0ffdaa02021-12-21 10:28:24.449root 11241100x8000000000000000357070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c4ba0fd7c28b5722021-12-21 10:28:24.450root 11241100x8000000000000000357071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c9eb0ac5a462002021-12-21 10:28:24.450root 11241100x8000000000000000357072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db1845372d03383b2021-12-21 10:28:24.450root 11241100x8000000000000000357073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f8460e7d1eac102021-12-21 10:28:24.450root 11241100x8000000000000000357074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0edb2ccc890b5d2021-12-21 10:28:24.450root 11241100x8000000000000000357075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26677c3b6235d9f92021-12-21 10:28:24.451root 11241100x8000000000000000357076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22922a54750aa8332021-12-21 10:28:24.451root 11241100x8000000000000000357077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b65f069ea60fc92021-12-21 10:28:24.451root 11241100x8000000000000000357078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16a261252ddece1e2021-12-21 10:28:24.453root 11241100x8000000000000000357079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511eedb4b9c17c9d2021-12-21 10:28:24.453root 11241100x8000000000000000357080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81ee69ab710229462021-12-21 10:28:24.453root 11241100x8000000000000000357081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.736604f97e768aff2021-12-21 10:28:24.454root 11241100x8000000000000000357082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c21e34d67730522021-12-21 10:28:24.454root 11241100x8000000000000000357083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a8e3e4e298194b2021-12-21 10:28:24.456root 11241100x8000000000000000357084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22705e791cfe13c92021-12-21 10:28:24.456root 11241100x8000000000000000357085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b401e057624e5a162021-12-21 10:28:24.456root 11241100x8000000000000000357086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04f2aadd26eb70f2021-12-21 10:28:24.456root 11241100x8000000000000000357087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af4a0288a86d6ed2021-12-21 10:28:24.456root 11241100x8000000000000000357088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b44e63dd8d68cc2021-12-21 10:28:24.459root 11241100x8000000000000000357089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb6675cc3aef5102021-12-21 10:28:24.459root 11241100x8000000000000000357090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63f99dc67025b8162021-12-21 10:28:24.459root 11241100x8000000000000000357091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491f4477e0da565a2021-12-21 10:28:24.459root 11241100x8000000000000000357092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a125c294850ab5842021-12-21 10:28:24.459root 11241100x8000000000000000357093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5752a12fe401212021-12-21 10:28:24.459root 11241100x8000000000000000357094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c526a309dbaa92ac2021-12-21 10:28:24.459root 11241100x8000000000000000357095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a906016de6d058c62021-12-21 10:28:24.460root 11241100x8000000000000000357096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f93034865095b9d2021-12-21 10:28:24.460root 11241100x8000000000000000357097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.460{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55fa89464c961512021-12-21 10:28:24.460root 11241100x8000000000000000357098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7434623f37c9e22021-12-21 10:28:24.463root 11241100x8000000000000000357099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.463{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a889acdbcda3fd2021-12-21 10:28:24.463root 11241100x8000000000000000357100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2a6b35288b682e2021-12-21 10:28:24.464root 11241100x8000000000000000357101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0772e2342cee092021-12-21 10:28:24.464root 11241100x8000000000000000357102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a4d6ca137ed6842021-12-21 10:28:24.464root 11241100x8000000000000000357103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32de7487a31642302021-12-21 10:28:24.464root 11241100x8000000000000000357104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9e5a56277a7c552021-12-21 10:28:24.464root 11241100x8000000000000000357105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7b95fbd98411cb2021-12-21 10:28:24.464root 11241100x8000000000000000357106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.464{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eebf5c374c9950f62021-12-21 10:28:24.464root 11241100x8000000000000000357107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af270c5ed555ac62021-12-21 10:28:24.465root 11241100x8000000000000000357108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723ef499bd33d4d22021-12-21 10:28:24.465root 11241100x8000000000000000357109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c66419ac89b6dd62021-12-21 10:28:24.465root 11241100x8000000000000000357110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d8f6a73bd56e082021-12-21 10:28:24.465root 11241100x8000000000000000357111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0b69efa8f10d832021-12-21 10:28:24.465root 11241100x8000000000000000357112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43361e102d91780e2021-12-21 10:28:24.465root 11241100x8000000000000000357113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.465{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2fc5d6eb54469cc2021-12-21 10:28:24.465root 11241100x8000000000000000357114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851c925cd796b41a2021-12-21 10:28:24.466root 11241100x8000000000000000357115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.466{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f80dfa662d863c5e2021-12-21 10:28:24.466root 11241100x8000000000000000357116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2079b175e56796bb2021-12-21 10:28:24.467root 11241100x8000000000000000357117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5c88bbed8363372021-12-21 10:28:24.467root 11241100x8000000000000000357118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403faf31f003d5b12021-12-21 10:28:24.467root 11241100x8000000000000000357119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.467{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d45fbf120b6beb62021-12-21 10:28:24.467root 11241100x8000000000000000357120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d238b7f6f8f7ff792021-12-21 10:28:24.469root 11241100x8000000000000000357121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e07b3ba6db06760b2021-12-21 10:28:24.469root 11241100x8000000000000000357122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.469{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8c916db32644d92021-12-21 10:28:24.469root 11241100x8000000000000000357123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c6b6569bd3612b62021-12-21 10:28:24.470root 11241100x8000000000000000357124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2a1521e320695902021-12-21 10:28:24.470root 11241100x8000000000000000357125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.470{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f467f299fa6f8f92021-12-21 10:28:24.470root 11241100x8000000000000000357126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.581e678e9cd890552021-12-21 10:28:24.471root 11241100x8000000000000000357127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93398db4ec4038ba2021-12-21 10:28:24.471root 11241100x8000000000000000357128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.471{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8effe159376873f2021-12-21 10:28:24.471root 11241100x8000000000000000357129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5908aad97565e3142021-12-21 10:28:24.473root 11241100x8000000000000000357130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c60660f251c9502021-12-21 10:28:24.473root 11241100x8000000000000000357131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.473{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0078cabc9892b032021-12-21 10:28:24.473root 11241100x8000000000000000357132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c8a482a22be964a2021-12-21 10:28:24.474root 11241100x8000000000000000357133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb408d913a9c1ac52021-12-21 10:28:24.474root 11241100x8000000000000000357134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666f4c98b1433f492021-12-21 10:28:24.474root 11241100x8000000000000000357135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afbeb5075a85cf962021-12-21 10:28:24.474root 11241100x8000000000000000357136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386f80c201cf86f82021-12-21 10:28:24.474root 11241100x8000000000000000357137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb9c6898159ce952021-12-21 10:28:24.474root 11241100x8000000000000000357138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.474{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae7d3e4fa2a0a142021-12-21 10:28:24.474root 11241100x8000000000000000357139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c676d41d268bbe3e2021-12-21 10:28:24.475root 11241100x8000000000000000357140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53ad1727113aaf72021-12-21 10:28:24.475root 11241100x8000000000000000357141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49ccea94e130ca82021-12-21 10:28:24.475root 11241100x8000000000000000357142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f6db6d2df755d92021-12-21 10:28:24.475root 11241100x8000000000000000357143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3b791d1809a53142021-12-21 10:28:24.475root 11241100x8000000000000000357144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.475{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96cbd13437f62f112021-12-21 10:28:24.475root 11241100x8000000000000000357145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7bd6b724d7114c72021-12-21 10:28:24.477root 11241100x8000000000000000357146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced9864ee39b5d802021-12-21 10:28:24.477root 11241100x8000000000000000357147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8fc92f456e1551e2021-12-21 10:28:24.477root 11241100x8000000000000000357148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b582d6f5808ae8492021-12-21 10:28:24.477root 11241100x8000000000000000357149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eba574991d00a0f2021-12-21 10:28:24.477root 11241100x8000000000000000357150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8974d894304ec9062021-12-21 10:28:24.477root 11241100x8000000000000000357151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.477{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6231ee4228723522021-12-21 10:28:24.477root 11241100x8000000000000000357152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.478{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b3eb86ee397e292021-12-21 10:28:24.478root 11241100x8000000000000000357153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.664312d2d95e49062021-12-21 10:28:24.479root 11241100x8000000000000000357154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a53d861a9a63192021-12-21 10:28:24.479root 11241100x8000000000000000357155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.479{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54701ec199118c322021-12-21 10:28:24.479root 11241100x8000000000000000357156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.480{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc96ea570adabd242021-12-21 10:28:24.480root 11241100x8000000000000000357157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948f32e5623914a72021-12-21 10:28:24.481root 11241100x8000000000000000357158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e97aa4b8eb6c382021-12-21 10:28:24.481root 11241100x8000000000000000357159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ee6fe94dedf7282021-12-21 10:28:24.481root 11241100x8000000000000000357160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4517e5baa96bf62021-12-21 10:28:24.481root 11241100x8000000000000000357161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3bed0ec6e45d7562021-12-21 10:28:24.481root 11241100x8000000000000000357162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53e67bc9e61e32d2021-12-21 10:28:24.481root 11241100x8000000000000000357163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.481{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76bc425eb8d528f72021-12-21 10:28:24.481root 11241100x8000000000000000357164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.482{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94cc056c6a64bf22021-12-21 10:28:24.482root 11241100x8000000000000000357165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a571ab9d2198a32021-12-21 10:28:24.483root 11241100x8000000000000000357166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.483{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66fb1cd2bd3f54442021-12-21 10:28:24.483root 11241100x8000000000000000357167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.552d715b042c8eed2021-12-21 10:28:24.484root 11241100x8000000000000000357168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b56347854f3d71e2021-12-21 10:28:24.484root 11241100x8000000000000000357169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b219be95828da12021-12-21 10:28:24.484root 11241100x8000000000000000357170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6badda64d9502b9c2021-12-21 10:28:24.484root 11241100x8000000000000000357171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9b24af694821132021-12-21 10:28:24.484root 11241100x8000000000000000357172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4baaf1f756353e2021-12-21 10:28:24.484root 11241100x8000000000000000357173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.484{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57916681fc65aea42021-12-21 10:28:24.484root 11241100x8000000000000000357174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.485{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58057c140bf10bc82021-12-21 10:28:24.485root 11241100x8000000000000000357175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.486{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2a229c99aedf9c2021-12-21 10:28:24.486root 11241100x8000000000000000357176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.486{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c440a056785da042021-12-21 10:28:24.486root 11241100x8000000000000000357177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.486{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecffcfa92b4850612021-12-21 10:28:24.486root 11241100x8000000000000000357178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.486{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b36b55d4c6faf6ee2021-12-21 10:28:24.486root 11241100x8000000000000000357179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.486{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b072e9e8fa80dfd12021-12-21 10:28:24.486root 11241100x8000000000000000357180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.486{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03616964d73735a92021-12-21 10:28:24.486root 11241100x8000000000000000357181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.486{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ebe3f3ed3782432021-12-21 10:28:24.486root 11241100x8000000000000000357182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.486{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ba1d792a87c2e62021-12-21 10:28:24.486root 11241100x8000000000000000357183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.486{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb55ce83a3626a642021-12-21 10:28:24.486root 11241100x8000000000000000357184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.489{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d14fb1f1a60d74552021-12-21 10:28:24.489root 11241100x8000000000000000357185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.489{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02dce7819c37a0a32021-12-21 10:28:24.489root 11241100x8000000000000000357186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.489{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e196586ef1d595ce2021-12-21 10:28:24.489root 11241100x8000000000000000357187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.489{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6a42c9ca56dde32021-12-21 10:28:24.489root 11241100x8000000000000000357188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.489{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a113b5e942280d2021-12-21 10:28:24.489root 11241100x8000000000000000357189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.489{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1282b4890ff729b2021-12-21 10:28:24.489root 11241100x8000000000000000357190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.489{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbd392c29affba32021-12-21 10:28:24.489root 11241100x8000000000000000357191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.489{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d72b0df5fbaca92021-12-21 10:28:24.489root 11241100x8000000000000000357192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.490{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e73ff2aab60208f2021-12-21 10:28:24.490root 11241100x8000000000000000357193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.491{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caaf695c643731b72021-12-21 10:28:24.491root 11241100x8000000000000000357194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.491{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a896b00fc792b12021-12-21 10:28:24.491root 11241100x8000000000000000357195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.491{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fa337e89fae767a2021-12-21 10:28:24.491root 11241100x8000000000000000357196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.491{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.001c518d2a7370d52021-12-21 10:28:24.491root 11241100x8000000000000000357197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.492{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03601ca23819abf72021-12-21 10:28:24.492root 11241100x8000000000000000357198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.492{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7c3cf90c5f71312021-12-21 10:28:24.492root 11241100x8000000000000000357199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.492{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a9e85664068b3c2021-12-21 10:28:24.492root 11241100x8000000000000000357200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.493{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd716cf822a0d592021-12-21 10:28:24.493root 11241100x8000000000000000357201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.493{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e842673d6a20da262021-12-21 10:28:24.493root 11241100x8000000000000000357202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.493{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b521b12c43b47a62021-12-21 10:28:24.493root 11241100x8000000000000000357203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.493{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f5f4cb4cbebb7e2021-12-21 10:28:24.493root 11241100x8000000000000000357204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.494{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16b419bba48e5732021-12-21 10:28:24.494root 11241100x8000000000000000357205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.494{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c19c8d517b05e89c2021-12-21 10:28:24.494root 11241100x8000000000000000357206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.495{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aab0b000d4962e8a2021-12-21 10:28:24.495root 11241100x8000000000000000357207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.495{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb17a9354f5a5ce2021-12-21 10:28:24.495root 11241100x8000000000000000357208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.495{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec7c5cfc1d83e5c2021-12-21 10:28:24.495root 11241100x8000000000000000357209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.495{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.520549060e2430c22021-12-21 10:28:24.495root 11241100x8000000000000000357210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.496{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd35afbd605afe62021-12-21 10:28:24.496root 11241100x8000000000000000357211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.496{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4ca10ae2551a4b2021-12-21 10:28:24.496root 11241100x8000000000000000357212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.497{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9ebf3114c8c4cc82021-12-21 10:28:24.497root 11241100x8000000000000000357213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.497{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e44f422b27203672021-12-21 10:28:24.497root 11241100x8000000000000000357214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.497{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5310a22d96463b22021-12-21 10:28:24.497root 11241100x8000000000000000357215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.497{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08d548e0643602b2021-12-21 10:28:24.497root 11241100x8000000000000000357216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.497{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9c6f917817a8212021-12-21 10:28:24.497root 11241100x8000000000000000357217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.497{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d4c7503eb51ce02021-12-21 10:28:24.497root 11241100x8000000000000000357218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.497{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7a41bd2f16a9752021-12-21 10:28:24.497root 11241100x8000000000000000357219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.497{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e1ef9b61342c96d2021-12-21 10:28:24.497root 11241100x8000000000000000357220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.497{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3b472cccbcdb582021-12-21 10:28:24.497root 11241100x8000000000000000357221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.499{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7f0ef5b55bc6e272021-12-21 10:28:24.499root 11241100x8000000000000000357222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.499{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ab7e2a87daafcb42021-12-21 10:28:24.499root 11241100x8000000000000000357223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.499{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a1fd18e64919832021-12-21 10:28:24.499root 11241100x8000000000000000357224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.501{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b92e8351ad2f652021-12-21 10:28:24.501root 11241100x8000000000000000357225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.501{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7b5e69446fcfab2021-12-21 10:28:24.501root 11241100x8000000000000000357226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.501{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32d9e48f5a2bb492021-12-21 10:28:24.501root 11241100x8000000000000000357227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.501{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ff98e6c2c7fb042021-12-21 10:28:24.501root 11241100x8000000000000000357228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.501{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23f080a7c8224d52021-12-21 10:28:24.501root 11241100x8000000000000000357229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.501{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c796b17f8b04ed2021-12-21 10:28:24.501root 11241100x8000000000000000357230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.501{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a0f6ea6eb1bb5a62021-12-21 10:28:24.501root 11241100x8000000000000000357231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.501{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4e10a60c75af382021-12-21 10:28:24.501root 11241100x8000000000000000357232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.503{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33e376745ebe77e2021-12-21 10:28:24.503root 11241100x8000000000000000357233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.503{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68900f5f95a776d2021-12-21 10:28:24.503root 11241100x8000000000000000357234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.503{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c8ed9a234a920b2021-12-21 10:28:24.503root 11241100x8000000000000000357235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.504{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd795cc48aaaa0642021-12-21 10:28:24.504root 11241100x8000000000000000357236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.505{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9082ada4b52272362021-12-21 10:28:24.505root 11241100x8000000000000000357237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.505{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fd11a74fef321252021-12-21 10:28:24.505root 11241100x8000000000000000357238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.505{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cf6fa2830fa67f2021-12-21 10:28:24.505root 11241100x8000000000000000357239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.506{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29588c61d6dbd2372021-12-21 10:28:24.506root 11241100x8000000000000000357240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.506{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a764a3be88147c912021-12-21 10:28:24.506root 11241100x8000000000000000357241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.506{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2ab9e739d6755d2021-12-21 10:28:24.506root 11241100x8000000000000000357242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.506{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4771b1314b1952ee2021-12-21 10:28:24.506root 11241100x8000000000000000357243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.507{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b125445a974cbc372021-12-21 10:28:24.507root 11241100x8000000000000000357244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.507{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0af8c925a4f08932021-12-21 10:28:24.507root 11241100x8000000000000000357245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.507{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5006cd5cde6dcd2021-12-21 10:28:24.507root 11241100x8000000000000000357246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.507{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e3dfb30ba72e02e2021-12-21 10:28:24.507root 11241100x8000000000000000357247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.507{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3c82eba6d8b950a2021-12-21 10:28:24.507root 11241100x8000000000000000357248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.508{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c49320d3acfc05c32021-12-21 10:28:24.508root 11241100x8000000000000000357249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.508{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a931041e0f5acdf42021-12-21 10:28:24.508root 11241100x8000000000000000357250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.508{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ebb5fdeb9e3f892021-12-21 10:28:24.508root 11241100x8000000000000000357251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.508{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecaf4542f6629d862021-12-21 10:28:24.508root 11241100x8000000000000000357252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.508{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dd4b8a7819db2f02021-12-21 10:28:24.508root 11241100x8000000000000000357253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.508{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30409244260c9ce02021-12-21 10:28:24.508root 11241100x8000000000000000357254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.508{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac5c77a3c2b78532021-12-21 10:28:24.508root 11241100x8000000000000000357255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.508{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de507f69a292e032021-12-21 10:28:24.508root 11241100x8000000000000000357256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.508{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed80d53899910fc2021-12-21 10:28:24.508root 11241100x8000000000000000357257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.508{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2dc5400774089d82021-12-21 10:28:24.508root 11241100x8000000000000000357258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.508{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ac23eeb9148d7d2021-12-21 10:28:24.508root 11241100x8000000000000000357259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.508{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f0d615894dce3d22021-12-21 10:28:24.508root 11241100x8000000000000000357260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.508{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb413f95d7bf1b62021-12-21 10:28:24.508root 11241100x8000000000000000357261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.509{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7622ccb2fbea70112021-12-21 10:28:24.509root 11241100x8000000000000000357262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.509{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd346599f308a542021-12-21 10:28:24.509root 11241100x8000000000000000357263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.509{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dca9201cc9aa90b02021-12-21 10:28:24.509root 11241100x8000000000000000357264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.509{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e46b83f21bbacaf42021-12-21 10:28:24.509root 11241100x8000000000000000357265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.509{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d897957b470ec22021-12-21 10:28:24.509root 11241100x8000000000000000357266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.509{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbb13efef84baf32021-12-21 10:28:24.509root 11241100x8000000000000000357267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.509{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0815a01c07954352021-12-21 10:28:24.509root 11241100x8000000000000000357268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.509{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac39f29e9a544c8d2021-12-21 10:28:24.509root 11241100x8000000000000000357269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.509{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e12809c5cbb4531b2021-12-21 10:28:24.509root 11241100x8000000000000000357270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.509{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e190da38188827e62021-12-21 10:28:24.509root 11241100x8000000000000000357271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.509{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a375538a62ff99c12021-12-21 10:28:24.509root 11241100x8000000000000000357272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.509{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dad8cebe4c4f0662021-12-21 10:28:24.509root 11241100x8000000000000000357273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.509{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d33c64bed07607262021-12-21 10:28:24.509root 11241100x8000000000000000357274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.509{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a52a31997061d22021-12-21 10:28:24.509root 11241100x8000000000000000357275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.509{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc00db95ef423d3b2021-12-21 10:28:24.509root 11241100x8000000000000000357276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.510{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f691ae0e089bcf9b2021-12-21 10:28:24.510root 11241100x8000000000000000357277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.510{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19d7c56db1c620d2021-12-21 10:28:24.510root 11241100x8000000000000000357278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.510{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6154e2db950d052021-12-21 10:28:24.510root 11241100x8000000000000000357279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a264d10926ffffd2021-12-21 10:28:24.943root 11241100x8000000000000000357280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6d0c23cf2ca82e2021-12-21 10:28:24.943root 11241100x8000000000000000357281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0f9d3b2ed9a7492021-12-21 10:28:24.944root 11241100x8000000000000000357282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15d66ed6d088693f2021-12-21 10:28:24.944root 11241100x8000000000000000357283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbdeffbc02ea9f2d2021-12-21 10:28:24.944root 11241100x8000000000000000357284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b51f23303478da12021-12-21 10:28:24.944root 11241100x8000000000000000357285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b66cfdab9b0b43c2021-12-21 10:28:24.944root 11241100x8000000000000000357286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07af1a81f3d39da42021-12-21 10:28:24.944root 11241100x8000000000000000357287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a759ebd338170b2021-12-21 10:28:24.944root 11241100x8000000000000000357288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e14a71be07e44c02021-12-21 10:28:24.944root 11241100x8000000000000000357289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a26a57d4353af532021-12-21 10:28:24.944root 11241100x8000000000000000357290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.340040b98ebb54562021-12-21 10:28:24.945root 11241100x8000000000000000357291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf87fac873a87eb2021-12-21 10:28:24.945root 11241100x8000000000000000357292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511753bf870f89f52021-12-21 10:28:24.945root 11241100x8000000000000000357293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32a2d2fd324fbfc2021-12-21 10:28:24.945root 11241100x8000000000000000357294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79be2c695b60e7f52021-12-21 10:28:24.945root 11241100x8000000000000000357295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3fa4bef8f840ec2021-12-21 10:28:24.945root 11241100x8000000000000000357296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c3c72e20f63f7d2021-12-21 10:28:24.946root 11241100x8000000000000000357297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c2e09607a736cc2021-12-21 10:28:24.946root 11241100x8000000000000000357298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bd6420e57b39dbe2021-12-21 10:28:24.946root 11241100x8000000000000000357299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b006556465bcee602021-12-21 10:28:24.946root 11241100x8000000000000000357300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6875f4ca4979e52021-12-21 10:28:24.946root 11241100x8000000000000000357301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d304920fa642b2f2021-12-21 10:28:24.946root 11241100x8000000000000000357302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3f6fcef6df3a33b2021-12-21 10:28:24.946root 11241100x8000000000000000357303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea6a253983b63952021-12-21 10:28:24.947root 11241100x8000000000000000357304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e7ff91768791fbc2021-12-21 10:28:24.947root 11241100x8000000000000000357305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68fca034583a0b1f2021-12-21 10:28:24.947root 11241100x8000000000000000357306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6aac1269a5ad69e2021-12-21 10:28:24.947root 11241100x8000000000000000357307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5216324e8f2fa2592021-12-21 10:28:24.947root 11241100x8000000000000000357308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8986ee14ed7bbe922021-12-21 10:28:24.947root 11241100x8000000000000000357309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b43fb668d513ef2021-12-21 10:28:24.947root 11241100x8000000000000000357310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa5474b3972ca3e92021-12-21 10:28:24.948root 11241100x8000000000000000357311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f2264d7592a8782021-12-21 10:28:24.948root 11241100x8000000000000000357312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463d457e740f51132021-12-21 10:28:24.948root 11241100x8000000000000000357313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2d8e7a3ddd91b32021-12-21 10:28:24.948root 11241100x8000000000000000357314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe3c203798860e52021-12-21 10:28:24.948root 11241100x8000000000000000357315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374298713a0610742021-12-21 10:28:24.948root 11241100x8000000000000000357316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2bc0b53b5ecf78e2021-12-21 10:28:24.948root 11241100x8000000000000000357317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a821acae3d129f832021-12-21 10:28:24.949root 11241100x8000000000000000357318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d1430247daa0bf2021-12-21 10:28:24.949root 11241100x8000000000000000357319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c361535496d1872021-12-21 10:28:24.949root 11241100x8000000000000000357320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.376cf70e0c4d75032021-12-21 10:28:24.949root 11241100x8000000000000000357321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4b3ef0075f36622021-12-21 10:28:24.949root 11241100x8000000000000000357322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be4ada5ef1679bc2021-12-21 10:28:24.949root 11241100x8000000000000000357323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3d1fa0d3bdffc82021-12-21 10:28:24.949root 11241100x8000000000000000357324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2067a366df588ef32021-12-21 10:28:24.950root 11241100x8000000000000000357325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e2b8c868c6dea12021-12-21 10:28:24.950root 11241100x8000000000000000357326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f754e36da6ba5b62021-12-21 10:28:24.950root 11241100x8000000000000000357327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3275f4d31dbe988a2021-12-21 10:28:24.950root 11241100x8000000000000000357328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06a6b8cbfe1a4fd2021-12-21 10:28:24.950root 11241100x8000000000000000357329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f22cad05cebf7232021-12-21 10:28:24.950root 11241100x8000000000000000357330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7392c7851eb82f2021-12-21 10:28:24.951root 11241100x8000000000000000357331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b2d3d542d9e7ce2021-12-21 10:28:24.951root 11241100x8000000000000000357332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea61acc585703d42021-12-21 10:28:24.951root 11241100x8000000000000000357333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2603c6fea81ae112021-12-21 10:28:24.951root 11241100x8000000000000000357334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29148a5515991bd32021-12-21 10:28:24.951root 11241100x8000000000000000357335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0852b5bbeff8452021-12-21 10:28:24.951root 11241100x8000000000000000357336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4255bf3a9dc9e4482021-12-21 10:28:24.951root 11241100x8000000000000000357337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ec72f3a07c5a552021-12-21 10:28:24.951root 11241100x8000000000000000357338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.422ee8b30b0b292b2021-12-21 10:28:24.951root 11241100x8000000000000000357339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1960faf1e785a31a2021-12-21 10:28:24.952root 11241100x8000000000000000357340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5a6e8c9a0033c12021-12-21 10:28:24.952root 11241100x8000000000000000357341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:24.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb3e2a9eb3960552021-12-21 10:28:24.952root 354300x8000000000000000357342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.105{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-34212-false10.0.1.12-8089- 11241100x8000000000000000357343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466a29b0c1a119342021-12-21 10:28:25.443root 11241100x8000000000000000357344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b993594b55070c2021-12-21 10:28:25.443root 11241100x8000000000000000357345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc38546bde753f42021-12-21 10:28:25.443root 11241100x8000000000000000357346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823ef6bf0e7b4a1a2021-12-21 10:28:25.443root 11241100x8000000000000000357347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd841e81465059082021-12-21 10:28:25.443root 11241100x8000000000000000357348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed7ce7b60a055ca72021-12-21 10:28:25.443root 11241100x8000000000000000357349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577b6cd917af9aba2021-12-21 10:28:25.443root 11241100x8000000000000000357350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a364c054d4ccee2021-12-21 10:28:25.444root 11241100x8000000000000000357351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59bbe22c5d9bba232021-12-21 10:28:25.444root 11241100x8000000000000000357352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e864a35ad7cbbc2021-12-21 10:28:25.444root 11241100x8000000000000000357353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11fe86e8a80a5dd62021-12-21 10:28:25.444root 11241100x8000000000000000357354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af4e92c351acbac2021-12-21 10:28:25.444root 11241100x8000000000000000357355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113a59b1446c81dc2021-12-21 10:28:25.444root 11241100x8000000000000000357356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e441e47ff76b0702021-12-21 10:28:25.445root 11241100x8000000000000000357357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843c12efd21a2e482021-12-21 10:28:25.445root 11241100x8000000000000000357358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4edc4f00b3d974142021-12-21 10:28:25.445root 11241100x8000000000000000357359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c23fad83478e2ba2021-12-21 10:28:25.445root 11241100x8000000000000000357360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0e8d037f0d971f2021-12-21 10:28:25.445root 11241100x8000000000000000357361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f786b630f100dbb2021-12-21 10:28:25.445root 11241100x8000000000000000357362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de1cd70d909870bf2021-12-21 10:28:25.445root 11241100x8000000000000000357363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c7a8943f01c2542021-12-21 10:28:25.446root 11241100x8000000000000000357364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff5d2c4047570be2021-12-21 10:28:25.446root 11241100x8000000000000000357365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b757d9725a4867f2021-12-21 10:28:25.446root 11241100x8000000000000000357366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.856baac77d00ffea2021-12-21 10:28:25.446root 11241100x8000000000000000357367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01a613d2ab3acac92021-12-21 10:28:25.446root 11241100x8000000000000000357368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514c9d276ff0e46b2021-12-21 10:28:25.447root 11241100x8000000000000000357369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.478fa1e0f60a38252021-12-21 10:28:25.447root 11241100x8000000000000000357370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e13b92fd03505e22021-12-21 10:28:25.447root 11241100x8000000000000000357371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5979fe6efcc9ce82021-12-21 10:28:25.447root 11241100x8000000000000000357372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baaac652bd60dccc2021-12-21 10:28:25.447root 11241100x8000000000000000357373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae948a88c39fd4d2021-12-21 10:28:25.447root 11241100x8000000000000000357374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91cf770bead674f02021-12-21 10:28:25.447root 11241100x8000000000000000357375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e382dc70a7ce8fd2021-12-21 10:28:25.448root 11241100x8000000000000000357376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7ebda1607151bd2021-12-21 10:28:25.448root 11241100x8000000000000000357377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d88bb3a542f32582021-12-21 10:28:25.448root 11241100x8000000000000000357378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c26f0c8a752c46b2021-12-21 10:28:25.448root 11241100x8000000000000000357379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e13546e381dfb2c2021-12-21 10:28:25.448root 11241100x8000000000000000357380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216051a0f894ec812021-12-21 10:28:25.448root 11241100x8000000000000000357381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc071d2482ac1512021-12-21 10:28:25.449root 11241100x8000000000000000357382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc42098c3939dfba2021-12-21 10:28:25.449root 11241100x8000000000000000357383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851fe2ace32ae7ad2021-12-21 10:28:25.449root 11241100x8000000000000000357384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1027f98bc422cafc2021-12-21 10:28:25.449root 11241100x8000000000000000357385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4369133749d3512021-12-21 10:28:25.449root 11241100x8000000000000000357386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67905288f7e46682021-12-21 10:28:25.450root 11241100x8000000000000000357387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0874f5576b39cc8f2021-12-21 10:28:25.450root 11241100x8000000000000000357388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f932b625ff0885802021-12-21 10:28:25.450root 11241100x8000000000000000357389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09be6e8747fdb022021-12-21 10:28:25.450root 11241100x8000000000000000357390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112ba3304d6062a42021-12-21 10:28:25.450root 11241100x8000000000000000357391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb164491c6218d742021-12-21 10:28:25.450root 11241100x8000000000000000357392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d8c6138e8d63442021-12-21 10:28:25.450root 11241100x8000000000000000357393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fdd630ec73a41e42021-12-21 10:28:25.451root 11241100x8000000000000000357394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbace44deb9757762021-12-21 10:28:25.451root 11241100x8000000000000000357395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f64c300b6555e62021-12-21 10:28:25.943root 11241100x8000000000000000357396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b31db22916be57f2021-12-21 10:28:25.943root 11241100x8000000000000000357397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2f7e374c8f33472021-12-21 10:28:25.943root 11241100x8000000000000000357398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5299e1487b169e22021-12-21 10:28:25.943root 11241100x8000000000000000357399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c57ea13e2fea5a2021-12-21 10:28:25.943root 11241100x8000000000000000357400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7586e6deccc5e9a2021-12-21 10:28:25.943root 11241100x8000000000000000357401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aee51766fa78b5602021-12-21 10:28:25.943root 11241100x8000000000000000357402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb675cef87d401222021-12-21 10:28:25.944root 11241100x8000000000000000357403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e541b87e83edde2021-12-21 10:28:25.944root 11241100x8000000000000000357404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a20435c7ca7a5ac2021-12-21 10:28:25.944root 11241100x8000000000000000357405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982fafe7eefbf51a2021-12-21 10:28:25.944root 11241100x8000000000000000357406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb30186a7e476962021-12-21 10:28:25.944root 11241100x8000000000000000357407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80938e38521a5e682021-12-21 10:28:25.944root 11241100x8000000000000000357408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9874d4e01c1729f2021-12-21 10:28:25.945root 11241100x8000000000000000357409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc15df63ad8608652021-12-21 10:28:25.945root 11241100x8000000000000000357410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5661482ea6c424d92021-12-21 10:28:25.945root 11241100x8000000000000000357411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.900b63e97b6b684d2021-12-21 10:28:25.945root 11241100x8000000000000000357412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1800612df2414902021-12-21 10:28:25.945root 11241100x8000000000000000357413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3652116aecb041332021-12-21 10:28:25.945root 11241100x8000000000000000357414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2fc3cd5fd727c2f2021-12-21 10:28:25.945root 11241100x8000000000000000357415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1fa79f34e4fd852021-12-21 10:28:25.946root 11241100x8000000000000000357416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffeb81136df460462021-12-21 10:28:25.946root 11241100x8000000000000000357417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4c85bf7cf459ff2021-12-21 10:28:25.946root 11241100x8000000000000000357418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca758148bd931e072021-12-21 10:28:25.946root 11241100x8000000000000000357419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753d6e32bf3b13c02021-12-21 10:28:25.946root 11241100x8000000000000000357420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb368fa78525c8e2021-12-21 10:28:25.946root 11241100x8000000000000000357421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e60901c481d4e592021-12-21 10:28:25.946root 11241100x8000000000000000357422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb690da9d98273772021-12-21 10:28:25.947root 11241100x8000000000000000357423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c86197e52fff672021-12-21 10:28:25.947root 11241100x8000000000000000357424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc42f16e4698a8f72021-12-21 10:28:25.947root 11241100x8000000000000000357425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef43dca879fd3292021-12-21 10:28:25.947root 11241100x8000000000000000357426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864f06ddfec7c2712021-12-21 10:28:25.947root 11241100x8000000000000000357427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ee56136870f0f62021-12-21 10:28:25.947root 11241100x8000000000000000357428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.010dc38df4cd6eca2021-12-21 10:28:25.947root 11241100x8000000000000000357429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0043ae94b0726a9f2021-12-21 10:28:25.948root 11241100x8000000000000000357430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ca3c093b00dd8d2021-12-21 10:28:25.948root 11241100x8000000000000000357431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83836494e0a1f55e2021-12-21 10:28:25.948root 11241100x8000000000000000357432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b51bb1fd1239432021-12-21 10:28:25.948root 11241100x8000000000000000357433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab96c136ebc160ca2021-12-21 10:28:25.948root 11241100x8000000000000000357434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2012ababc6c6ea82021-12-21 10:28:25.948root 11241100x8000000000000000357435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69ad9d4076b16b1b2021-12-21 10:28:25.948root 11241100x8000000000000000357436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf38cdd774d655b2021-12-21 10:28:25.948root 11241100x8000000000000000357437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd2e90beedfc4d72021-12-21 10:28:25.948root 11241100x8000000000000000357438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b37e8d3992539a2021-12-21 10:28:25.948root 11241100x8000000000000000357439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4caa2bda52d78c2021-12-21 10:28:25.949root 11241100x8000000000000000357440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30abb564b0ebf5e42021-12-21 10:28:25.949root 11241100x8000000000000000357441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58a0222167a21abf2021-12-21 10:28:25.949root 11241100x8000000000000000357442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600858d0b62b63ce2021-12-21 10:28:25.949root 11241100x8000000000000000357443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be28b2b4b07c6bfe2021-12-21 10:28:25.949root 11241100x8000000000000000357444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e4d61330be0fad2021-12-21 10:28:25.949root 11241100x8000000000000000357445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d448db33d14d4a2021-12-21 10:28:25.949root 11241100x8000000000000000357446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb92214e7b967982021-12-21 10:28:25.949root 11241100x8000000000000000357447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ecfcc60e3221092021-12-21 10:28:25.950root 11241100x8000000000000000357448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693fd6c10261a6642021-12-21 10:28:25.950root 11241100x8000000000000000357449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaee78371396bd712021-12-21 10:28:25.950root 11241100x8000000000000000357450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f293455c6ab02772021-12-21 10:28:25.950root 11241100x8000000000000000357451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d52214f07d9dfbd2021-12-21 10:28:25.950root 11241100x8000000000000000357452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b1e748052a95c02021-12-21 10:28:25.950root 11241100x8000000000000000357453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9330d8e492ac8de2021-12-21 10:28:25.950root 11241100x8000000000000000357454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cab2774fedb78752021-12-21 10:28:25.950root 11241100x8000000000000000357455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5fe3527555e3532021-12-21 10:28:25.950root 11241100x8000000000000000357456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.156601a4598ccd842021-12-21 10:28:25.951root 11241100x8000000000000000357457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e01e76b695a825e42021-12-21 10:28:25.951root 11241100x8000000000000000357458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceaeb71681af1f252021-12-21 10:28:25.951root 11241100x8000000000000000357459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546dec139adcaa862021-12-21 10:28:25.951root 11241100x8000000000000000357460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1553d36edd90322021-12-21 10:28:25.951root 11241100x8000000000000000357461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc4b158866f5ce912021-12-21 10:28:25.951root 11241100x8000000000000000357462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95900470f85f92942021-12-21 10:28:25.951root 11241100x8000000000000000357463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17c9cfe73201a1252021-12-21 10:28:25.951root 11241100x8000000000000000357464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ae1f9a16363c922021-12-21 10:28:25.951root 11241100x8000000000000000357465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60ea338637cad4c22021-12-21 10:28:25.952root 11241100x8000000000000000357466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcabac5341988d152021-12-21 10:28:25.952root 11241100x8000000000000000357467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:25.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf17b9c956622652021-12-21 10:28:25.952root 11241100x8000000000000000357468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f381abfa2519499e2021-12-21 10:28:26.443root 11241100x8000000000000000357469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff49b26cbc7141d82021-12-21 10:28:26.443root 11241100x8000000000000000357470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7910f015dc3d94e2021-12-21 10:28:26.443root 11241100x8000000000000000357471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2787cd70ffabf9d72021-12-21 10:28:26.443root 11241100x8000000000000000357472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2283edd27f57add42021-12-21 10:28:26.444root 11241100x8000000000000000357473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a1921a191c3f542021-12-21 10:28:26.444root 11241100x8000000000000000357474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8effa9179dd8d532021-12-21 10:28:26.444root 11241100x8000000000000000357475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1605e24bfc27a72021-12-21 10:28:26.445root 11241100x8000000000000000357476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4c2789a4eef2442021-12-21 10:28:26.445root 11241100x8000000000000000357477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd97f86641657db2021-12-21 10:28:26.446root 11241100x8000000000000000357478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3915487d66c3d82021-12-21 10:28:26.446root 11241100x8000000000000000357479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12561874918dac932021-12-21 10:28:26.446root 11241100x8000000000000000357480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d18f73c941667b2021-12-21 10:28:26.448root 11241100x8000000000000000357481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdef8f475cd8490d2021-12-21 10:28:26.448root 11241100x8000000000000000357482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23952d26384b66072021-12-21 10:28:26.449root 11241100x8000000000000000357483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0424896238cd3ba12021-12-21 10:28:26.449root 11241100x8000000000000000357484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2e55dacc2bbf372021-12-21 10:28:26.449root 11241100x8000000000000000357485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1b04a9a25a39372021-12-21 10:28:26.449root 11241100x8000000000000000357486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d710b8b714bbc6762021-12-21 10:28:26.449root 11241100x8000000000000000357487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d60aad8c7920f8e2021-12-21 10:28:26.449root 11241100x8000000000000000357488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772f02034d8317f52021-12-21 10:28:26.449root 11241100x8000000000000000357489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca6eac3709c44562021-12-21 10:28:26.449root 11241100x8000000000000000357490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3262f722239df622021-12-21 10:28:26.449root 11241100x8000000000000000357491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5267dcc756e71f12021-12-21 10:28:26.449root 11241100x8000000000000000357492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f87f0b7fe6e54eaf2021-12-21 10:28:26.450root 11241100x8000000000000000357493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be0ef56a249baba2021-12-21 10:28:26.450root 11241100x8000000000000000357494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e22d6dbecb9054752021-12-21 10:28:26.450root 11241100x8000000000000000357495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04e1bdda09ba6a292021-12-21 10:28:26.450root 11241100x8000000000000000357496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ceff19b6a706992021-12-21 10:28:26.450root 11241100x8000000000000000357497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.472b8fc36259de502021-12-21 10:28:26.450root 11241100x8000000000000000357498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3c9eb99f43e0a02021-12-21 10:28:26.450root 11241100x8000000000000000357499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13111059c1992e02021-12-21 10:28:26.450root 11241100x8000000000000000357500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314638deda9534c62021-12-21 10:28:26.450root 11241100x8000000000000000357501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c28698e11e79982021-12-21 10:28:26.450root 11241100x8000000000000000357502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a0538cbd84a7742021-12-21 10:28:26.451root 11241100x8000000000000000357503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35f4258c108725c2021-12-21 10:28:26.451root 11241100x8000000000000000357504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea547f6d8713912a2021-12-21 10:28:26.451root 11241100x8000000000000000357505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06befdc216ccfee52021-12-21 10:28:26.451root 11241100x8000000000000000357506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91a6125d17169c392021-12-21 10:28:26.452root 11241100x8000000000000000357507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.638456a076dcb92b2021-12-21 10:28:26.452root 11241100x8000000000000000357508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aafacbe018fd931b2021-12-21 10:28:26.452root 11241100x8000000000000000357509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9880aac068b3fc502021-12-21 10:28:26.453root 11241100x8000000000000000357510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d54e93aa898d242021-12-21 10:28:26.453root 11241100x8000000000000000357511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed8acdc2c1817302021-12-21 10:28:26.453root 11241100x8000000000000000357512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e55f8a5a9c66312021-12-21 10:28:26.453root 11241100x8000000000000000357513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893207f7b39b12e22021-12-21 10:28:26.454root 11241100x8000000000000000357514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ffe97a4fc2f10a2021-12-21 10:28:26.454root 11241100x8000000000000000357515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a287569e3237a7162021-12-21 10:28:26.454root 11241100x8000000000000000357516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e52f9207168498d12021-12-21 10:28:26.454root 11241100x8000000000000000357517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591f2f27c8e740dc2021-12-21 10:28:26.455root 11241100x8000000000000000357518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7067567f9f51fd62021-12-21 10:28:26.455root 11241100x8000000000000000357519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8772ca00b6ceaab2021-12-21 10:28:26.942root 11241100x8000000000000000357520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af6b3b1e8e427c412021-12-21 10:28:26.943root 11241100x8000000000000000357521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e574b8b35b0eebc2021-12-21 10:28:26.943root 11241100x8000000000000000357522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fbe9a6d33dc632a2021-12-21 10:28:26.943root 11241100x8000000000000000357523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b90c233d5132242021-12-21 10:28:26.943root 11241100x8000000000000000357524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee6786d6e3d20a42021-12-21 10:28:26.943root 11241100x8000000000000000357525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3011b9465a3771b2021-12-21 10:28:26.943root 11241100x8000000000000000357526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c646274027f67e72021-12-21 10:28:26.944root 11241100x8000000000000000357527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ea0e8a887f79fa2021-12-21 10:28:26.944root 11241100x8000000000000000357528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21bae02962e4ea4c2021-12-21 10:28:26.944root 11241100x8000000000000000357529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2de26177a7982b2021-12-21 10:28:26.944root 11241100x8000000000000000357530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8f7c5da1ab981062021-12-21 10:28:26.944root 11241100x8000000000000000357531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c3a3c6e08e81132021-12-21 10:28:26.944root 11241100x8000000000000000357532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1fb365cb19af8d92021-12-21 10:28:26.944root 11241100x8000000000000000357533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0c8902a8f9c1e962021-12-21 10:28:26.944root 11241100x8000000000000000357534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d79e17173028b032021-12-21 10:28:26.944root 11241100x8000000000000000357535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682ad70c141bee7c2021-12-21 10:28:26.944root 11241100x8000000000000000357536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4688adcc926299222021-12-21 10:28:26.944root 11241100x8000000000000000357537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc3d0d1e409b4232021-12-21 10:28:26.944root 11241100x8000000000000000357538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9c6a6bc0e640f02021-12-21 10:28:26.945root 11241100x8000000000000000357539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4e2e4b7d3ac65a2021-12-21 10:28:26.945root 11241100x8000000000000000357540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a40350df8ff6fd2021-12-21 10:28:26.945root 11241100x8000000000000000357541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8261df2c7f9e6da92021-12-21 10:28:26.945root 11241100x8000000000000000357542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb572bd8e9187c072021-12-21 10:28:26.945root 11241100x8000000000000000357543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b16079de8557e32021-12-21 10:28:26.945root 11241100x8000000000000000357544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dabacd1d4ea5d1382021-12-21 10:28:26.945root 11241100x8000000000000000357545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a392646b68eb96b62021-12-21 10:28:26.945root 11241100x8000000000000000357546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ece60bd294124212021-12-21 10:28:26.945root 11241100x8000000000000000357547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43519c221605773c2021-12-21 10:28:26.945root 11241100x8000000000000000357548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00cbc3dd94ef2dbd2021-12-21 10:28:26.945root 11241100x8000000000000000357549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3b762f3e7cbbaf2021-12-21 10:28:26.946root 11241100x8000000000000000357550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0ca52f7fb49b752021-12-21 10:28:26.946root 11241100x8000000000000000357551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0f4569ca1b07dd52021-12-21 10:28:26.946root 11241100x8000000000000000357552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883fe9d7ce1fbfab2021-12-21 10:28:26.946root 11241100x8000000000000000357553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d01d6b9077b10d272021-12-21 10:28:26.946root 11241100x8000000000000000357554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a9728684e522c7f2021-12-21 10:28:26.946root 11241100x8000000000000000357555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e5a6d060711364d2021-12-21 10:28:26.946root 11241100x8000000000000000357556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94988f6fb37cdd0b2021-12-21 10:28:26.946root 11241100x8000000000000000357557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee9311aa21430332021-12-21 10:28:26.946root 11241100x8000000000000000357558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39d19e795ba26fa2021-12-21 10:28:26.946root 11241100x8000000000000000357559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa3ba5ca4bbca082021-12-21 10:28:26.946root 11241100x8000000000000000357560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d07352f9e816be2021-12-21 10:28:26.947root 11241100x8000000000000000357561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c84e30bb6c99882021-12-21 10:28:26.947root 11241100x8000000000000000357562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5801a86ed332332021-12-21 10:28:26.947root 11241100x8000000000000000357563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318511d140a92fab2021-12-21 10:28:26.947root 11241100x8000000000000000357564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ce5080cd2065d742021-12-21 10:28:26.947root 11241100x8000000000000000357565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87346774f838fad92021-12-21 10:28:26.947root 11241100x8000000000000000357566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e737522a7d826982021-12-21 10:28:26.947root 11241100x8000000000000000357567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4942cb56f18b622021-12-21 10:28:26.947root 11241100x8000000000000000357568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.658b3ad06369499e2021-12-21 10:28:26.947root 11241100x8000000000000000357569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6870270c1ba92812021-12-21 10:28:26.947root 11241100x8000000000000000357570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155cc11c907dd5bf2021-12-21 10:28:26.948root 11241100x8000000000000000357571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ece05273ddeeb2352021-12-21 10:28:26.948root 11241100x8000000000000000357572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432f1ea4f1db19862021-12-21 10:28:26.948root 11241100x8000000000000000357573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7553a1e44205c4022021-12-21 10:28:26.948root 11241100x8000000000000000357574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037373c8b1e998102021-12-21 10:28:26.948root 11241100x8000000000000000357575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a837be980d0582d2021-12-21 10:28:26.948root 11241100x8000000000000000357576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7aa9d1e4eb1640a2021-12-21 10:28:26.948root 11241100x8000000000000000357577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b75ba804b28937e2021-12-21 10:28:26.948root 11241100x8000000000000000357578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8741dfbc82da7a2021-12-21 10:28:26.948root 11241100x8000000000000000357579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24b03c2ba1220632021-12-21 10:28:26.948root 11241100x8000000000000000357580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1155a185a5ffce1f2021-12-21 10:28:26.948root 11241100x8000000000000000357581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f36bcd6a7b70e42021-12-21 10:28:26.948root 11241100x8000000000000000357582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231e4d6a1becd8162021-12-21 10:28:26.949root 11241100x8000000000000000357583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2db7975d4981b132021-12-21 10:28:26.949root 11241100x8000000000000000357584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.851850583cd837552021-12-21 10:28:26.949root 11241100x8000000000000000357585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfceb1c8c2885652021-12-21 10:28:26.949root 11241100x8000000000000000357586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2ffb8992896cf92021-12-21 10:28:26.949root 11241100x8000000000000000357587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bec06ffe0c88fb22021-12-21 10:28:26.949root 11241100x8000000000000000357588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbc847fa1c3ebaf82021-12-21 10:28:26.949root 11241100x8000000000000000357589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897dac9de18989b02021-12-21 10:28:26.949root 11241100x8000000000000000357590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.288e36aa5888ca2c2021-12-21 10:28:26.949root 11241100x8000000000000000357591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba58e9ea5e3b43c2021-12-21 10:28:26.949root 11241100x8000000000000000357592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01d2214b9aee6d972021-12-21 10:28:26.949root 11241100x8000000000000000357593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970cfc24358d6c142021-12-21 10:28:26.949root 11241100x8000000000000000357594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9366c981dd9aa4292021-12-21 10:28:26.949root 11241100x8000000000000000357595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.858ea0415d921e372021-12-21 10:28:26.949root 11241100x8000000000000000357596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f500106538a01cc52021-12-21 10:28:26.949root 11241100x8000000000000000357597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26241d0f22cc03752021-12-21 10:28:26.950root 11241100x8000000000000000357598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5aee029ec1053d82021-12-21 10:28:26.950root 11241100x8000000000000000357599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af03d23068b33bbe2021-12-21 10:28:26.950root 11241100x8000000000000000357600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207eb0b36839ba6b2021-12-21 10:28:26.950root 11241100x8000000000000000357601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fefd6e776b89e1c2021-12-21 10:28:26.950root 11241100x8000000000000000357602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc5efa96eb656462021-12-21 10:28:26.950root 11241100x8000000000000000357603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dea4e205541f0bc2021-12-21 10:28:26.950root 11241100x8000000000000000357604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5aa518767890be22021-12-21 10:28:26.950root 11241100x8000000000000000357605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f7eece6a4155df2021-12-21 10:28:26.950root 11241100x8000000000000000357606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ccc48960f61ebf2021-12-21 10:28:26.950root 11241100x8000000000000000357607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c48d3eeb3ec0f72021-12-21 10:28:26.950root 11241100x8000000000000000357608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df54ce1426b5a80d2021-12-21 10:28:26.950root 11241100x8000000000000000357609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b7538108f1e0b12021-12-21 10:28:26.950root 11241100x8000000000000000357610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b34957fe81a81142021-12-21 10:28:26.950root 11241100x8000000000000000357611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d8a0cf757f0c1c2021-12-21 10:28:26.950root 11241100x8000000000000000357612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3d19106a8b61cf2021-12-21 10:28:26.951root 11241100x8000000000000000357613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.473766d89adbff912021-12-21 10:28:26.951root 11241100x8000000000000000357614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6cafe982aac306f2021-12-21 10:28:26.951root 11241100x8000000000000000357615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a64d6a8014a9a2372021-12-21 10:28:26.951root 11241100x8000000000000000357616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d46bf48dcb7047e2021-12-21 10:28:26.951root 11241100x8000000000000000357617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07517784c3d2a4a82021-12-21 10:28:26.951root 11241100x8000000000000000357618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a87df6bdbda88b2021-12-21 10:28:26.952root 11241100x8000000000000000357619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69f6343078277232021-12-21 10:28:26.952root 11241100x8000000000000000357620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7159a2c8b5b7d212021-12-21 10:28:26.952root 11241100x8000000000000000357621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757ebaf0805213ad2021-12-21 10:28:26.952root 11241100x8000000000000000357622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef8ef640a0e52152021-12-21 10:28:26.952root 11241100x8000000000000000357623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03da50c10d6f0a442021-12-21 10:28:26.952root 11241100x8000000000000000357624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190614d21914fa362021-12-21 10:28:26.953root 11241100x8000000000000000357625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd1cf3304bf03a72021-12-21 10:28:26.953root 11241100x8000000000000000357626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef374c8dae27e0cf2021-12-21 10:28:26.953root 11241100x8000000000000000357627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:26.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc61249e39a217f2021-12-21 10:28:26.953root 154100x8000000000000000357681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:37.116{ec2b6afe-ac55-61c1-e8b6-ee8c6b550000}5704/bin/ls-----ls --color=auto -l/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash-bashubuntu 534500x8000000000000000357682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:37.118{ec2b6afe-ac55-61c1-e8b6-ee8c6b550000}5704/bin/lsubuntu 11241100x8000000000000000357683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:37.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826ff1158b203a642021-12-21 10:28:37.442root 11241100x8000000000000000357684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:37.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890644af3a348e932021-12-21 10:28:37.443root 11241100x8000000000000000357685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:37.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30d5a05174945e402021-12-21 10:28:37.942root 11241100x8000000000000000357686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:37.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0b8348591e6dce2021-12-21 10:28:37.942root 11241100x8000000000000000357687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:38.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86badb6d9cf821342021-12-21 10:28:38.442root 11241100x8000000000000000357688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:38.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508fc4a4602c0d5b2021-12-21 10:28:38.442root 11241100x8000000000000000357689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:38.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97c289ae2f8286b2021-12-21 10:28:38.942root 11241100x8000000000000000357690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:38.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c152e5d5bf88b6e12021-12-21 10:28:38.942root 354300x8000000000000000357691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:39.174{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47154-false10.0.1.12-8000- 23542300x8000000000000000357692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:39.349{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000357693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:39.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51977cc97cebc9282021-12-21 10:28:39.349root 11241100x8000000000000000357694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:39.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20853f6d501a03d82021-12-21 10:28:39.349root 11241100x8000000000000000357695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:39.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238bc9c3fcf8a1572021-12-21 10:28:39.350root 11241100x8000000000000000357696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:39.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39fc1866aa3af7b42021-12-21 10:28:39.350root 11241100x8000000000000000357697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bcdd5ae1ba7640b2021-12-21 10:28:39.693root 11241100x8000000000000000357698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646479cea3fe89ba2021-12-21 10:28:39.694root 11241100x8000000000000000357699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d46e0db52352e2ad2021-12-21 10:28:39.694root 11241100x8000000000000000357700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a4096bb70a9bed42021-12-21 10:28:39.694root 11241100x8000000000000000357701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:40.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff319d974c48fd122021-12-21 10:28:40.192root 11241100x8000000000000000357702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b865251cf68583a2021-12-21 10:28:40.193root 11241100x8000000000000000357703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c1a01168cf5fe72021-12-21 10:28:40.193root 11241100x8000000000000000357704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d225ed565c3842d12021-12-21 10:28:40.193root 11241100x8000000000000000357705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8db5a25a6776bfe2021-12-21 10:28:40.693root 11241100x8000000000000000357706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deb76af913aca12e2021-12-21 10:28:40.693root 11241100x8000000000000000357707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc1193f1ce4a3412021-12-21 10:28:40.693root 11241100x8000000000000000357708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6554f405a24ebe302021-12-21 10:28:40.693root 534500x8000000000000000357709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:40.779{00000000-0000-0000-0000-000000000000}5705<unknown process>ubuntu 534500x8000000000000000357710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:40.781{00000000-0000-0000-0000-000000000000}5706<unknown process>ubuntu 11241100x8000000000000000357711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:40.781{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash/tmp/sh-thd.lDn0Ma2021-12-21 10:28:40.781ubuntu 23542300x8000000000000000357712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:40.781{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677ubuntu/bin/bash/tmp/sh-thd.lDn0Ma--- 11241100x8000000000000000357713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0c76acdc8aa8982021-12-21 10:28:41.193root 11241100x8000000000000000357714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee5cbaeddc89b462021-12-21 10:28:41.193root 11241100x8000000000000000357715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb91f1ff055153982021-12-21 10:28:41.193root 11241100x8000000000000000357716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e795cd577336da2021-12-21 10:28:41.193root 11241100x8000000000000000357717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03cecb4aa68da0d2021-12-21 10:28:41.193root 11241100x8000000000000000357718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26e74e9c8ebeb8a2021-12-21 10:28:41.193root 11241100x8000000000000000357719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb49cdefc16a2f072021-12-21 10:28:41.193root 11241100x8000000000000000357720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e803f78477d605db2021-12-21 10:28:41.193root 154100x8000000000000000357721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:41.208{ec2b6afe-ac59-61c1-8012-0a519a550000}5707/bin/nano-----nano mod_sudoer.sh/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash-bashubuntu 11241100x8000000000000000357722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:41.295{ec2b6afe-ac59-61c1-8012-0a519a550000}5707/bin/nano/home/ubuntu/.mod_sudoer.sh.swp2021-12-21 10:28:41.295ubuntu 11241100x8000000000000000357723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.361c2d7e3a1a90a92021-12-21 10:28:41.693root 11241100x8000000000000000357724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0202175a55800e822021-12-21 10:28:41.693root 11241100x8000000000000000357725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c53124ddb51767a02021-12-21 10:28:41.693root 11241100x8000000000000000357726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ec203c5932935942021-12-21 10:28:41.693root 11241100x8000000000000000357727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08bf4bfe6c572be2021-12-21 10:28:41.694root 11241100x8000000000000000357728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e58dbd70fc155c2021-12-21 10:28:41.694root 11241100x8000000000000000357729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcd5d825269602d2021-12-21 10:28:41.694root 11241100x8000000000000000357730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70618971c0026dbf2021-12-21 10:28:41.694root 11241100x8000000000000000357731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e192000d499c25d42021-12-21 10:28:41.694root 11241100x8000000000000000357732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93873841693612ba2021-12-21 10:28:41.695root 11241100x8000000000000000357733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b673c563a5b833c02021-12-21 10:28:42.193root 11241100x8000000000000000357734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077fef083d9cec5f2021-12-21 10:28:42.193root 11241100x8000000000000000357735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a49220cb5ca9a12021-12-21 10:28:42.193root 11241100x8000000000000000357736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ea6fb013f34f342021-12-21 10:28:42.194root 11241100x8000000000000000357737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac96e9b9e5637662021-12-21 10:28:42.194root 11241100x8000000000000000357738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53e90b94fa6f67102021-12-21 10:28:42.194root 11241100x8000000000000000357739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8330b7276ddec1a72021-12-21 10:28:42.194root 11241100x8000000000000000357740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2b63cfc99e7b072021-12-21 10:28:42.194root 11241100x8000000000000000357741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af85cad6768c0e532021-12-21 10:28:42.194root 11241100x8000000000000000357742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c2dd6c4157ebf342021-12-21 10:28:42.194root 11241100x8000000000000000357743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a065c2a067f00f32021-12-21 10:28:42.693root 11241100x8000000000000000357744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a39c63dfefb5e1042021-12-21 10:28:42.693root 11241100x8000000000000000357745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4454355ea2d14d3f2021-12-21 10:28:42.693root 11241100x8000000000000000357746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcae49c04f9f2eb82021-12-21 10:28:42.693root 11241100x8000000000000000357747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc2253b1ef6b46e2021-12-21 10:28:42.693root 11241100x8000000000000000357748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62764aa160093372021-12-21 10:28:42.694root 11241100x8000000000000000357749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b976322e41ae652021-12-21 10:28:42.694root 11241100x8000000000000000357750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b91bf9160210142021-12-21 10:28:42.694root 11241100x8000000000000000357751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725fa94628dd03392021-12-21 10:28:42.694root 11241100x8000000000000000357752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d182744fa6171872021-12-21 10:28:42.694root 11241100x8000000000000000357753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edfdb7b88aff8182021-12-21 10:28:43.193root 11241100x8000000000000000357754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79386442223525162021-12-21 10:28:43.193root 11241100x8000000000000000357755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.704397cda5f0814b2021-12-21 10:28:43.194root 11241100x8000000000000000357756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c490dd61b8cb36dd2021-12-21 10:28:43.194root 11241100x8000000000000000357757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f5cda61604a94f22021-12-21 10:28:43.194root 11241100x8000000000000000357758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2057a628ea1969e22021-12-21 10:28:43.195root 11241100x8000000000000000357759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.625c434041c12f512021-12-21 10:28:43.195root 11241100x8000000000000000357760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752a5d93ecb6bc6e2021-12-21 10:28:43.195root 11241100x8000000000000000357761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4af2d78336072332021-12-21 10:28:43.196root 11241100x8000000000000000357762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978a77aa6c3ec7492021-12-21 10:28:43.196root 11241100x8000000000000000357763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2a50806ee05ad8a2021-12-21 10:28:43.693root 11241100x8000000000000000357764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c7b5c3c1dac60e2021-12-21 10:28:43.693root 11241100x8000000000000000357765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b479463a211c3dd52021-12-21 10:28:43.693root 11241100x8000000000000000357766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00eaabbc77c4e7c22021-12-21 10:28:43.693root 11241100x8000000000000000357767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7672fdd8f1bbb32021-12-21 10:28:43.693root 11241100x8000000000000000357768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7a56e101b13ab1c2021-12-21 10:28:43.693root 11241100x8000000000000000357769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71be6552e4dfd0f22021-12-21 10:28:43.693root 11241100x8000000000000000357770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b368575513cd3eb32021-12-21 10:28:43.693root 11241100x8000000000000000357771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4a9177e298636b2021-12-21 10:28:43.694root 11241100x8000000000000000357772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91cbfd462050be02021-12-21 10:28:43.694root 11241100x8000000000000000357773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895ecd38278bd0312021-12-21 10:28:44.193root 11241100x8000000000000000357774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe46db3520ecc202021-12-21 10:28:44.193root 11241100x8000000000000000357775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06cce455df5b79322021-12-21 10:28:44.193root 11241100x8000000000000000357776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735be5db0b88cb462021-12-21 10:28:44.193root 11241100x8000000000000000357777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4fbd309675b00932021-12-21 10:28:44.193root 11241100x8000000000000000357778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e45e0a23964b85d2021-12-21 10:28:44.194root 11241100x8000000000000000357779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b0e1aab09371102021-12-21 10:28:44.194root 11241100x8000000000000000357780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b85f401956e103e2021-12-21 10:28:44.194root 11241100x8000000000000000357781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7246364e6c564e2021-12-21 10:28:44.194root 11241100x8000000000000000357782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29aba9edb191d5792021-12-21 10:28:44.194root 11241100x8000000000000000357783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb98dfce28dfbc982021-12-21 10:28:44.693root 11241100x8000000000000000357784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a9566c427cc45b62021-12-21 10:28:44.693root 11241100x8000000000000000357785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab5ee5ec100afa22021-12-21 10:28:44.693root 11241100x8000000000000000357786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92ea1547d4688c42021-12-21 10:28:44.694root 11241100x8000000000000000357787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6e42cdaf739cdd2021-12-21 10:28:44.694root 11241100x8000000000000000357788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1acb3761854850812021-12-21 10:28:44.694root 11241100x8000000000000000357789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f499589053a8042021-12-21 10:28:44.694root 11241100x8000000000000000357790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc9e1c78e0946c022021-12-21 10:28:44.694root 11241100x8000000000000000357791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a32d4421b66d5562021-12-21 10:28:44.694root 11241100x8000000000000000357792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09fae9cc1a09fa442021-12-21 10:28:44.695root 354300x8000000000000000357793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.021{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47156-false10.0.1.12-8000- 11241100x8000000000000000357794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.021{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f11f6ff0ed7ef712021-12-21 10:28:45.021root 11241100x8000000000000000357795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a134349f3d38c472021-12-21 10:28:45.022root 11241100x8000000000000000357796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940f6dfda96de6232021-12-21 10:28:45.022root 11241100x8000000000000000357797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6a684fae1e7f252021-12-21 10:28:45.022root 11241100x8000000000000000357798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1801c6d8443386042021-12-21 10:28:45.022root 11241100x8000000000000000357799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b627789997b45872021-12-21 10:28:45.022root 11241100x8000000000000000357800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2bf8c2ff1f61682021-12-21 10:28:45.022root 11241100x8000000000000000357801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f79a162f6c2ee712021-12-21 10:28:45.022root 11241100x8000000000000000357802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742eafa23732d77c2021-12-21 10:28:45.022root 11241100x8000000000000000357803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de606622402ee9c02021-12-21 10:28:45.022root 11241100x8000000000000000357804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.022{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955d56c63bc5d0f22021-12-21 10:28:45.022root 23542300x8000000000000000357805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.122{ec2b6afe-ac59-61c1-8012-0a519a550000}5707ubuntu/bin/nano/home/ubuntu/./.mod_sudoer.sh.swp--- 11241100x8000000000000000357806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.122{ec2b6afe-ac59-61c1-8012-0a519a550000}5707/bin/nano/home/ubuntu/.mod_sudoer.sh.swp2021-12-21 10:28:45.122ubuntu 11241100x8000000000000000357807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63585752693c3be22021-12-21 10:28:45.443root 11241100x8000000000000000357808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.278702fcaa2472bf2021-12-21 10:28:45.443root 11241100x8000000000000000357809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1e988a5d79505a2021-12-21 10:28:45.443root 11241100x8000000000000000357810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429d15196552f5d02021-12-21 10:28:45.443root 11241100x8000000000000000357811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50f469d784168c712021-12-21 10:28:45.443root 11241100x8000000000000000357812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a280d4a9a8b58032021-12-21 10:28:45.443root 11241100x8000000000000000357813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef9a0b01a54d0fd2021-12-21 10:28:45.443root 11241100x8000000000000000357814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd220fda761b5912021-12-21 10:28:45.443root 11241100x8000000000000000357815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edefc2508d3848642021-12-21 10:28:45.444root 11241100x8000000000000000357816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2e90a0aee2316b2021-12-21 10:28:45.444root 11241100x8000000000000000357817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b560e48e9338c06c2021-12-21 10:28:45.444root 11241100x8000000000000000357818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed01b5af6cd5783c2021-12-21 10:28:45.444root 11241100x8000000000000000357819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5702e25d03c3fc2b2021-12-21 10:28:45.444root 11241100x8000000000000000357820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b36660efb2e40262021-12-21 10:28:45.943root 11241100x8000000000000000357821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a489ba7c505d0572021-12-21 10:28:45.943root 11241100x8000000000000000357822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e37145452fe706f2021-12-21 10:28:45.943root 11241100x8000000000000000357823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c5972d68433d622021-12-21 10:28:45.943root 11241100x8000000000000000357824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e1245430e61e5b2021-12-21 10:28:45.943root 11241100x8000000000000000357825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42945748634b3132021-12-21 10:28:45.943root 11241100x8000000000000000357826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7baff6d643cb6e3f2021-12-21 10:28:45.943root 11241100x8000000000000000357827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd9b4d8a2caa56a2021-12-21 10:28:45.943root 11241100x8000000000000000357828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e0c0282666e18b2021-12-21 10:28:45.944root 11241100x8000000000000000357829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2800810420f2f98b2021-12-21 10:28:45.944root 11241100x8000000000000000357830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167ece91cb8091e12021-12-21 10:28:45.944root 11241100x8000000000000000357831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f646f0b2efc1972021-12-21 10:28:45.944root 11241100x8000000000000000357832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68318c8d6ff754102021-12-21 10:28:45.944root 11241100x8000000000000000357833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177502402033cefc2021-12-21 10:28:46.443root 11241100x8000000000000000357834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa48f0d3819f42f02021-12-21 10:28:46.443root 11241100x8000000000000000357835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f63e67e804f74c2021-12-21 10:28:46.443root 11241100x8000000000000000357836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a46ecb51887406a2021-12-21 10:28:46.443root 11241100x8000000000000000357837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153fbcea12ccdd552021-12-21 10:28:46.443root 11241100x8000000000000000357838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f710f96e37aa6bff2021-12-21 10:28:46.443root 11241100x8000000000000000357839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:46.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5389f082e27cd1f62021-12-21 10:28:46.443root 11241100x8000000000000000357840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7675f2ae8ae9d03f2021-12-21 10:28:46.444root 11241100x8000000000000000357841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47a4f01bebef30ef2021-12-21 10:28:46.444root 11241100x8000000000000000357842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85af5a39480ac30a2021-12-21 10:28:46.444root 11241100x8000000000000000357843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86ff83f54d367c292021-12-21 10:28:46.444root 11241100x8000000000000000357844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.721576ed4bc1f1122021-12-21 10:28:46.444root 11241100x8000000000000000357845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:46.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd06523f98788592021-12-21 10:28:46.444root 11241100x8000000000000000357846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a11ced80213115d2021-12-21 10:28:46.943root 11241100x8000000000000000357847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74dd3cf94847b23d2021-12-21 10:28:46.943root 11241100x8000000000000000357848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:46.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7568eedd7e417e112021-12-21 10:28:46.943root 11241100x8000000000000000357849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82500f0b8fabcdae2021-12-21 10:28:46.944root 11241100x8000000000000000357850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13d7830e831302582021-12-21 10:28:46.944root 11241100x8000000000000000357851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a990546044ff44932021-12-21 10:28:46.944root 11241100x8000000000000000357852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6362f982b01955912021-12-21 10:28:46.944root 11241100x8000000000000000357853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b92cb3ff6f22402021-12-21 10:28:46.944root 11241100x8000000000000000357854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef5f2b835c3349082021-12-21 10:28:46.944root 11241100x8000000000000000357855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e94d375fbe8f31c2021-12-21 10:28:46.944root 11241100x8000000000000000357856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:46.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435c42b20abc31e32021-12-21 10:28:46.944root 11241100x8000000000000000357857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80de6d5cfacb3f612021-12-21 10:28:46.945root 11241100x8000000000000000357858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:46.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98efda4aa0b4839d2021-12-21 10:28:46.945root 11241100x8000000000000000357859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0ca3688d90236922021-12-21 10:28:47.443root 11241100x8000000000000000357860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbaf32a1fcaaa5772021-12-21 10:28:47.443root 11241100x8000000000000000357861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c175b5adc32ed02021-12-21 10:28:47.443root 11241100x8000000000000000357862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2acad1915e296bd2021-12-21 10:28:47.444root 11241100x8000000000000000357863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.444bd501267b972c2021-12-21 10:28:47.444root 11241100x8000000000000000357864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1262971ec8d45b2021-12-21 10:28:47.444root 11241100x8000000000000000357865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95147d1a50343e0b2021-12-21 10:28:47.444root 11241100x8000000000000000357866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ec284fa4b1e87b2021-12-21 10:28:47.445root 11241100x8000000000000000357867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6168cc203809852021-12-21 10:28:47.445root 11241100x8000000000000000357868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb0ce5339c780142021-12-21 10:28:47.445root 11241100x8000000000000000357869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3581b9b4a26a47332021-12-21 10:28:47.445root 11241100x8000000000000000357870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe84f3b002c2cc402021-12-21 10:28:47.445root 11241100x8000000000000000357871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8b1af4407294bf2021-12-21 10:28:47.445root 11241100x8000000000000000357872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0106a92a9a8a60ff2021-12-21 10:28:47.943root 11241100x8000000000000000357873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7446391d2f2c4b52021-12-21 10:28:47.943root 11241100x8000000000000000357874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56115aea107eadc82021-12-21 10:28:47.943root 11241100x8000000000000000357875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99432fda15c94ae2021-12-21 10:28:47.943root 11241100x8000000000000000357876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628cceb3dd16139d2021-12-21 10:28:47.943root 11241100x8000000000000000357877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041cb50c0a5606a92021-12-21 10:28:47.943root 11241100x8000000000000000357878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f647cfb3bccf2e2021-12-21 10:28:47.944root 11241100x8000000000000000357879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23274acb5ddacd772021-12-21 10:28:47.944root 11241100x8000000000000000357880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49615854f123654b2021-12-21 10:28:47.944root 11241100x8000000000000000357881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a64b00a0e360bb2021-12-21 10:28:47.944root 11241100x8000000000000000357882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce7cde9ee1301da2021-12-21 10:28:47.944root 11241100x8000000000000000357883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf60ea2f36315d982021-12-21 10:28:47.944root 11241100x8000000000000000357884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6fce03518d303a2021-12-21 10:28:47.944root 11241100x8000000000000000357885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ca217c24b67e6142021-12-21 10:28:48.443root 11241100x8000000000000000357886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6238c53d64a59622021-12-21 10:28:48.443root 11241100x8000000000000000357887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cadc648c0ffa840a2021-12-21 10:28:48.443root 11241100x8000000000000000357888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc793b197184e762021-12-21 10:28:48.443root 11241100x8000000000000000357889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc6f1dd0a8b701a2021-12-21 10:28:48.444root 11241100x8000000000000000357890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfbc6fa4bd7988d2021-12-21 10:28:48.444root 11241100x8000000000000000357891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127fde3aa9766bc62021-12-21 10:28:48.444root 11241100x8000000000000000357892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a80d0e0851f2bc2021-12-21 10:28:48.444root 11241100x8000000000000000357893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97f83b8a942cca02021-12-21 10:28:48.444root 11241100x8000000000000000357894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d601a1ee7c5112cc2021-12-21 10:28:48.444root 11241100x8000000000000000357895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1ce644fd3c759392021-12-21 10:28:48.444root 11241100x8000000000000000357896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.595c43e7e0fff0a52021-12-21 10:28:48.444root 11241100x8000000000000000357897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41748d8051da1482021-12-21 10:28:48.444root 11241100x8000000000000000357898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699e6b03f0f7e6992021-12-21 10:28:48.943root 11241100x8000000000000000357899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ac494f0b795dcd2021-12-21 10:28:48.943root 11241100x8000000000000000357900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.905045fb36a5998f2021-12-21 10:28:48.943root 11241100x8000000000000000357901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de3bb29bccd32722021-12-21 10:28:48.943root 11241100x8000000000000000357902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e243c2888153b52021-12-21 10:28:48.943root 11241100x8000000000000000357903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9f215700c37c1d72021-12-21 10:28:48.943root 11241100x8000000000000000357904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707a202a4987cdf42021-12-21 10:28:48.944root 11241100x8000000000000000357905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73afb556e3a3d4f62021-12-21 10:28:48.944root 11241100x8000000000000000357906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557325ee68e62cc32021-12-21 10:28:48.944root 11241100x8000000000000000357907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.078cdad7ce0b07b42021-12-21 10:28:48.944root 11241100x8000000000000000357908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0d9df3d5f5a39522021-12-21 10:28:48.944root 11241100x8000000000000000357909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e31b8c5450f38bb02021-12-21 10:28:48.944root 11241100x8000000000000000357910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053198dbd0d738f72021-12-21 10:28:48.944root 11241100x8000000000000000357911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94643dbd66a441872021-12-21 10:28:49.443root 11241100x8000000000000000357912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c049511da4b13c2021-12-21 10:28:49.443root 11241100x8000000000000000357913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc16723dcc309e622021-12-21 10:28:49.443root 11241100x8000000000000000357914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63fe025b68b658f12021-12-21 10:28:49.443root 11241100x8000000000000000357915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c3c570933879f92021-12-21 10:28:49.444root 11241100x8000000000000000357916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59dcecf6f028e8932021-12-21 10:28:49.444root 11241100x8000000000000000357917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77ccfa7d2e1ad6252021-12-21 10:28:49.444root 11241100x8000000000000000357918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b282ec9b26b15082021-12-21 10:28:49.444root 11241100x8000000000000000357919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79bbbecc3f990a2f2021-12-21 10:28:49.444root 11241100x8000000000000000357920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2064374d55d0e92021-12-21 10:28:49.444root 11241100x8000000000000000357921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71bf56b16ea4afd92021-12-21 10:28:49.444root 11241100x8000000000000000357922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e1e963e02600b42021-12-21 10:28:49.444root 11241100x8000000000000000357923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60889b2c729be732021-12-21 10:28:49.444root 11241100x8000000000000000357924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a57d46ebb5c04b12021-12-21 10:28:49.943root 11241100x8000000000000000357925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71630edabc33d1bc2021-12-21 10:28:49.943root 11241100x8000000000000000357926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9ce7445f63c4602021-12-21 10:28:49.943root 11241100x8000000000000000357927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671b4c3cabe71dcd2021-12-21 10:28:49.943root 11241100x8000000000000000357928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44576768e935c3ce2021-12-21 10:28:49.943root 11241100x8000000000000000357929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4bb1a5853751802021-12-21 10:28:49.943root 11241100x8000000000000000357930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e06f9b246eaf7212021-12-21 10:28:49.943root 11241100x8000000000000000357931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59afc4765f7391d92021-12-21 10:28:49.943root 11241100x8000000000000000357932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81c8fe0ad7b1ee0f2021-12-21 10:28:49.943root 11241100x8000000000000000357933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8368b6ec16f095d2021-12-21 10:28:49.943root 11241100x8000000000000000357934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fcd3461a5831f3f2021-12-21 10:28:49.944root 11241100x8000000000000000357935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131038edd9d9140a2021-12-21 10:28:49.944root 11241100x8000000000000000357936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.409384f6d0ebd7cd2021-12-21 10:28:49.944root 354300x8000000000000000357937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.094{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47158-false10.0.1.12-8000- 11241100x8000000000000000357938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea08fe9d7ae27eb2021-12-21 10:28:50.443root 11241100x8000000000000000357939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3576e8036577102021-12-21 10:28:50.443root 11241100x8000000000000000357940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67e8389f85dd9b52021-12-21 10:28:50.443root 11241100x8000000000000000357941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c307a3a1b65ab532021-12-21 10:28:50.443root 11241100x8000000000000000357942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988ad9a0dc051d502021-12-21 10:28:50.443root 11241100x8000000000000000357943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f3ebcfdb2fe6552021-12-21 10:28:50.444root 11241100x8000000000000000357944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389bc3734cdd7e672021-12-21 10:28:50.444root 11241100x8000000000000000357945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79b72aca93463422021-12-21 10:28:50.444root 11241100x8000000000000000357946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b22252c765a2212021-12-21 10:28:50.444root 11241100x8000000000000000357947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65acaccb424efa9e2021-12-21 10:28:50.444root 11241100x8000000000000000357948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cb390f11dead5bf2021-12-21 10:28:50.444root 11241100x8000000000000000357949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27649f9416a72c0c2021-12-21 10:28:50.444root 11241100x8000000000000000357950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf51dbb2416993c22021-12-21 10:28:50.444root 11241100x8000000000000000357951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae76d2e015a3bdee2021-12-21 10:28:50.444root 11241100x8000000000000000357952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.598ba45f7ebe0ab82021-12-21 10:28:50.942root 11241100x8000000000000000357953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edbd9cb62cfc25842021-12-21 10:28:50.943root 11241100x8000000000000000357954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3395367c9a12992021-12-21 10:28:50.943root 11241100x8000000000000000357955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c13d6ca2f0b21b22021-12-21 10:28:50.943root 11241100x8000000000000000357956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8684f45d197503922021-12-21 10:28:50.943root 11241100x8000000000000000357957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e3c0c2f044cfda2021-12-21 10:28:50.943root 11241100x8000000000000000357958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9db8c0b78ad98b2021-12-21 10:28:50.943root 11241100x8000000000000000357959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3096f43ad050616a2021-12-21 10:28:50.944root 11241100x8000000000000000357960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22f0003719b8eaf2021-12-21 10:28:50.944root 11241100x8000000000000000357961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b3a71a17da48d42021-12-21 10:28:50.944root 11241100x8000000000000000357962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723860a24b5b75862021-12-21 10:28:50.944root 11241100x8000000000000000357963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef91ac1d6a9f13b22021-12-21 10:28:50.944root 11241100x8000000000000000357964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026ea6e50db072732021-12-21 10:28:50.944root 11241100x8000000000000000357965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1f77addcdaef622021-12-21 10:28:50.944root 11241100x8000000000000000357966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1217e7122e1ec9222021-12-21 10:28:50.944root 11241100x8000000000000000357967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea2036a63afcab32021-12-21 10:28:50.944root 11241100x8000000000000000357968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c1bc900372c27b2021-12-21 10:28:50.944root 11241100x8000000000000000357969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25439be6221cbf2a2021-12-21 10:28:50.945root 11241100x8000000000000000357970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a25423a8234f422021-12-21 10:28:51.443root 11241100x8000000000000000357971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45caeb07ab614432021-12-21 10:28:51.443root 11241100x8000000000000000357972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1b5c6429bdc6022021-12-21 10:28:51.443root 11241100x8000000000000000357973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7191290a7dc277572021-12-21 10:28:51.443root 11241100x8000000000000000357974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d267fb1af6af31bf2021-12-21 10:28:51.443root 11241100x8000000000000000357975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52662028345611ba2021-12-21 10:28:51.443root 11241100x8000000000000000357976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec52b18d6d3d3832021-12-21 10:28:51.444root 11241100x8000000000000000357977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba95e6e092090c672021-12-21 10:28:51.444root 11241100x8000000000000000357978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49043d6c5fa5ae872021-12-21 10:28:51.444root 11241100x8000000000000000357979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ddacd48c7e45f22021-12-21 10:28:51.444root 11241100x8000000000000000357980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89b5e9b55e6570f32021-12-21 10:28:51.444root 11241100x8000000000000000357981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd3971d243f2ec502021-12-21 10:28:51.444root 11241100x8000000000000000357982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e949c0c81cf0be32021-12-21 10:28:51.444root 11241100x8000000000000000357983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6961570f02194be12021-12-21 10:28:51.444root 11241100x8000000000000000357984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a606a5817c59d8da2021-12-21 10:28:51.943root 11241100x8000000000000000357985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edce15251f4855922021-12-21 10:28:51.943root 11241100x8000000000000000357986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:51.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a349ce05239337d2021-12-21 10:28:51.943root 11241100x8000000000000000357987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7afee848617c3d2021-12-21 10:28:51.944root 11241100x8000000000000000357988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496c786a263cc7442021-12-21 10:28:51.944root 11241100x8000000000000000357989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fe989cebac163ef2021-12-21 10:28:51.944root 11241100x8000000000000000357990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d2acafcaa5afe32021-12-21 10:28:51.944root 11241100x8000000000000000357991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.619deea34f6dc25c2021-12-21 10:28:51.944root 11241100x8000000000000000357992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862f08a2b9565bfe2021-12-21 10:28:51.944root 11241100x8000000000000000357993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5221f9d43c6683742021-12-21 10:28:51.944root 11241100x8000000000000000357994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e5ecd2dc2072042021-12-21 10:28:51.944root 11241100x8000000000000000357995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:51.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c64e5f0e2b2a6f2021-12-21 10:28:51.944root 11241100x8000000000000000357996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8b00296aa6477b2021-12-21 10:28:51.945root 11241100x8000000000000000357997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:51.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ebb893da19391d32021-12-21 10:28:51.945root 11241100x8000000000000000357998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2fb4cad448cdab02021-12-21 10:28:52.443root 11241100x8000000000000000357999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b335191455929bb2021-12-21 10:28:52.443root 11241100x8000000000000000358000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1acb1d63487561392021-12-21 10:28:52.443root 11241100x8000000000000000358001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a4c6ef0fa24bec2021-12-21 10:28:52.444root 11241100x8000000000000000358002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c24c06293e67c792021-12-21 10:28:52.444root 11241100x8000000000000000358003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df152039912261cc2021-12-21 10:28:52.444root 11241100x8000000000000000358004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f11014eb4ab9832021-12-21 10:28:52.444root 11241100x8000000000000000358005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8ed47220dc66082021-12-21 10:28:52.444root 11241100x8000000000000000358006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.813224c1b4af9b8c2021-12-21 10:28:52.444root 11241100x8000000000000000358007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f29287ed193bf412021-12-21 10:28:52.444root 11241100x8000000000000000358008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a789f99a8310a24d2021-12-21 10:28:52.444root 11241100x8000000000000000358009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1a966acab1debb2021-12-21 10:28:52.444root 11241100x8000000000000000358010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9b6570bdde9b642021-12-21 10:28:52.445root 11241100x8000000000000000358011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511c49cab01f702f2021-12-21 10:28:52.445root 11241100x8000000000000000358012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c989354b2bea9b2021-12-21 10:28:52.943root 11241100x8000000000000000358013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c245fbacae6435e2021-12-21 10:28:52.943root 11241100x8000000000000000358014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f444e98a83c849052021-12-21 10:28:52.943root 11241100x8000000000000000358015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5efb4d1f5fbf7cfa2021-12-21 10:28:52.943root 11241100x8000000000000000358016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73154662084905232021-12-21 10:28:52.943root 11241100x8000000000000000358017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e36f41489979492021-12-21 10:28:52.944root 11241100x8000000000000000358018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.225996f5a93385c92021-12-21 10:28:52.944root 11241100x8000000000000000358019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba42c9a71d7ff152021-12-21 10:28:52.944root 11241100x8000000000000000358020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42f7ed0bd6822ee2021-12-21 10:28:52.944root 11241100x8000000000000000358021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bddf9c925ed0ace52021-12-21 10:28:52.944root 11241100x8000000000000000358022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e15222071b1ca02021-12-21 10:28:52.944root 11241100x8000000000000000358023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96285dcf8b629dca2021-12-21 10:28:52.944root 11241100x8000000000000000358024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3383486322534bb82021-12-21 10:28:52.944root 11241100x8000000000000000358025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10793dea496519162021-12-21 10:28:52.945root 11241100x8000000000000000358026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32402e3ae8b631a2021-12-21 10:28:53.443root 11241100x8000000000000000358027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a783005da6fc2d2c2021-12-21 10:28:53.443root 11241100x8000000000000000358028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23cd72145357f5d2021-12-21 10:28:53.444root 11241100x8000000000000000358029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9571b4f8a55b2e62021-12-21 10:28:53.444root 11241100x8000000000000000358030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860aff5e8ed6a1bb2021-12-21 10:28:53.446root 11241100x8000000000000000358031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd84df2e173816772021-12-21 10:28:53.446root 11241100x8000000000000000358032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be4120d73a491b6d2021-12-21 10:28:53.446root 11241100x8000000000000000358033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82477267dfe277eb2021-12-21 10:28:53.447root 11241100x8000000000000000358034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3400fab36db992012021-12-21 10:28:53.447root 11241100x8000000000000000358035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7167d018287225d82021-12-21 10:28:53.447root 11241100x8000000000000000358036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8a312714a923cec2021-12-21 10:28:53.448root 11241100x8000000000000000358037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a2bc2244d7ddec2021-12-21 10:28:53.448root 11241100x8000000000000000358038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c5e9795be9e5d92021-12-21 10:28:53.449root 11241100x8000000000000000358039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40ce188f9db4b7522021-12-21 10:28:53.449root 11241100x8000000000000000358040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3303bf57b40f4d192021-12-21 10:28:53.943root 11241100x8000000000000000358041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b805d12605d4492021-12-21 10:28:53.943root 11241100x8000000000000000358042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb02a4a0e847fe8d2021-12-21 10:28:53.944root 11241100x8000000000000000358043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a48ba7d5f0eed5d2021-12-21 10:28:53.944root 11241100x8000000000000000358044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f9e546d8a841b32021-12-21 10:28:53.944root 11241100x8000000000000000358045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d72306677840332021-12-21 10:28:53.945root 11241100x8000000000000000358046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a969c85af030a02021-12-21 10:28:53.945root 11241100x8000000000000000358047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c160541d15a07402021-12-21 10:28:53.945root 11241100x8000000000000000358048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bd27b5d66b1cbf2021-12-21 10:28:53.945root 11241100x8000000000000000358049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9317b26c5ef2abd32021-12-21 10:28:53.945root 11241100x8000000000000000358050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd78fd521aa5ec9d2021-12-21 10:28:53.945root 11241100x8000000000000000358051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b700f25c0c01902021-12-21 10:28:53.946root 11241100x8000000000000000358052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:53.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65350bc43fddedc02021-12-21 10:28:53.950root 11241100x8000000000000000358053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:53.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942f0fe22c68ae8b2021-12-21 10:28:53.950root 11241100x8000000000000000358054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0476b0403ba2c0b2021-12-21 10:28:54.443root 11241100x8000000000000000358055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5b00a38501ad422021-12-21 10:28:54.443root 11241100x8000000000000000358056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba348074a6478982021-12-21 10:28:54.443root 11241100x8000000000000000358057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.523591f7c5b943e32021-12-21 10:28:54.444root 11241100x8000000000000000358058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a03f00aa24da8c2021-12-21 10:28:54.444root 11241100x8000000000000000358059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd86d87d4905b1a52021-12-21 10:28:54.444root 11241100x8000000000000000358060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ff4c9ef2066c4b2021-12-21 10:28:54.444root 11241100x8000000000000000358061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac6c9d670c1fca5f2021-12-21 10:28:54.445root 11241100x8000000000000000358062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd573daa65110c32021-12-21 10:28:54.445root 11241100x8000000000000000358063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb37be9bf0cb190c2021-12-21 10:28:54.445root 11241100x8000000000000000358064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5617155d9d25662021-12-21 10:28:54.445root 11241100x8000000000000000358065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.618527ddc1127e0b2021-12-21 10:28:54.445root 11241100x8000000000000000358066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc020523f9e871962021-12-21 10:28:54.445root 11241100x8000000000000000358067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4172486c088937412021-12-21 10:28:54.445root 11241100x8000000000000000358068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.680f6b061c93dda82021-12-21 10:28:54.943root 11241100x8000000000000000358069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20062640155fc292021-12-21 10:28:54.943root 11241100x8000000000000000358070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f99726a021275cf52021-12-21 10:28:54.943root 11241100x8000000000000000358071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452820f2a26b60172021-12-21 10:28:54.943root 11241100x8000000000000000358072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a05bbb6a856c87ef2021-12-21 10:28:54.943root 11241100x8000000000000000358073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89aef8aaa287508c2021-12-21 10:28:54.944root 11241100x8000000000000000358074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81f6791be3ed5332021-12-21 10:28:54.944root 11241100x8000000000000000358075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c324a322701b444b2021-12-21 10:28:54.944root 11241100x8000000000000000358076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4434190927b8972021-12-21 10:28:54.944root 11241100x8000000000000000358077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.474a8ba0d31228052021-12-21 10:28:54.944root 11241100x8000000000000000358078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e0a33c36b42914b2021-12-21 10:28:54.944root 11241100x8000000000000000358079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f18e782b872c5d2021-12-21 10:28:54.944root 11241100x8000000000000000358080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2db37719884369ed2021-12-21 10:28:54.944root 11241100x8000000000000000358081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4e5411724448192021-12-21 10:28:54.944root 11241100x8000000000000000358082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.985cdb4ba70a6cdf2021-12-21 10:28:55.443root 11241100x8000000000000000358083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f833c17fc305032021-12-21 10:28:55.443root 11241100x8000000000000000358084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05282d553c2c1cc32021-12-21 10:28:55.443root 11241100x8000000000000000358085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d655f87fc1a528c32021-12-21 10:28:55.443root 11241100x8000000000000000358086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.709fefc79121e33c2021-12-21 10:28:55.443root 11241100x8000000000000000358087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e1478f264691c82021-12-21 10:28:55.444root 11241100x8000000000000000358088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d8614f833a0a302021-12-21 10:28:55.444root 11241100x8000000000000000358089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34cd6bc4ff445bd22021-12-21 10:28:55.444root 11241100x8000000000000000358090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d29d14fcae63cd2021-12-21 10:28:55.444root 11241100x8000000000000000358091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6871e3e18fbcb82021-12-21 10:28:55.444root 11241100x8000000000000000358092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8403c3c85bc6272021-12-21 10:28:55.444root 11241100x8000000000000000358093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a810f5008ca7ace2021-12-21 10:28:55.444root 11241100x8000000000000000358094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa72124919432ff2021-12-21 10:28:55.445root 11241100x8000000000000000358095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbebde459cf2990a2021-12-21 10:28:55.445root 11241100x8000000000000000358096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a717d48b72e645c2021-12-21 10:28:55.943root 11241100x8000000000000000358097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3ab637608591d62021-12-21 10:28:55.943root 11241100x8000000000000000358098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14272413218644502021-12-21 10:28:55.943root 11241100x8000000000000000358099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3446da3f23dfaf922021-12-21 10:28:55.944root 11241100x8000000000000000358100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63926b5964e4f9db2021-12-21 10:28:55.944root 11241100x8000000000000000358101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46328eb6645f4b52021-12-21 10:28:55.944root 11241100x8000000000000000358102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3e86a877dde7ff2021-12-21 10:28:55.944root 11241100x8000000000000000358103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80dcbb841a176e9e2021-12-21 10:28:55.944root 11241100x8000000000000000358104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe24d798fc1b40a2021-12-21 10:28:55.945root 11241100x8000000000000000358105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030bf729c9bfb0332021-12-21 10:28:55.945root 11241100x8000000000000000358106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9422b539bbec73fe2021-12-21 10:28:55.945root 11241100x8000000000000000358107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70371b866d3d35de2021-12-21 10:28:55.945root 11241100x8000000000000000358108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264beed9eca1a14d2021-12-21 10:28:55.945root 11241100x8000000000000000358109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a62cbdc18a6f652021-12-21 10:28:55.945root 354300x8000000000000000358110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:56.057{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47160-false10.0.1.12-8000- 11241100x8000000000000000358111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38062ce6ba566d2c2021-12-21 10:28:56.443root 11241100x8000000000000000358112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10f41942e8ae6942021-12-21 10:28:56.443root 11241100x8000000000000000358113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9142f554da26e3d82021-12-21 10:28:56.443root 11241100x8000000000000000358114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51fd1e63d20200c72021-12-21 10:28:56.443root 11241100x8000000000000000358115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d10f0da7efe69762021-12-21 10:28:56.443root 11241100x8000000000000000358116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a2fa88b92e71762021-12-21 10:28:56.443root 11241100x8000000000000000358117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732d3ce71429b5372021-12-21 10:28:56.444root 11241100x8000000000000000358118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9c462d90eb4ada2021-12-21 10:28:56.444root 11241100x8000000000000000358119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e012f8bd2d5a67e2021-12-21 10:28:56.444root 11241100x8000000000000000358120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2cf7ece1723f712021-12-21 10:28:56.444root 11241100x8000000000000000358121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f448194bb188a3232021-12-21 10:28:56.444root 11241100x8000000000000000358122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4686ef0482f845d32021-12-21 10:28:56.444root 11241100x8000000000000000358123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196d0fa1c5139b602021-12-21 10:28:56.444root 11241100x8000000000000000358124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3531fdafe3a452152021-12-21 10:28:56.444root 11241100x8000000000000000358125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3095e40b923d9c2021-12-21 10:28:56.444root 11241100x8000000000000000358126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eead8bdb5164d59b2021-12-21 10:28:56.943root 11241100x8000000000000000358127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e737386c453b6cd2021-12-21 10:28:56.943root 11241100x8000000000000000358128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a430a2c55afe7f0c2021-12-21 10:28:56.943root 11241100x8000000000000000358129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7553d052ff942b2021-12-21 10:28:56.943root 11241100x8000000000000000358130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e536f9a2cc9be0c72021-12-21 10:28:56.943root 11241100x8000000000000000358131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff4d5a754b2f41b2021-12-21 10:28:56.944root 11241100x8000000000000000358132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc51f0610a85d482021-12-21 10:28:56.944root 11241100x8000000000000000358133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36336272eb260c892021-12-21 10:28:56.944root 11241100x8000000000000000358134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36b9325b374ec0112021-12-21 10:28:56.944root 11241100x8000000000000000358135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3133b95eea5423912021-12-21 10:28:56.944root 11241100x8000000000000000358136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd1777ecc504202a2021-12-21 10:28:56.944root 11241100x8000000000000000358137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5fbcd36848fc4472021-12-21 10:28:56.944root 11241100x8000000000000000358138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6213505120f5cca72021-12-21 10:28:56.944root 11241100x8000000000000000358139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd84a5266c79fba22021-12-21 10:28:56.944root 11241100x8000000000000000358140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe18df8562217c62021-12-21 10:28:56.945root 11241100x8000000000000000358141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09aea3058bd622352021-12-21 10:28:57.443root 11241100x8000000000000000358142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4436d3eac01a8452021-12-21 10:28:57.443root 11241100x8000000000000000358143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9a3e0ed5ca15642021-12-21 10:28:57.443root 11241100x8000000000000000358144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c00acb5ce7bd64b02021-12-21 10:28:57.443root 11241100x8000000000000000358145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1e477546f4de4282021-12-21 10:28:57.444root 11241100x8000000000000000358146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01334c7000d8d362021-12-21 10:28:57.444root 11241100x8000000000000000358147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc985791a66adeef2021-12-21 10:28:57.444root 11241100x8000000000000000358148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0dcb59d56de3232021-12-21 10:28:57.444root 11241100x8000000000000000358149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f299e323f2f3d12021-12-21 10:28:57.445root 11241100x8000000000000000358150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac2a52db3a4e72c2021-12-21 10:28:57.445root 11241100x8000000000000000358151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91415643e9c573c2021-12-21 10:28:57.445root 11241100x8000000000000000358152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a26a60c459a6b52021-12-21 10:28:57.445root 11241100x8000000000000000358153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56522970ea89a31e2021-12-21 10:28:57.445root 11241100x8000000000000000358154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d374c1c5912fdae2021-12-21 10:28:57.445root 11241100x8000000000000000358155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18a07c73a0a3e222021-12-21 10:28:57.445root 11241100x8000000000000000358156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b720a19b5db619d02021-12-21 10:28:57.943root 11241100x8000000000000000358157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221cce36b57e9a3b2021-12-21 10:28:57.943root 11241100x8000000000000000358158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7651919d15a7937d2021-12-21 10:28:57.943root 11241100x8000000000000000358159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69732143b66ded32021-12-21 10:28:57.943root 11241100x8000000000000000358160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d4086596b0af052021-12-21 10:28:57.943root 11241100x8000000000000000358161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b320e81e596f8e5b2021-12-21 10:28:57.943root 11241100x8000000000000000358162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d5e1d578ba7a512021-12-21 10:28:57.943root 11241100x8000000000000000358163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ef15de744d0a6a2021-12-21 10:28:57.944root 11241100x8000000000000000358164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6074b7cffb121de02021-12-21 10:28:57.944root 11241100x8000000000000000358165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3773a94752938de62021-12-21 10:28:57.944root 11241100x8000000000000000358166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e9e952dd04b61272021-12-21 10:28:57.944root 11241100x8000000000000000358167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8a571b906031f42021-12-21 10:28:57.944root 11241100x8000000000000000358168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5811b4b1ab5bf22021-12-21 10:28:57.944root 11241100x8000000000000000358169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f83ceac91761cd2021-12-21 10:28:57.944root 11241100x8000000000000000358170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4009eb5758f601ec2021-12-21 10:28:57.944root 11241100x8000000000000000358171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b4cf4596b3ba1f42021-12-21 10:28:58.443root 11241100x8000000000000000358172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca287adfcf8316dc2021-12-21 10:28:58.443root 11241100x8000000000000000358173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae29423fb50f3ec2021-12-21 10:28:58.444root 11241100x8000000000000000358174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4924c3ad46fefb9a2021-12-21 10:28:58.444root 11241100x8000000000000000358175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04a7e4367aa3e412021-12-21 10:28:58.444root 11241100x8000000000000000358176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4157556cb58483ed2021-12-21 10:28:58.444root 11241100x8000000000000000358177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d08d81177725c022021-12-21 10:28:58.444root 11241100x8000000000000000358178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606a2ccfaf31764a2021-12-21 10:28:58.444root 11241100x8000000000000000358179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05b68eee5ea60d3c2021-12-21 10:28:58.444root 11241100x8000000000000000358180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d10b2c792fce49db2021-12-21 10:28:58.444root 11241100x8000000000000000358181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8ea50851c03b3832021-12-21 10:28:58.444root 11241100x8000000000000000358182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a85527cfae74242021-12-21 10:28:58.445root 11241100x8000000000000000358183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2de3e388347a292021-12-21 10:28:58.445root 11241100x8000000000000000358184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbbb095716c917342021-12-21 10:28:58.445root 11241100x8000000000000000358185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3bcdaf9dad708c2021-12-21 10:28:58.445root 11241100x8000000000000000358186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de0db08b4e57a5d2021-12-21 10:28:58.943root 11241100x8000000000000000358187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b3d0cd96f339e32021-12-21 10:28:58.943root 11241100x8000000000000000358188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e1444c59eb733c2021-12-21 10:28:58.943root 11241100x8000000000000000358189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5624e9a38923ca32021-12-21 10:28:58.943root 11241100x8000000000000000358190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c9b6b4dd9d25ce2021-12-21 10:28:58.943root 11241100x8000000000000000358191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83fa5e755010eed2021-12-21 10:28:58.943root 11241100x8000000000000000358192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:58.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8995067ce954a52021-12-21 10:28:58.943root 11241100x8000000000000000358193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba655321ae932f282021-12-21 10:28:58.944root 11241100x8000000000000000358194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49dbda5a1724fcc62021-12-21 10:28:58.944root 11241100x8000000000000000358195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2d5ee4606c76e82021-12-21 10:28:58.944root 11241100x8000000000000000358196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e502ccff90a0a462021-12-21 10:28:58.944root 11241100x8000000000000000358197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf9664b1bbf8ae7f2021-12-21 10:28:58.944root 11241100x8000000000000000358198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76be2f9f6bcfa5a2021-12-21 10:28:58.944root 11241100x8000000000000000358199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da88d709c5f11da2021-12-21 10:28:58.944root 11241100x8000000000000000358200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:58.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30efa6a855f3e4b52021-12-21 10:28:58.944root 11241100x8000000000000000358201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b51824c0ae6e9c662021-12-21 10:28:59.443root 11241100x8000000000000000358202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d3ad7f3d3cd6d82021-12-21 10:28:59.443root 11241100x8000000000000000358203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.449b3788e21dc19b2021-12-21 10:28:59.443root 11241100x8000000000000000358204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb4b2b69d92255d22021-12-21 10:28:59.443root 11241100x8000000000000000358205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78bbe53728750042021-12-21 10:28:59.443root 11241100x8000000000000000358206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:59.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119aa2560433906c2021-12-21 10:28:59.443root 11241100x8000000000000000358207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9d94f0146c8f752021-12-21 10:28:59.444root 11241100x8000000000000000358208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f042024477cbadc2021-12-21 10:28:59.444root 11241100x8000000000000000358209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8663680b10ded3a52021-12-21 10:28:59.444root 11241100x8000000000000000358210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7805f53bc5fdc892021-12-21 10:28:59.444root 11241100x8000000000000000358211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c24e1547d1ae43be2021-12-21 10:28:59.444root 11241100x8000000000000000358212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:59.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ba21218d4a2fb72021-12-21 10:28:59.444root 11241100x8000000000000000358213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397f4359c742721d2021-12-21 10:28:59.445root 11241100x8000000000000000358214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0cc69b3340507502021-12-21 10:28:59.445root 11241100x8000000000000000358215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:59.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e103655bde059d2021-12-21 10:28:59.445root 11241100x8000000000000000358216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ee1a45bfb4c2a32021-12-21 10:28:59.943root 11241100x8000000000000000358217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635eb4b69a4be8652021-12-21 10:28:59.943root 11241100x8000000000000000358218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ec01be28f213da2021-12-21 10:28:59.943root 11241100x8000000000000000358219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3826c203bef65692021-12-21 10:28:59.943root 11241100x8000000000000000358220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943f0f4c8f1b9e332021-12-21 10:28:59.943root 11241100x8000000000000000358221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:59.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaef990d6bfa5ae72021-12-21 10:28:59.943root 11241100x8000000000000000358222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3291157e142270242021-12-21 10:28:59.944root 11241100x8000000000000000358223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4155f9960e281302021-12-21 10:28:59.944root 11241100x8000000000000000358224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc860c84c0cfb2a22021-12-21 10:28:59.944root 11241100x8000000000000000358225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414728d713dc0a0b2021-12-21 10:28:59.944root 11241100x8000000000000000358226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048e16c8a94feb2a2021-12-21 10:28:59.944root 11241100x8000000000000000358227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d14a85e01716162021-12-21 10:28:59.944root 11241100x8000000000000000358228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d820621869071a6f2021-12-21 10:28:59.944root 11241100x8000000000000000358229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89e296ac01d1f15b2021-12-21 10:28:59.944root 11241100x8000000000000000358230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:28:59.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597e5329a99d19302021-12-21 10:28:59.944root 11241100x8000000000000000358231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822e6cec205f00a62021-12-21 10:29:00.443root 11241100x8000000000000000358232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b751145e0afe68c22021-12-21 10:29:00.443root 11241100x8000000000000000358233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ccb71aeb0fea4b2021-12-21 10:29:00.443root 11241100x8000000000000000358234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a37e46a47bead8b2021-12-21 10:29:00.443root 11241100x8000000000000000358235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:00.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6ab0bab01cc44fe2021-12-21 10:29:00.443root 11241100x8000000000000000358236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56921048362f42de2021-12-21 10:29:00.444root 11241100x8000000000000000358237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d7a25450bb525c2021-12-21 10:29:00.444root 11241100x8000000000000000358238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0084d5fc10d52e1d2021-12-21 10:29:00.444root 11241100x8000000000000000358239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4229a7f987f2ee072021-12-21 10:29:00.444root 11241100x8000000000000000358240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4d927d7b9b6bbf2021-12-21 10:29:00.444root 11241100x8000000000000000358241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7992b2d2f04a472021-12-21 10:29:00.444root 11241100x8000000000000000358242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c58e748cc0723f02021-12-21 10:29:00.444root 11241100x8000000000000000358243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ffb644cd6ab0d22021-12-21 10:29:00.444root 11241100x8000000000000000358244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.228333aacd2e84812021-12-21 10:29:00.444root 11241100x8000000000000000358245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:00.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e4b02d498d6bbd2021-12-21 10:29:00.444root 11241100x8000000000000000358246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14aab9139e5354502021-12-21 10:29:00.943root 11241100x8000000000000000358247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588fbf1cd42997eb2021-12-21 10:29:00.943root 11241100x8000000000000000358248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:00.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d5cf296749448c52021-12-21 10:29:00.943root 11241100x8000000000000000358249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.296e08b12db49d532021-12-21 10:29:00.944root 11241100x8000000000000000358250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc1651390e9c7902021-12-21 10:29:00.944root 11241100x8000000000000000358251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68258fe365a3dbc12021-12-21 10:29:00.944root 11241100x8000000000000000358252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f16c62a6435e4172021-12-21 10:29:00.944root 11241100x8000000000000000358253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85a291a184559c62021-12-21 10:29:00.944root 11241100x8000000000000000358254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1c7726b84f72b982021-12-21 10:29:00.944root 11241100x8000000000000000358255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff1129090b0c94e92021-12-21 10:29:00.944root 11241100x8000000000000000358256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a16c324f955c182021-12-21 10:29:00.944root 11241100x8000000000000000358257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c26c0bfa5750c322021-12-21 10:29:00.944root 11241100x8000000000000000358258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:00.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150ed63aab8be7c62021-12-21 10:29:00.944root 11241100x8000000000000000358259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453072fc1bdfb3aa2021-12-21 10:29:00.945root 11241100x8000000000000000358260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:00.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95990a153879c9e12021-12-21 10:29:00.945root 354300x8000000000000000358261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.170{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47162-false10.0.1.12-8000- 11241100x8000000000000000358262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23edf97ab2cacb12021-12-21 10:29:01.443root 11241100x8000000000000000358263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce27f5eec8763412021-12-21 10:29:01.443root 11241100x8000000000000000358264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d61a6f39c4e7382021-12-21 10:29:01.443root 11241100x8000000000000000358265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f341b383c1a8f1fa2021-12-21 10:29:01.443root 11241100x8000000000000000358266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8834dff55344302021-12-21 10:29:01.444root 11241100x8000000000000000358267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7645077521b05ee2021-12-21 10:29:01.444root 11241100x8000000000000000358268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e53813c5e3d8cf1b2021-12-21 10:29:01.444root 11241100x8000000000000000358269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83d31370a1143482021-12-21 10:29:01.444root 11241100x8000000000000000358270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63cc548cc0394172021-12-21 10:29:01.444root 11241100x8000000000000000358271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3c0facf52dd16c2021-12-21 10:29:01.444root 11241100x8000000000000000358272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca99510c0859f0ab2021-12-21 10:29:01.444root 11241100x8000000000000000358273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31ef36fe532984432021-12-21 10:29:01.444root 11241100x8000000000000000358274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff863a093d9309602021-12-21 10:29:01.445root 11241100x8000000000000000358275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd14c0cc39e6bdf22021-12-21 10:29:01.445root 11241100x8000000000000000358276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f30a1588aeb16d2021-12-21 10:29:01.445root 11241100x8000000000000000358277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2757b30632f6e022021-12-21 10:29:01.445root 534500x8000000000000000358278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.611{00000000-0000-0000-0000-000000000000}5570<unknown process>root 11241100x8000000000000000358279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6d5465e2ccba722021-12-21 10:29:01.943root 11241100x8000000000000000358280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab760cd25ed657c12021-12-21 10:29:01.943root 11241100x8000000000000000358281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd2716cf1ea2f592021-12-21 10:29:01.943root 11241100x8000000000000000358282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b39e606b1c35882021-12-21 10:29:01.944root 11241100x8000000000000000358283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a90a02df8db9442021-12-21 10:29:01.944root 11241100x8000000000000000358284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ad8481eb944e83e2021-12-21 10:29:01.944root 11241100x8000000000000000358285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a0b4f02f7b9a792021-12-21 10:29:01.944root 11241100x8000000000000000358286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa0df7e6d0434bf2021-12-21 10:29:01.944root 11241100x8000000000000000358287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4986c9c6d35334392021-12-21 10:29:01.945root 11241100x8000000000000000358288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4925e6417ea98e2021-12-21 10:29:01.945root 11241100x8000000000000000358289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29035c74488ae7e92021-12-21 10:29:01.945root 11241100x8000000000000000358290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3210ef4ceee13f962021-12-21 10:29:01.945root 11241100x8000000000000000358291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fffe710316c18c32021-12-21 10:29:01.945root 11241100x8000000000000000358292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3c76137fdfac702021-12-21 10:29:01.945root 11241100x8000000000000000358293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a883185349b3bf302021-12-21 10:29:01.945root 11241100x8000000000000000358294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2c59c66455c936c2021-12-21 10:29:01.945root 11241100x8000000000000000358295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:01.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e7438428741fc32021-12-21 10:29:01.946root 11241100x8000000000000000358296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.921025b3e80ec0a62021-12-21 10:29:02.443root 11241100x8000000000000000358297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75348c7ff585ee02021-12-21 10:29:02.443root 11241100x8000000000000000358298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e209d61886878b332021-12-21 10:29:02.443root 11241100x8000000000000000358299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0460a9d45f195632021-12-21 10:29:02.443root 11241100x8000000000000000358300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2402c0ab5f3aea762021-12-21 10:29:02.444root 11241100x8000000000000000358301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33543b99de8628062021-12-21 10:29:02.444root 11241100x8000000000000000358302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2da060c308cf3a02021-12-21 10:29:02.444root 11241100x8000000000000000358303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2494213be21ca0d2021-12-21 10:29:02.444root 11241100x8000000000000000358304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a0a7eaa6f7bb432021-12-21 10:29:02.444root 11241100x8000000000000000358305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f5344079cf13ca2021-12-21 10:29:02.444root 11241100x8000000000000000358306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4fb8412c8dda05c2021-12-21 10:29:02.444root 11241100x8000000000000000358307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216beda5435595132021-12-21 10:29:02.444root 11241100x8000000000000000358308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca8e22c5aff6862e2021-12-21 10:29:02.444root 11241100x8000000000000000358309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c56418adf046882021-12-21 10:29:02.445root 11241100x8000000000000000358310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5327a6244e70012021-12-21 10:29:02.445root 11241100x8000000000000000358311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a60e92b836645b62021-12-21 10:29:02.445root 11241100x8000000000000000358312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea6acd81f59683a2021-12-21 10:29:02.445root 11241100x8000000000000000358313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59bd28b8c96b36f72021-12-21 10:29:02.943root 11241100x8000000000000000358314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.614d35a715742a862021-12-21 10:29:02.943root 11241100x8000000000000000358315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e9685a22f9a542e2021-12-21 10:29:02.943root 11241100x8000000000000000358316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907c1cb8bae019232021-12-21 10:29:02.943root 11241100x8000000000000000358317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e598f0c5dce5952021-12-21 10:29:02.943root 11241100x8000000000000000358318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba8fb71333f5dc392021-12-21 10:29:02.944root 11241100x8000000000000000358319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2288225417be7c2021-12-21 10:29:02.944root 11241100x8000000000000000358320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e12601f7f7c85232021-12-21 10:29:02.944root 11241100x8000000000000000358321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8640a21b37afb002021-12-21 10:29:02.944root 11241100x8000000000000000358322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86e1b4dbf26992cb2021-12-21 10:29:02.944root 11241100x8000000000000000358323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e226297b302cf132021-12-21 10:29:02.944root 11241100x8000000000000000358324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783532037adb0ea42021-12-21 10:29:02.944root 11241100x8000000000000000358325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78eb605ed88f26652021-12-21 10:29:02.944root 11241100x8000000000000000358326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e02f9c52b4ae9ea12021-12-21 10:29:02.944root 11241100x8000000000000000358327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a5383453fe23b92021-12-21 10:29:02.944root 11241100x8000000000000000358328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c50b5c350798a42021-12-21 10:29:02.944root 11241100x8000000000000000358329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:02.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c963db695ea08f2021-12-21 10:29:02.945root 11241100x8000000000000000358330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216e388652e88ab92021-12-21 10:29:03.444root 11241100x8000000000000000358331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c699a8c463a856bb2021-12-21 10:29:03.444root 11241100x8000000000000000358332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059d381df59287112021-12-21 10:29:03.445root 11241100x8000000000000000358333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e8b6de7f1ad0a42021-12-21 10:29:03.445root 11241100x8000000000000000358334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e642680feb3dfd72021-12-21 10:29:03.446root 11241100x8000000000000000358335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8308e37ad2dba4882021-12-21 10:29:03.446root 11241100x8000000000000000358336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3e3462378de4ec2021-12-21 10:29:03.446root 11241100x8000000000000000358337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e58a53b43b439c832021-12-21 10:29:03.446root 11241100x8000000000000000358338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e499066c0ab25a752021-12-21 10:29:03.446root 11241100x8000000000000000358339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d32c2018943a6e2021-12-21 10:29:03.446root 11241100x8000000000000000358340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b152821bd7ac3b312021-12-21 10:29:03.446root 11241100x8000000000000000358341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe736754f94c1da2021-12-21 10:29:03.446root 11241100x8000000000000000358342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78f842213e980842021-12-21 10:29:03.447root 11241100x8000000000000000358343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708918eed60480292021-12-21 10:29:03.447root 11241100x8000000000000000358344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e642ae65680294802021-12-21 10:29:03.447root 11241100x8000000000000000358345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eac753db3cc9b1442021-12-21 10:29:03.447root 11241100x8000000000000000358346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067e0a5bed461dd62021-12-21 10:29:03.447root 11241100x8000000000000000358347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed3796f985f06f82021-12-21 10:29:03.943root 11241100x8000000000000000358348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0054efe91cbef1ae2021-12-21 10:29:03.943root 11241100x8000000000000000358349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08a077e0bf861e0d2021-12-21 10:29:03.944root 11241100x8000000000000000358350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af80e4b270d286bf2021-12-21 10:29:03.944root 11241100x8000000000000000358351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae14f3c45a4566e72021-12-21 10:29:03.944root 11241100x8000000000000000358352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e093f9e9cb2e3bb42021-12-21 10:29:03.945root 11241100x8000000000000000358353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5486eef8f34c2a92021-12-21 10:29:03.945root 11241100x8000000000000000358354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfe02dcd7a1188c2021-12-21 10:29:03.945root 11241100x8000000000000000358355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e1effb26b555992021-12-21 10:29:03.945root 11241100x8000000000000000358356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72126b41b99d1a3f2021-12-21 10:29:03.946root 11241100x8000000000000000358357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f266964fe87b01f52021-12-21 10:29:03.946root 11241100x8000000000000000358358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a8add7327049552021-12-21 10:29:03.946root 11241100x8000000000000000358359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d0c5765f45b6b52021-12-21 10:29:03.947root 11241100x8000000000000000358360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29456edac8be2ea2021-12-21 10:29:03.947root 11241100x8000000000000000358361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e526604e504582dd2021-12-21 10:29:03.947root 11241100x8000000000000000358362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457a5534670846cd2021-12-21 10:29:03.947root 11241100x8000000000000000358363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:03.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e340ee71b57043bd2021-12-21 10:29:03.948root 11241100x8000000000000000358364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98d00c7aa6ba3692021-12-21 10:29:04.443root 11241100x8000000000000000358365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05f116e08c304bd12021-12-21 10:29:04.443root 11241100x8000000000000000358366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dc9b06d6074c9ac2021-12-21 10:29:04.443root 11241100x8000000000000000358367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b130c87a6fcf0912021-12-21 10:29:04.443root 11241100x8000000000000000358368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.179d45dce6985d572021-12-21 10:29:04.444root 11241100x8000000000000000358369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2359ae0e251efb6b2021-12-21 10:29:04.444root 11241100x8000000000000000358370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628ef36a612dd3292021-12-21 10:29:04.444root 11241100x8000000000000000358371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c1021304e02af62021-12-21 10:29:04.444root 11241100x8000000000000000358372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4471a59edb211d762021-12-21 10:29:04.444root 11241100x8000000000000000358373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff5d83a041e8ea62021-12-21 10:29:04.444root 11241100x8000000000000000358374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e173fa72976d362021-12-21 10:29:04.445root 11241100x8000000000000000358375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234ff4052ce7846f2021-12-21 10:29:04.445root 11241100x8000000000000000358376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2960dbff1ae71b3e2021-12-21 10:29:04.445root 11241100x8000000000000000358377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a0ce28badba7a82021-12-21 10:29:04.445root 11241100x8000000000000000358378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbff47a1a2a4a8422021-12-21 10:29:04.445root 11241100x8000000000000000358379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92395b0c0d3d1842021-12-21 10:29:04.445root 11241100x8000000000000000358380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ac047af2da0f14f2021-12-21 10:29:04.445root 11241100x8000000000000000358381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f5c4595eb3ae0e2021-12-21 10:29:04.943root 11241100x8000000000000000358382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e85149ca6a744e2021-12-21 10:29:04.943root 11241100x8000000000000000358383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742b50a287e1e7ce2021-12-21 10:29:04.943root 11241100x8000000000000000358384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ad2080a7663da82021-12-21 10:29:04.943root 11241100x8000000000000000358385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94f9bced4d8926bc2021-12-21 10:29:04.943root 11241100x8000000000000000358386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c304c32ed738cbb82021-12-21 10:29:04.944root 11241100x8000000000000000358387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c63bdbc121199be52021-12-21 10:29:04.944root 11241100x8000000000000000358388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2a7d47f1c17e8c2021-12-21 10:29:04.944root 11241100x8000000000000000358389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd389715b2342872021-12-21 10:29:04.944root 11241100x8000000000000000358390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93451188cd9dd4312021-12-21 10:29:04.944root 11241100x8000000000000000358391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b96d2c749740e92021-12-21 10:29:04.944root 11241100x8000000000000000358392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be06fc0bf61e59fc2021-12-21 10:29:04.944root 11241100x8000000000000000358393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8986e4a11e23de872021-12-21 10:29:04.944root 11241100x8000000000000000358394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5914e052d363bfbd2021-12-21 10:29:04.944root 11241100x8000000000000000358395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bdc8873e06dae082021-12-21 10:29:04.944root 11241100x8000000000000000358396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff993f8bc2cf2aa2021-12-21 10:29:04.945root 11241100x8000000000000000358397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:04.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6070ef11bc32911f2021-12-21 10:29:04.945root 11241100x8000000000000000358398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d251c59e207900bd2021-12-21 10:29:05.443root 11241100x8000000000000000358399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1deb70b0e144d85d2021-12-21 10:29:05.443root 11241100x8000000000000000358400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6621d03eb1a5adc22021-12-21 10:29:05.443root 11241100x8000000000000000358401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1e1546243ce1ea2021-12-21 10:29:05.443root 11241100x8000000000000000358402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d966034454ee33572021-12-21 10:29:05.443root 11241100x8000000000000000358403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c9d83e1dfe98df2021-12-21 10:29:05.444root 11241100x8000000000000000358404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2075281fe6943e102021-12-21 10:29:05.444root 11241100x8000000000000000358405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971ca6af29198d3a2021-12-21 10:29:05.444root 11241100x8000000000000000358406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fb62a0e3cc4eb222021-12-21 10:29:05.444root 11241100x8000000000000000358407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.438e34db8dc81f0b2021-12-21 10:29:05.444root 11241100x8000000000000000358408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54b86ce508e405022021-12-21 10:29:05.444root 11241100x8000000000000000358409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.941f2d4a8612f5042021-12-21 10:29:05.444root 11241100x8000000000000000358410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ec97ba05e9144d82021-12-21 10:29:05.444root 11241100x8000000000000000358411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260b91435b7d54e72021-12-21 10:29:05.444root 11241100x8000000000000000358412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e29b9adccb28642021-12-21 10:29:05.445root 11241100x8000000000000000358413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991027fa87f8f4842021-12-21 10:29:05.445root 11241100x8000000000000000358414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2a3c72fac098932021-12-21 10:29:05.445root 11241100x8000000000000000358415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6cf4bd39cff4e3d2021-12-21 10:29:05.943root 11241100x8000000000000000358416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84b5197c33578f952021-12-21 10:29:05.943root 11241100x8000000000000000358417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.960e1b901a6ba6822021-12-21 10:29:05.943root 11241100x8000000000000000358418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35a46396343c6e52021-12-21 10:29:05.943root 11241100x8000000000000000358419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d76006c28d0f8b9d2021-12-21 10:29:05.943root 11241100x8000000000000000358420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ec0bf010afe0f872021-12-21 10:29:05.944root 11241100x8000000000000000358421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5486146185ad64f82021-12-21 10:29:05.944root 11241100x8000000000000000358422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7115e585685573772021-12-21 10:29:05.944root 11241100x8000000000000000358423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a082af7072cd2292021-12-21 10:29:05.944root 11241100x8000000000000000358424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ef1b623a3160b82021-12-21 10:29:05.944root 11241100x8000000000000000358425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114be97ac210d7b92021-12-21 10:29:05.944root 11241100x8000000000000000358426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.626b8e51d4068b062021-12-21 10:29:05.944root 11241100x8000000000000000358427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b314e2b402833092021-12-21 10:29:05.944root 11241100x8000000000000000358428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a4ac1e4a060bbe2021-12-21 10:29:05.944root 11241100x8000000000000000358429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f5a4ec65525f792021-12-21 10:29:05.945root 11241100x8000000000000000358430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23dd24d5432da14d2021-12-21 10:29:05.945root 11241100x8000000000000000358431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:05.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd82a0ad4880e292021-12-21 10:29:05.945root 11241100x8000000000000000358432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.347{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:29:06.347root 11241100x8000000000000000358433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ca6f35889cfcda2021-12-21 10:29:06.348root 11241100x8000000000000000358434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca606be69f7ac6a12021-12-21 10:29:06.348root 11241100x8000000000000000358435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f40455ec25a9cdb2021-12-21 10:29:06.348root 11241100x8000000000000000358436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2352350066bd12592021-12-21 10:29:06.348root 11241100x8000000000000000358437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc725dc00751105e2021-12-21 10:29:06.348root 11241100x8000000000000000358438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f92e6fb2b23aa1b42021-12-21 10:29:06.348root 11241100x8000000000000000358439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a12bf1883ce07742021-12-21 10:29:06.348root 11241100x8000000000000000358440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69761744dfa3a752021-12-21 10:29:06.349root 11241100x8000000000000000358441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.355099d3ee5769712021-12-21 10:29:06.349root 11241100x8000000000000000358442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d1aaa4bcff26f552021-12-21 10:29:06.349root 11241100x8000000000000000358443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5306e03e086b27222021-12-21 10:29:06.349root 11241100x8000000000000000358444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52a0a14140c81b82021-12-21 10:29:06.349root 11241100x8000000000000000358445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903ceb8d649afeb32021-12-21 10:29:06.349root 11241100x8000000000000000358446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cdc16182e6bfcba2021-12-21 10:29:06.349root 11241100x8000000000000000358447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d492994465a64d652021-12-21 10:29:06.349root 11241100x8000000000000000358448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27adcc0e9d271c02021-12-21 10:29:06.349root 11241100x8000000000000000358449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbcf07f98abc8c5d2021-12-21 10:29:06.349root 11241100x8000000000000000358450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67f6030493aa4122021-12-21 10:29:06.350root 11241100x8000000000000000358451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfbd2017cdac9f6f2021-12-21 10:29:06.350root 11241100x8000000000000000358452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2824c4cf3b235962021-12-21 10:29:06.350root 11241100x8000000000000000358453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55068d7613b6d7ac2021-12-21 10:29:06.350root 11241100x8000000000000000358454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2278678ed102e6b02021-12-21 10:29:06.350root 11241100x8000000000000000358455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d22852842846e95c2021-12-21 10:29:06.350root 11241100x8000000000000000358456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb1b5b6e20471642021-12-21 10:29:06.350root 11241100x8000000000000000358457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16059699d77e49fd2021-12-21 10:29:06.350root 11241100x8000000000000000358458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d79205c0f12cbc2021-12-21 10:29:06.350root 11241100x8000000000000000358459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ff7724a08292a32021-12-21 10:29:06.350root 11241100x8000000000000000358460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee4a8a9299791462021-12-21 10:29:06.350root 11241100x8000000000000000358461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1387280f2136be732021-12-21 10:29:06.693root 11241100x8000000000000000358462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21ac3b4aab343ce42021-12-21 10:29:06.693root 11241100x8000000000000000358463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a29a7584c0aa12b2021-12-21 10:29:06.693root 11241100x8000000000000000358464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454cbf6431c8f4a52021-12-21 10:29:06.693root 11241100x8000000000000000358465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eeeed51b6cdaf5c22021-12-21 10:29:06.693root 11241100x8000000000000000358466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0656f12830f80a052021-12-21 10:29:06.694root 11241100x8000000000000000358467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087af268a6c841e32021-12-21 10:29:06.694root 11241100x8000000000000000358468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814245cd9298f6662021-12-21 10:29:06.694root 11241100x8000000000000000358469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.408456bca0316bdd2021-12-21 10:29:06.694root 11241100x8000000000000000358470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2467b73410c329f92021-12-21 10:29:06.694root 11241100x8000000000000000358471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70189a5876b7051b2021-12-21 10:29:06.694root 11241100x8000000000000000358472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4209b99bee79b8c2021-12-21 10:29:06.694root 11241100x8000000000000000358473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.182dbe0a3dfb58392021-12-21 10:29:06.694root 11241100x8000000000000000358474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.110b214a7195cac52021-12-21 10:29:06.694root 11241100x8000000000000000358475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4e24572c1ad3d42021-12-21 10:29:06.694root 11241100x8000000000000000358476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53299ee6d48051fa2021-12-21 10:29:06.695root 11241100x8000000000000000358477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47cf719719d80d402021-12-21 10:29:06.695root 11241100x8000000000000000358478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:06.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7643212e350bce8a2021-12-21 10:29:06.695root 354300x8000000000000000358479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.161{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47164-false10.0.1.12-8000- 11241100x8000000000000000358480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.162{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41c9d18b1dca550e2021-12-21 10:29:07.162root 11241100x8000000000000000358481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.162{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db19e774aae68e82021-12-21 10:29:07.162root 11241100x8000000000000000358482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.162{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035b476c196414d42021-12-21 10:29:07.162root 11241100x8000000000000000358483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.162{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a5f49d980658bf2021-12-21 10:29:07.162root 11241100x8000000000000000358484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.162{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e2f5917c802b2502021-12-21 10:29:07.162root 11241100x8000000000000000358485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.162{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06c9a22a5b7fdff2021-12-21 10:29:07.162root 11241100x8000000000000000358486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.162{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd932bb8e2f792c2021-12-21 10:29:07.162root 11241100x8000000000000000358487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.162{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d663c93a5e01beb52021-12-21 10:29:07.162root 11241100x8000000000000000358488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.162{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b57733a180492d2021-12-21 10:29:07.162root 11241100x8000000000000000358489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a0f5dc789a27872021-12-21 10:29:07.163root 11241100x8000000000000000358490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331823bfc911a5dd2021-12-21 10:29:07.163root 11241100x8000000000000000358491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3a6f54d4054b8e2021-12-21 10:29:07.163root 11241100x8000000000000000358492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f0f6decbfaa762c2021-12-21 10:29:07.163root 11241100x8000000000000000358493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e1ce0ccba05bb22021-12-21 10:29:07.163root 11241100x8000000000000000358494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ea0e62d3c4005722021-12-21 10:29:07.163root 11241100x8000000000000000358495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c316eae4be264cdb2021-12-21 10:29:07.163root 11241100x8000000000000000358496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e98924ee30607d2021-12-21 10:29:07.163root 11241100x8000000000000000358497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb1460d72e1e5802021-12-21 10:29:07.163root 11241100x8000000000000000358498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfac0bd09fd1b4732021-12-21 10:29:07.163root 11241100x8000000000000000358499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b285c77ade6b72c22021-12-21 10:29:07.443root 11241100x8000000000000000358500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d06a093b1a15ebdb2021-12-21 10:29:07.443root 11241100x8000000000000000358501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.460a86a278826a282021-12-21 10:29:07.443root 11241100x8000000000000000358502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8861be279c0f99f12021-12-21 10:29:07.443root 11241100x8000000000000000358503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.507aaaa2e5b1456e2021-12-21 10:29:07.444root 11241100x8000000000000000358504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac18e87f5082c312021-12-21 10:29:07.444root 11241100x8000000000000000358505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47550c46ad1e5d892021-12-21 10:29:07.444root 11241100x8000000000000000358506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1217ed95ce78c7a52021-12-21 10:29:07.444root 11241100x8000000000000000358507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d4cbadc6b4cf8a62021-12-21 10:29:07.444root 11241100x8000000000000000358508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8db858b05097b1082021-12-21 10:29:07.444root 11241100x8000000000000000358509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00b7b35c8bb620aa2021-12-21 10:29:07.444root 11241100x8000000000000000358510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8806f1b9e26ba81d2021-12-21 10:29:07.444root 11241100x8000000000000000358511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e68441d57740b8812021-12-21 10:29:07.444root 11241100x8000000000000000358512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15b2e2d5e8a171d42021-12-21 10:29:07.445root 11241100x8000000000000000358513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f0bef0372667172021-12-21 10:29:07.445root 11241100x8000000000000000358514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761948f56921c60b2021-12-21 10:29:07.445root 11241100x8000000000000000358515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.483341be3095fb9c2021-12-21 10:29:07.445root 11241100x8000000000000000358516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed169ff8ec05e2bc2021-12-21 10:29:07.445root 11241100x8000000000000000358517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2778257c77659cec2021-12-21 10:29:07.445root 11241100x8000000000000000358518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f70e83c0ed24eaf2021-12-21 10:29:07.943root 11241100x8000000000000000358519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19acc3318c0f80962021-12-21 10:29:07.943root 11241100x8000000000000000358520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a18a42e1362ece1e2021-12-21 10:29:07.943root 11241100x8000000000000000358521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d87a2e0c3afe2cd2021-12-21 10:29:07.943root 11241100x8000000000000000358522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58abf863eeda6a4f2021-12-21 10:29:07.944root 11241100x8000000000000000358523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545af752384633902021-12-21 10:29:07.944root 11241100x8000000000000000358524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04e00f29748dcb22021-12-21 10:29:07.944root 11241100x8000000000000000358525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85eef34c7beba9cb2021-12-21 10:29:07.944root 11241100x8000000000000000358526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47e94d2233e7cac2021-12-21 10:29:07.944root 11241100x8000000000000000358527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8b4c0f524998af72021-12-21 10:29:07.944root 11241100x8000000000000000358528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4a43e482f07b552021-12-21 10:29:07.944root 11241100x8000000000000000358529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d927c57fc015d62021-12-21 10:29:07.944root 11241100x8000000000000000358530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc62c09a717abc7d2021-12-21 10:29:07.944root 11241100x8000000000000000358531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b246648ef323dc62021-12-21 10:29:07.944root 11241100x8000000000000000358532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f05c2b612d0188d2021-12-21 10:29:07.945root 11241100x8000000000000000358533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8efde6619b066ab72021-12-21 10:29:07.945root 11241100x8000000000000000358534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc757223167fdcd2021-12-21 10:29:07.945root 11241100x8000000000000000358535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5b4ee12ad708a212021-12-21 10:29:07.945root 11241100x8000000000000000358536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:07.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1de81ddfa366632021-12-21 10:29:07.945root 11241100x8000000000000000358537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2b27577ecc4b522021-12-21 10:29:08.443root 11241100x8000000000000000358538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d03fb1f1a8453792021-12-21 10:29:08.444root 11241100x8000000000000000358539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffd2024a4a844c6c2021-12-21 10:29:08.444root 11241100x8000000000000000358540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f521edbcd495f6a2021-12-21 10:29:08.444root 11241100x8000000000000000358541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec30ffb379a2b1572021-12-21 10:29:08.444root 11241100x8000000000000000358542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd292e621ef11502021-12-21 10:29:08.444root 11241100x8000000000000000358543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba94b2b9a77b8972021-12-21 10:29:08.444root 11241100x8000000000000000358544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.800fda740abcffbd2021-12-21 10:29:08.444root 11241100x8000000000000000358545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6683faa7ab1af812021-12-21 10:29:08.445root 11241100x8000000000000000358546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af79b7793f8006072021-12-21 10:29:08.445root 11241100x8000000000000000358547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e81d81fc7e114d422021-12-21 10:29:08.445root 11241100x8000000000000000358548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207c6e6b49629c732021-12-21 10:29:08.445root 11241100x8000000000000000358549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af8ba60cdd9f911a2021-12-21 10:29:08.445root 11241100x8000000000000000358550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187ec77df969560e2021-12-21 10:29:08.445root 11241100x8000000000000000358551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.280ac10e5f505ad92021-12-21 10:29:08.445root 11241100x8000000000000000358552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9adb2d1348ca3f392021-12-21 10:29:08.446root 11241100x8000000000000000358553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac81d03b5f88ca692021-12-21 10:29:08.446root 11241100x8000000000000000358554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9385decbbe25672021-12-21 10:29:08.446root 11241100x8000000000000000358555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e53f0aafe1d5602021-12-21 10:29:08.446root 11241100x8000000000000000358556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd22c0f5bfeb0f22021-12-21 10:29:08.943root 11241100x8000000000000000358557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16412994c547a8b82021-12-21 10:29:08.943root 11241100x8000000000000000358558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40fd2c2204a84ca2021-12-21 10:29:08.943root 11241100x8000000000000000358559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8797e97193fa56a2021-12-21 10:29:08.943root 11241100x8000000000000000358560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f73cb9ce73a92532021-12-21 10:29:08.943root 11241100x8000000000000000358561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b42a1ab6c0eae22021-12-21 10:29:08.944root 11241100x8000000000000000358562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86fd7e64bd488d2f2021-12-21 10:29:08.944root 11241100x8000000000000000358563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b59655efccd6bd72021-12-21 10:29:08.944root 11241100x8000000000000000358564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18814b4374bf91e22021-12-21 10:29:08.944root 11241100x8000000000000000358565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be24c830f91ea5042021-12-21 10:29:08.944root 11241100x8000000000000000358566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1840df242f46ab7a2021-12-21 10:29:08.944root 11241100x8000000000000000358567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f3cfdbec742d612021-12-21 10:29:08.944root 11241100x8000000000000000358568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f50a5b4fd73dfba22021-12-21 10:29:08.944root 11241100x8000000000000000358569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74552a94145ebdd2021-12-21 10:29:08.944root 11241100x8000000000000000358570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f9858e08aa8d9f2021-12-21 10:29:08.944root 11241100x8000000000000000358571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b664958f2c9f53c42021-12-21 10:29:08.944root 11241100x8000000000000000358572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.893c4361f79cd2112021-12-21 10:29:08.944root 11241100x8000000000000000358573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e22e4a6837e96182021-12-21 10:29:08.944root 11241100x8000000000000000358574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:08.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01971aee3d1e85022021-12-21 10:29:08.944root 23542300x8000000000000000358575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.348{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000358576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e0ea98348b10a92021-12-21 10:29:09.350root 11241100x8000000000000000358577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55b593c8369fef62021-12-21 10:29:09.350root 11241100x8000000000000000358578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0f8018cd8eaeb1b2021-12-21 10:29:09.350root 11241100x8000000000000000358579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3ddc78cee40efc2021-12-21 10:29:09.350root 11241100x8000000000000000358580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292466fcb24531392021-12-21 10:29:09.350root 11241100x8000000000000000358581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57690feca3fec8212021-12-21 10:29:09.350root 11241100x8000000000000000358582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae5d22b5d2cb5052021-12-21 10:29:09.350root 11241100x8000000000000000358583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03917f5ef081b582021-12-21 10:29:09.350root 11241100x8000000000000000358584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15e54ce911aff922021-12-21 10:29:09.350root 11241100x8000000000000000358585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e7fc062f99f6792021-12-21 10:29:09.351root 11241100x8000000000000000358586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85771daccc5a05fc2021-12-21 10:29:09.351root 11241100x8000000000000000358587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b038aeab0df6b342021-12-21 10:29:09.351root 11241100x8000000000000000358588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69838691b23bd922021-12-21 10:29:09.351root 11241100x8000000000000000358589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb6faf31efba54f2021-12-21 10:29:09.351root 11241100x8000000000000000358590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04dae8b74c2e59f2021-12-21 10:29:09.351root 11241100x8000000000000000358591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b29a60cb2d644e2021-12-21 10:29:09.351root 11241100x8000000000000000358592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0605f6f82cba57332021-12-21 10:29:09.351root 11241100x8000000000000000358593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8ee9e86588d3152021-12-21 10:29:09.351root 11241100x8000000000000000358594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.073eee82109d16de2021-12-21 10:29:09.351root 11241100x8000000000000000358595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3704ac76eb525202021-12-21 10:29:09.351root 11241100x8000000000000000358596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60de79a3602d92d02021-12-21 10:29:09.352root 11241100x8000000000000000358597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2509484e4b4c83ef2021-12-21 10:29:09.352root 11241100x8000000000000000358598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f063ca2055c92e2021-12-21 10:29:09.352root 11241100x8000000000000000358599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c12b1ba32320122021-12-21 10:29:09.352root 11241100x8000000000000000358600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4853466218303d52021-12-21 10:29:09.352root 11241100x8000000000000000358601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f28b84e4190f2452021-12-21 10:29:09.352root 11241100x8000000000000000358602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6243a6165670d442021-12-21 10:29:09.352root 11241100x8000000000000000358603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72928f5dcb3944ea2021-12-21 10:29:09.353root 11241100x8000000000000000358604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aeed0e03bf37b132021-12-21 10:29:09.353root 11241100x8000000000000000358605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.039be5a1c6390e162021-12-21 10:29:09.353root 11241100x8000000000000000358606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf9e015526a087b2021-12-21 10:29:09.353root 11241100x8000000000000000358607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014ae75b0e5d92f42021-12-21 10:29:09.353root 11241100x8000000000000000358608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e4713681f5bef92021-12-21 10:29:09.353root 11241100x8000000000000000358609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aee150051b7cbd92021-12-21 10:29:09.353root 11241100x8000000000000000358610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39c69e13a43d6942021-12-21 10:29:09.353root 11241100x8000000000000000358611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa07486411580aba2021-12-21 10:29:09.353root 11241100x8000000000000000358612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7e4e4ec3e8e599e2021-12-21 10:29:09.353root 11241100x8000000000000000358613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812f7538e08f1ade2021-12-21 10:29:09.353root 11241100x8000000000000000358614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315536b4c4b9301d2021-12-21 10:29:09.354root 11241100x8000000000000000358615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd0c554f37e014ef2021-12-21 10:29:09.354root 11241100x8000000000000000358616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d770ad7e45c87f62021-12-21 10:29:09.354root 11241100x8000000000000000358617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6e5bd3b307b5832021-12-21 10:29:09.354root 11241100x8000000000000000358618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c897ae8b86a00d442021-12-21 10:29:09.354root 11241100x8000000000000000358619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf00f27a098831b2021-12-21 10:29:09.354root 11241100x8000000000000000358620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0d9dc485eb6a452021-12-21 10:29:09.354root 11241100x8000000000000000358621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32cb74601530b0f12021-12-21 10:29:09.355root 11241100x8000000000000000358622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ee3fb0ae0dcf662021-12-21 10:29:09.355root 11241100x8000000000000000358623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4afc03423aee37fa2021-12-21 10:29:09.355root 11241100x8000000000000000358624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49614add085b0152021-12-21 10:29:09.355root 11241100x8000000000000000358625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223ba4ac5e61415f2021-12-21 10:29:09.355root 11241100x8000000000000000358626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf855d24baecccde2021-12-21 10:29:09.355root 11241100x8000000000000000358627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a889ca0da8905eb2021-12-21 10:29:09.355root 11241100x8000000000000000358628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6635d6813c3194b92021-12-21 10:29:09.355root 11241100x8000000000000000358629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c4aca644bbcb512021-12-21 10:29:09.355root 11241100x8000000000000000358630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b33abb95598a1eb2021-12-21 10:29:09.355root 11241100x8000000000000000358631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf8c978fa39c63a2021-12-21 10:29:09.693root 11241100x8000000000000000358632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b93b623fbab0052021-12-21 10:29:09.694root 11241100x8000000000000000358633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185fcbc0deb3e0b22021-12-21 10:29:09.694root 11241100x8000000000000000358634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.756f31f5e61794382021-12-21 10:29:09.694root 11241100x8000000000000000358635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10636ab8db3f12422021-12-21 10:29:09.694root 11241100x8000000000000000358636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ead982d40323f52021-12-21 10:29:09.694root 11241100x8000000000000000358637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21c0f98e053d9d52021-12-21 10:29:09.694root 11241100x8000000000000000358638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.866228b134bc5ee22021-12-21 10:29:09.694root 11241100x8000000000000000358639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcb777120b3b863c2021-12-21 10:29:09.694root 11241100x8000000000000000358640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.465181a325633a492021-12-21 10:29:09.694root 11241100x8000000000000000358641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1cd26df0a9fe5d72021-12-21 10:29:09.695root 11241100x8000000000000000358642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5b4d949a81f9a82021-12-21 10:29:09.695root 11241100x8000000000000000358643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27014278341aacad2021-12-21 10:29:09.695root 11241100x8000000000000000358644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5147c845077baab42021-12-21 10:29:09.695root 11241100x8000000000000000358645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca19b03e078297f2021-12-21 10:29:09.695root 11241100x8000000000000000358646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f714e06285d774d62021-12-21 10:29:09.695root 11241100x8000000000000000358647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0834e6e3a87f302021-12-21 10:29:09.696root 11241100x8000000000000000358648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ba9b060dd4387922021-12-21 10:29:09.696root 11241100x8000000000000000358649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8c412a727b992f2021-12-21 10:29:09.696root 11241100x8000000000000000358650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:09.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82b59218eb8292c2021-12-21 10:29:09.696root 11241100x8000000000000000358651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4faeea2a8be98d112021-12-21 10:29:10.193root 11241100x8000000000000000358652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a51f0ba0a328c862021-12-21 10:29:10.193root 11241100x8000000000000000358653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510c17065003554a2021-12-21 10:29:10.193root 11241100x8000000000000000358654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30abac5210ce66672021-12-21 10:29:10.195root 11241100x8000000000000000358655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49190b0df81cba062021-12-21 10:29:10.195root 11241100x8000000000000000358656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4eae1d2a85e4cac2021-12-21 10:29:10.195root 11241100x8000000000000000358657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6eb5929eaa088172021-12-21 10:29:10.195root 11241100x8000000000000000358658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb37ab3cbf236182021-12-21 10:29:10.195root 11241100x8000000000000000358659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4ceacebf33d1c32021-12-21 10:29:10.195root 11241100x8000000000000000358660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2662462afa37d9842021-12-21 10:29:10.195root 11241100x8000000000000000358661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c98ad91ff863e382021-12-21 10:29:10.196root 11241100x8000000000000000358662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc11ea3d8ffcb3d2021-12-21 10:29:10.196root 11241100x8000000000000000358663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82283aaf578132e62021-12-21 10:29:10.196root 11241100x8000000000000000358664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21a6c290c3e65d862021-12-21 10:29:10.196root 11241100x8000000000000000358665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ccacf964bc15aa92021-12-21 10:29:10.196root 11241100x8000000000000000358666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3829605607f700922021-12-21 10:29:10.196root 11241100x8000000000000000358667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f1e709de9cb24a2021-12-21 10:29:10.197root 11241100x8000000000000000358668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f329d9465e29672021-12-21 10:29:10.197root 11241100x8000000000000000358669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e708aa4110f40182021-12-21 10:29:10.197root 11241100x8000000000000000358670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc53044f395fd8172021-12-21 10:29:10.197root 11241100x8000000000000000358671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb8886a71cb5b262021-12-21 10:29:10.693root 11241100x8000000000000000358672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35266bd162fdfea82021-12-21 10:29:10.693root 11241100x8000000000000000358673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2eb1f5e02e6e9102021-12-21 10:29:10.693root 11241100x8000000000000000358674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bddb5e64363578f2021-12-21 10:29:10.694root 11241100x8000000000000000358675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf7876b44621d872021-12-21 10:29:10.694root 11241100x8000000000000000358676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b59b05bd446bac32021-12-21 10:29:10.694root 11241100x8000000000000000358677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.508ecbf019da3f6e2021-12-21 10:29:10.694root 11241100x8000000000000000358678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9ae0615325d29282021-12-21 10:29:10.694root 11241100x8000000000000000358679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d718a5888105d5eb2021-12-21 10:29:10.694root 11241100x8000000000000000358680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0605055ff5bd9e612021-12-21 10:29:10.694root 11241100x8000000000000000358681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb820941ad12cfd2021-12-21 10:29:10.694root 11241100x8000000000000000358682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20099e3b7de1d302021-12-21 10:29:10.694root 11241100x8000000000000000358683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b9f743da58da5e2021-12-21 10:29:10.695root 11241100x8000000000000000358684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dad4f30b8ea31562021-12-21 10:29:10.695root 11241100x8000000000000000358685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7821c8cc610dc32021-12-21 10:29:10.695root 11241100x8000000000000000358686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4633bf3ef104ec2021-12-21 10:29:10.695root 11241100x8000000000000000358687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5978012b04342afb2021-12-21 10:29:10.695root 11241100x8000000000000000358688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ed95100a7cde4b2021-12-21 10:29:10.695root 11241100x8000000000000000358689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e1653dee9756ec12021-12-21 10:29:10.695root 11241100x8000000000000000358690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:10.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e9d4d7d19f82102021-12-21 10:29:10.695root 11241100x8000000000000000358691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d0abba6b3f4edf52021-12-21 10:29:11.193root 11241100x8000000000000000358692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97971c1311f3d1592021-12-21 10:29:11.193root 11241100x8000000000000000358693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db791037f5f117632021-12-21 10:29:11.193root 11241100x8000000000000000358694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced0963d9d4d488a2021-12-21 10:29:11.193root 11241100x8000000000000000358695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ee26f8e64ec3402021-12-21 10:29:11.194root 11241100x8000000000000000358696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a40b27a8304d2e52021-12-21 10:29:11.194root 11241100x8000000000000000358697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d71b8af66293b382021-12-21 10:29:11.194root 11241100x8000000000000000358698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2ce8515de35cca2021-12-21 10:29:11.194root 11241100x8000000000000000358699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839832b3bf380f0e2021-12-21 10:29:11.194root 11241100x8000000000000000358700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71efe09a92a441a2021-12-21 10:29:11.194root 11241100x8000000000000000358701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ca9b9c76a3f41852021-12-21 10:29:11.194root 11241100x8000000000000000358702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a769f2abae14aad2021-12-21 10:29:11.194root 11241100x8000000000000000358703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1b735cf6d22ab02021-12-21 10:29:11.194root 11241100x8000000000000000358704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c631a9edf8e5a7c2021-12-21 10:29:11.194root 11241100x8000000000000000358705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155de71e6105d14c2021-12-21 10:29:11.195root 11241100x8000000000000000358706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2ce0f808aa498ff2021-12-21 10:29:11.195root 11241100x8000000000000000358707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142e677932646b7d2021-12-21 10:29:11.195root 11241100x8000000000000000358708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7ff5b044c3227b2021-12-21 10:29:11.195root 11241100x8000000000000000358709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d42db148867ce89d2021-12-21 10:29:11.195root 11241100x8000000000000000358710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c767dc30bc275da62021-12-21 10:29:11.195root 11241100x8000000000000000358711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65cd17497158bb382021-12-21 10:29:11.693root 11241100x8000000000000000358712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694367cc09277f492021-12-21 10:29:11.693root 11241100x8000000000000000358713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c235aae7310a642021-12-21 10:29:11.693root 11241100x8000000000000000358714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ce08227f12fd582021-12-21 10:29:11.694root 11241100x8000000000000000358715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5b0528f4a756982021-12-21 10:29:11.694root 11241100x8000000000000000358716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965eb155a6e44d652021-12-21 10:29:11.694root 11241100x8000000000000000358717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f36a5b8616d339012021-12-21 10:29:11.694root 11241100x8000000000000000358718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32e02abd147e30c22021-12-21 10:29:11.694root 11241100x8000000000000000358719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac2f68ceb1f087352021-12-21 10:29:11.694root 11241100x8000000000000000358720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfdb8a16770e4ad2021-12-21 10:29:11.694root 11241100x8000000000000000358721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff743462db329a2d2021-12-21 10:29:11.694root 11241100x8000000000000000358722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4027ad62164bd9f2021-12-21 10:29:11.694root 11241100x8000000000000000358723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c043f441202c97c22021-12-21 10:29:11.694root 11241100x8000000000000000358724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40dabf6027bd8ef2021-12-21 10:29:11.694root 11241100x8000000000000000358725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c01d5b804808f072021-12-21 10:29:11.695root 11241100x8000000000000000358726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.325160261433bd9a2021-12-21 10:29:11.695root 11241100x8000000000000000358727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b210533bc9a945552021-12-21 10:29:11.695root 11241100x8000000000000000358728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9767cbd81cb9a7b2021-12-21 10:29:11.695root 11241100x8000000000000000358729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713f333cbd2540292021-12-21 10:29:11.695root 11241100x8000000000000000358730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:11.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aeeb220ab209d362021-12-21 10:29:11.695root 11241100x8000000000000000358731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e9c046e7cab4a5c2021-12-21 10:29:12.193root 11241100x8000000000000000358732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1004d24680607b9b2021-12-21 10:29:12.193root 11241100x8000000000000000358733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.525a37ade0fa17342021-12-21 10:29:12.193root 11241100x8000000000000000358734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e2346d1027ba1ba2021-12-21 10:29:12.194root 11241100x8000000000000000358735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c018b9eee5e9c40c2021-12-21 10:29:12.194root 11241100x8000000000000000358736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3337ea4db2dab7fc2021-12-21 10:29:12.194root 11241100x8000000000000000358737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc280efac79ae4b72021-12-21 10:29:12.194root 11241100x8000000000000000358738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fee6d043687295a2021-12-21 10:29:12.194root 11241100x8000000000000000358739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a96abb96de8533f2021-12-21 10:29:12.194root 11241100x8000000000000000358740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ccf753e3093cc52021-12-21 10:29:12.194root 11241100x8000000000000000358741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5e348febca9abb2021-12-21 10:29:12.194root 11241100x8000000000000000358742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3aab51f30e709b2021-12-21 10:29:12.194root 11241100x8000000000000000358743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d5c3de07d957062021-12-21 10:29:12.194root 11241100x8000000000000000358744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929832e77e18b2a92021-12-21 10:29:12.195root 11241100x8000000000000000358745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24886728d8f507b42021-12-21 10:29:12.195root 11241100x8000000000000000358746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab0f3aa53a1a54e2021-12-21 10:29:12.195root 11241100x8000000000000000358747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2885134694facef2021-12-21 10:29:12.195root 11241100x8000000000000000358748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7ef014ef02ac7602021-12-21 10:29:12.195root 11241100x8000000000000000358749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ecb103521190c62021-12-21 10:29:12.195root 11241100x8000000000000000358750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75816ff00f3e021c2021-12-21 10:29:12.195root 354300x8000000000000000358751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.260{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47166-false10.0.1.12-8000- 11241100x8000000000000000358752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef8715bfb39d82862021-12-21 10:29:12.693root 11241100x8000000000000000358753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433ad0f00580d0132021-12-21 10:29:12.694root 11241100x8000000000000000358754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6216851db54595002021-12-21 10:29:12.694root 11241100x8000000000000000358755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6538e95006c76cfd2021-12-21 10:29:12.694root 11241100x8000000000000000358756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b8537fdeb7906a2021-12-21 10:29:12.694root 11241100x8000000000000000358757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ecb3176599d5072021-12-21 10:29:12.695root 11241100x8000000000000000358758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6b941708a7ef9e2021-12-21 10:29:12.695root 11241100x8000000000000000358759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a0e259495524e42021-12-21 10:29:12.695root 11241100x8000000000000000358760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e066bf5207395002021-12-21 10:29:12.695root 11241100x8000000000000000358761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93720fd60d906e832021-12-21 10:29:12.695root 11241100x8000000000000000358762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2829de1f68268b8f2021-12-21 10:29:12.695root 11241100x8000000000000000358763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aab75b976ab21902021-12-21 10:29:12.696root 11241100x8000000000000000358764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3e13825e5679192021-12-21 10:29:12.696root 11241100x8000000000000000358765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379bfa64674193212021-12-21 10:29:12.696root 11241100x8000000000000000358766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.052e4c8249a7794f2021-12-21 10:29:12.696root 11241100x8000000000000000358767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451e81258e4189c32021-12-21 10:29:12.696root 11241100x8000000000000000358768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9528ff63a50f78c62021-12-21 10:29:12.696root 11241100x8000000000000000358769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ebd3c1fdeca82e2021-12-21 10:29:12.696root 11241100x8000000000000000358770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40f6e991051517f2021-12-21 10:29:12.696root 11241100x8000000000000000358771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c544467b40e917072021-12-21 10:29:12.696root 11241100x8000000000000000358772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:12.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d5d06fb5025af2c2021-12-21 10:29:12.696root 11241100x8000000000000000358773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae08d655375f551f2021-12-21 10:29:13.193root 11241100x8000000000000000358774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ac3df6eb8113832021-12-21 10:29:13.194root 11241100x8000000000000000358775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b16db5f5c587fd72021-12-21 10:29:13.194root 11241100x8000000000000000358776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d3c5574d9a5ddc2021-12-21 10:29:13.194root 11241100x8000000000000000358777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249df8c2fcc84ff52021-12-21 10:29:13.194root 11241100x8000000000000000358778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa5f554beea12d22021-12-21 10:29:13.195root 11241100x8000000000000000358779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ffb1084df4c504b2021-12-21 10:29:13.195root 11241100x8000000000000000358780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.824f9c0e9821b0592021-12-21 10:29:13.195root 11241100x8000000000000000358781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6a741979ab222ac2021-12-21 10:29:13.195root 11241100x8000000000000000358782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.518c95f7efdc96662021-12-21 10:29:13.195root 11241100x8000000000000000358783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c542f15aabe50e22021-12-21 10:29:13.195root 11241100x8000000000000000358784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50db01d7ba09ff1a2021-12-21 10:29:13.195root 11241100x8000000000000000358785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabbb16e546eb0c62021-12-21 10:29:13.195root 11241100x8000000000000000358786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de0c497de58e36c2021-12-21 10:29:13.195root 11241100x8000000000000000358787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b23da4f79e999f2021-12-21 10:29:13.196root 11241100x8000000000000000358788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d54af9a597dc73232021-12-21 10:29:13.196root 11241100x8000000000000000358789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6733866c38a00d62021-12-21 10:29:13.196root 11241100x8000000000000000358790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38efd795a1ae64552021-12-21 10:29:13.196root 11241100x8000000000000000358791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb60adf61ec91402021-12-21 10:29:13.196root 11241100x8000000000000000358792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c391266f40ace9df2021-12-21 10:29:13.196root 11241100x8000000000000000358793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc5d42edb182f9e2021-12-21 10:29:13.196root 11241100x8000000000000000358794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735a5c92bb42328d2021-12-21 10:29:13.693root 11241100x8000000000000000358795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ae67e17e3c22862021-12-21 10:29:13.693root 11241100x8000000000000000358796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017e6651453e66f22021-12-21 10:29:13.693root 11241100x8000000000000000358797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec22f54354a8b042021-12-21 10:29:13.694root 11241100x8000000000000000358798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4572556dcad6ae52021-12-21 10:29:13.694root 11241100x8000000000000000358799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df02b266399122762021-12-21 10:29:13.694root 11241100x8000000000000000358800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e302dc234e018b82021-12-21 10:29:13.694root 11241100x8000000000000000358801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66dc3df1dd5e6a72021-12-21 10:29:13.694root 11241100x8000000000000000358802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1890032b22bd80b32021-12-21 10:29:13.694root 11241100x8000000000000000358803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5bd05e59a4f0bf2021-12-21 10:29:13.694root 11241100x8000000000000000358804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c961913284d2b0992021-12-21 10:29:13.694root 11241100x8000000000000000358805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1420faebe238272021-12-21 10:29:13.695root 11241100x8000000000000000358806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4ef917d2862fe1d2021-12-21 10:29:13.695root 11241100x8000000000000000358807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.086254318d8a06942021-12-21 10:29:13.695root 11241100x8000000000000000358808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b785d368d049a32021-12-21 10:29:13.695root 11241100x8000000000000000358809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf2d9301bd722692021-12-21 10:29:13.695root 11241100x8000000000000000358810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50e4b5006be0239a2021-12-21 10:29:13.695root 11241100x8000000000000000358811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17003c657a3eba5e2021-12-21 10:29:13.695root 11241100x8000000000000000358812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb9c2252c3b70fd2021-12-21 10:29:13.695root 11241100x8000000000000000358813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8440b3b8645d6702021-12-21 10:29:13.695root 11241100x8000000000000000358814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:13.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6737e1329314fa2021-12-21 10:29:13.696root 11241100x8000000000000000358815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.399f3b82a19c14b22021-12-21 10:29:14.193root 11241100x8000000000000000358816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce704de8f12a02e2021-12-21 10:29:14.193root 11241100x8000000000000000358817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6471717438ebf8832021-12-21 10:29:14.193root 11241100x8000000000000000358818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6d3bd7cf08e301a2021-12-21 10:29:14.193root 11241100x8000000000000000358819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6567d6a1d84d274d2021-12-21 10:29:14.194root 11241100x8000000000000000358820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77fb4081bb7835a02021-12-21 10:29:14.194root 11241100x8000000000000000358821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0bf04bcfe0082e72021-12-21 10:29:14.194root 11241100x8000000000000000358822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35ee45b50c35e172021-12-21 10:29:14.194root 11241100x8000000000000000358823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c209f74b2b8012212021-12-21 10:29:14.194root 11241100x8000000000000000358824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15309e261e38a49a2021-12-21 10:29:14.194root 11241100x8000000000000000358825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094ee6dff1a35d522021-12-21 10:29:14.194root 11241100x8000000000000000358826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2a65c26aba96c02021-12-21 10:29:14.194root 11241100x8000000000000000358827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.193a16e60a6a3ba52021-12-21 10:29:14.194root 11241100x8000000000000000358828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cbd23e5a56a94a2021-12-21 10:29:14.194root 11241100x8000000000000000358829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f961dbb94b8b24de2021-12-21 10:29:14.194root 11241100x8000000000000000358830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5d8f678bd0e90a62021-12-21 10:29:14.195root 11241100x8000000000000000358831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3534b91e71d383a2021-12-21 10:29:14.195root 11241100x8000000000000000358832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7ab158959a352b72021-12-21 10:29:14.195root 11241100x8000000000000000358833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce008187ef4a5ea2021-12-21 10:29:14.195root 11241100x8000000000000000358834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3b545d9d1a11dc2021-12-21 10:29:14.195root 11241100x8000000000000000358835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f398ba2f8d6a85492021-12-21 10:29:14.195root 11241100x8000000000000000358836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a0ed61dc8c6a0d2021-12-21 10:29:14.693root 11241100x8000000000000000358837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84a6ac444c3c2702021-12-21 10:29:14.693root 11241100x8000000000000000358838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea8a4d2d679c4de92021-12-21 10:29:14.693root 11241100x8000000000000000358839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abe0738c76178f292021-12-21 10:29:14.694root 11241100x8000000000000000358840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b7b53cd918f7482021-12-21 10:29:14.694root 11241100x8000000000000000358841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d971031cc6d3ed2021-12-21 10:29:14.694root 11241100x8000000000000000358842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf1328a676422f12021-12-21 10:29:14.694root 11241100x8000000000000000358843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca984ce6722346d22021-12-21 10:29:14.694root 11241100x8000000000000000358844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27270415fb0ccc142021-12-21 10:29:14.694root 11241100x8000000000000000358845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f704dca19fd7e0452021-12-21 10:29:14.694root 11241100x8000000000000000358846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad9747f81a157f52021-12-21 10:29:14.694root 11241100x8000000000000000358847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba88c197b7ba2722021-12-21 10:29:14.694root 11241100x8000000000000000358848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5099f37a53fad65b2021-12-21 10:29:14.694root 11241100x8000000000000000358849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee0fb04ca1293812021-12-21 10:29:14.694root 11241100x8000000000000000358850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f61aa657f371d9f2021-12-21 10:29:14.695root 11241100x8000000000000000358851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed026f6233ee79d12021-12-21 10:29:14.695root 11241100x8000000000000000358852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87688b4767f346902021-12-21 10:29:14.695root 11241100x8000000000000000358853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad454bb9d55c24342021-12-21 10:29:14.695root 11241100x8000000000000000358854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca908d6a28d0e9d02021-12-21 10:29:14.695root 11241100x8000000000000000358855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a787e0e5d3c81a2021-12-21 10:29:14.695root 11241100x8000000000000000358856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:14.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27174ebf047d71af2021-12-21 10:29:14.695root 11241100x8000000000000000358857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6277dd8d739c7362021-12-21 10:29:15.193root 11241100x8000000000000000358858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a086d9bf7d366262021-12-21 10:29:15.193root 11241100x8000000000000000358859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a466e27016e25d32021-12-21 10:29:15.193root 11241100x8000000000000000358860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9d62b17048ccae2021-12-21 10:29:15.194root 11241100x8000000000000000358861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f279c8a68cc443982021-12-21 10:29:15.194root 11241100x8000000000000000358862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c498b13bc377a1712021-12-21 10:29:15.194root 11241100x8000000000000000358863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.451ac6c2698228922021-12-21 10:29:15.194root 11241100x8000000000000000358864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.244995fd69af72da2021-12-21 10:29:15.194root 11241100x8000000000000000358865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b12b9ee145ba6e12021-12-21 10:29:15.194root 11241100x8000000000000000358866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07cecc3282f31be62021-12-21 10:29:15.194root 11241100x8000000000000000358867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a8b199ee012aa6b2021-12-21 10:29:15.194root 11241100x8000000000000000358868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8705ed262cbc10d2021-12-21 10:29:15.194root 11241100x8000000000000000358869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162f9468f284da432021-12-21 10:29:15.195root 11241100x8000000000000000358870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a529ad301a436e612021-12-21 10:29:15.195root 11241100x8000000000000000358871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299dcee6a0ec8ebe2021-12-21 10:29:15.195root 11241100x8000000000000000358872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69fe3677ede14a0d2021-12-21 10:29:15.195root 11241100x8000000000000000358873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84219b45e022446b2021-12-21 10:29:15.195root 11241100x8000000000000000358874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9c1dbec1a752642021-12-21 10:29:15.195root 11241100x8000000000000000358875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42e8ba5ccc1f65a2021-12-21 10:29:15.195root 11241100x8000000000000000358876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c43902ead174a112021-12-21 10:29:15.195root 11241100x8000000000000000358877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a48de562bc78452021-12-21 10:29:15.195root 11241100x8000000000000000358878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac5219bc14c24df2021-12-21 10:29:15.693root 11241100x8000000000000000358879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6034522b372269242021-12-21 10:29:15.693root 11241100x8000000000000000358880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d6a37228bff525a2021-12-21 10:29:15.693root 11241100x8000000000000000358881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84582df2204df7472021-12-21 10:29:15.694root 11241100x8000000000000000358882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7137931a50ec39782021-12-21 10:29:15.694root 11241100x8000000000000000358883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032f98cccfa4a1ee2021-12-21 10:29:15.694root 11241100x8000000000000000358884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785d1bacf305c6d82021-12-21 10:29:15.694root 11241100x8000000000000000358885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b82b63955215d8f2021-12-21 10:29:15.694root 11241100x8000000000000000358886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eee3e9dfd9fd8672021-12-21 10:29:15.694root 11241100x8000000000000000358887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1b43649edb80cf2021-12-21 10:29:15.694root 11241100x8000000000000000358888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f75225ef6dd5b692021-12-21 10:29:15.694root 11241100x8000000000000000358889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abccba61fea47ba2021-12-21 10:29:15.694root 11241100x8000000000000000358890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0dabd9593e27962021-12-21 10:29:15.694root 11241100x8000000000000000358891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad5612b3fe49a282021-12-21 10:29:15.694root 11241100x8000000000000000358892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.720d84696674dca22021-12-21 10:29:15.695root 11241100x8000000000000000358893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.386f011949448ba82021-12-21 10:29:15.695root 11241100x8000000000000000358894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.906502e8306b59112021-12-21 10:29:15.695root 11241100x8000000000000000358895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b8634790d2e4f92021-12-21 10:29:15.695root 11241100x8000000000000000358896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9527411c0aa4cbd2021-12-21 10:29:15.695root 11241100x8000000000000000358897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57949c8e8987542d2021-12-21 10:29:15.695root 11241100x8000000000000000358898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f645832f875a76062021-12-21 10:29:15.695root 11241100x8000000000000000358899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f4eb746cba474c2021-12-21 10:29:16.193root 11241100x8000000000000000358900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2b07dc6b81570c2021-12-21 10:29:16.193root 11241100x8000000000000000358901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea3580ac6ddc5d92021-12-21 10:29:16.193root 11241100x8000000000000000358902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707c2f8a8db9a10a2021-12-21 10:29:16.194root 11241100x8000000000000000358903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c48005b2f26add2021-12-21 10:29:16.194root 11241100x8000000000000000358904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e612660fd6e4db362021-12-21 10:29:16.194root 11241100x8000000000000000358905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b09e8bb4eae1b502021-12-21 10:29:16.194root 11241100x8000000000000000358906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c04a7b5bc6ef1ff92021-12-21 10:29:16.194root 11241100x8000000000000000358907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82bc762301bad6be2021-12-21 10:29:16.194root 11241100x8000000000000000358908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09da481f4b0ab9962021-12-21 10:29:16.194root 11241100x8000000000000000358909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d1a71995918df62021-12-21 10:29:16.194root 11241100x8000000000000000358910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43dfb6b1487764682021-12-21 10:29:16.194root 11241100x8000000000000000358911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6c3bce7d3f144c2021-12-21 10:29:16.195root 11241100x8000000000000000358912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6711d26360f885d2021-12-21 10:29:16.195root 11241100x8000000000000000358913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e9ee104bcb201232021-12-21 10:29:16.195root 11241100x8000000000000000358914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776896c8228aef602021-12-21 10:29:16.195root 11241100x8000000000000000358915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d557e02f69e262e52021-12-21 10:29:16.195root 11241100x8000000000000000358916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df2bec246bf55b6b2021-12-21 10:29:16.195root 11241100x8000000000000000358917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8599ab46f9b163d62021-12-21 10:29:16.195root 11241100x8000000000000000358918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3e83a2ba4cef5f2021-12-21 10:29:16.195root 11241100x8000000000000000358919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29eea8b0dd1936082021-12-21 10:29:16.196root 11241100x8000000000000000358920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260fcb9b9b8f34282021-12-21 10:29:16.693root 11241100x8000000000000000358921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a626bd7848e3602021-12-21 10:29:16.693root 11241100x8000000000000000358922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b92296edfa60c1c2021-12-21 10:29:16.694root 11241100x8000000000000000358923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d08628e551359d2021-12-21 10:29:16.694root 11241100x8000000000000000358924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c929509b9c3a822021-12-21 10:29:16.694root 11241100x8000000000000000358925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a85d45911e6e31f2021-12-21 10:29:16.694root 11241100x8000000000000000358926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a91eca0b1212532021-12-21 10:29:16.694root 11241100x8000000000000000358927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d29020a707b5b622021-12-21 10:29:16.694root 11241100x8000000000000000358928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b518560a02f6def42021-12-21 10:29:16.694root 11241100x8000000000000000358929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0813cc5201fd401e2021-12-21 10:29:16.694root 11241100x8000000000000000358930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02b3134187922bf2021-12-21 10:29:16.694root 11241100x8000000000000000358931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d21c5d0961002e132021-12-21 10:29:16.694root 11241100x8000000000000000358932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec0fddac44261eae2021-12-21 10:29:16.695root 11241100x8000000000000000358933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5885023a1dd41252021-12-21 10:29:16.695root 11241100x8000000000000000358934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef7d4ded9c7e4982021-12-21 10:29:16.695root 11241100x8000000000000000358935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535115b87414697d2021-12-21 10:29:16.695root 11241100x8000000000000000358936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2ed7e6fdb41adac2021-12-21 10:29:16.695root 11241100x8000000000000000358937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96a92877ae012662021-12-21 10:29:16.695root 11241100x8000000000000000358938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c508e6763855d8492021-12-21 10:29:16.695root 11241100x8000000000000000358939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.175a568b6af0fd932021-12-21 10:29:16.695root 11241100x8000000000000000358940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:16.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9e25428f31b9a0a2021-12-21 10:29:16.696root 11241100x8000000000000000358941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf0e2b336bccbe32021-12-21 10:29:17.193root 11241100x8000000000000000358942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc09b7974e2de1ef2021-12-21 10:29:17.193root 11241100x8000000000000000358943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afddc2acec3b36582021-12-21 10:29:17.193root 11241100x8000000000000000358944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ac24f1bd7bcc9e52021-12-21 10:29:17.194root 11241100x8000000000000000358945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da7bdd74dfe8d252021-12-21 10:29:17.194root 11241100x8000000000000000358946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.238632d2a9bfe85b2021-12-21 10:29:17.194root 11241100x8000000000000000358947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73358b6142549b5b2021-12-21 10:29:17.194root 11241100x8000000000000000358948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807850211c61a6eb2021-12-21 10:29:17.194root 11241100x8000000000000000358949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52f2cb525ac4f2642021-12-21 10:29:17.194root 11241100x8000000000000000358950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db00c3becceeaab92021-12-21 10:29:17.194root 11241100x8000000000000000358951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eecde944a69f2562021-12-21 10:29:17.195root 11241100x8000000000000000358952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bd4530beee7e422021-12-21 10:29:17.195root 11241100x8000000000000000358953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9e784502e11a2e22021-12-21 10:29:17.195root 11241100x8000000000000000358954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3426bd392ed2c1bb2021-12-21 10:29:17.195root 11241100x8000000000000000358955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.915a755aa9277b9c2021-12-21 10:29:17.195root 11241100x8000000000000000358956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd8ee6cf7e44edd2021-12-21 10:29:17.195root 11241100x8000000000000000358957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e72787f32c1a2612021-12-21 10:29:17.195root 11241100x8000000000000000358958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.597f7fb63f59f6232021-12-21 10:29:17.195root 11241100x8000000000000000358959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b683b6033a6f3212021-12-21 10:29:17.195root 11241100x8000000000000000358960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0229f877b55389302021-12-21 10:29:17.195root 11241100x8000000000000000358961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19037d7b4d4cd6012021-12-21 10:29:17.195root 11241100x8000000000000000358962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98cdcf0d52a7c4122021-12-21 10:29:17.693root 11241100x8000000000000000358963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eb39b7ea981d7872021-12-21 10:29:17.693root 11241100x8000000000000000358964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388e41dab4cd0c292021-12-21 10:29:17.694root 11241100x8000000000000000358965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7393abd58b2d1d992021-12-21 10:29:17.694root 11241100x8000000000000000358966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa9c57929719af62021-12-21 10:29:17.694root 11241100x8000000000000000358967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f228746370a763032021-12-21 10:29:17.694root 11241100x8000000000000000358968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c36c6fb74f573f2021-12-21 10:29:17.694root 11241100x8000000000000000358969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f60d045aa31cee2021-12-21 10:29:17.694root 11241100x8000000000000000358970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139abc07e159d9fd2021-12-21 10:29:17.694root 11241100x8000000000000000358971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4007047817ea30fe2021-12-21 10:29:17.694root 11241100x8000000000000000358972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993758c80f3050182021-12-21 10:29:17.694root 11241100x8000000000000000358973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd2e142e8842abb2021-12-21 10:29:17.694root 11241100x8000000000000000358974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53b496511a896132021-12-21 10:29:17.695root 11241100x8000000000000000358975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9053feb254c68d062021-12-21 10:29:17.695root 11241100x8000000000000000358976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8faa157c133d6ec2021-12-21 10:29:17.695root 11241100x8000000000000000358977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7dbac437277bb22021-12-21 10:29:17.695root 11241100x8000000000000000358978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06de4bb9053631df2021-12-21 10:29:17.695root 11241100x8000000000000000358979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db6848554dec8cd2021-12-21 10:29:17.695root 11241100x8000000000000000358980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3929ab126f607c6a2021-12-21 10:29:17.695root 11241100x8000000000000000358981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10a7b736150d06b2021-12-21 10:29:17.695root 11241100x8000000000000000358982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:17.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0823097f68776f532021-12-21 10:29:17.697root 154100x8000000000000000358983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.100{ec2b6afe-ac7e-61c1-6834-72e452560000}5708/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 11241100x8000000000000000358984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.103{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f073d15aa7911662021-12-21 10:29:18.103root 11241100x8000000000000000358985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.103{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a883eca6199a53712021-12-21 10:29:18.103root 11241100x8000000000000000358986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.103{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55bcf4b9651733c42021-12-21 10:29:18.103root 11241100x8000000000000000358987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.103{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b59e6b8ebf06662021-12-21 10:29:18.103root 11241100x8000000000000000358988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.103{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9a7b959c3b87772021-12-21 10:29:18.103root 11241100x8000000000000000358989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.103{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02cc61c6aa67bdc12021-12-21 10:29:18.103root 11241100x8000000000000000358990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.103{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496694cdd76fdb1b2021-12-21 10:29:18.103root 11241100x8000000000000000358991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.103{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4c509c137318b872021-12-21 10:29:18.103root 11241100x8000000000000000358992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.104{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e8a15c14de7b552021-12-21 10:29:18.104root 11241100x8000000000000000358993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.104{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922b23e3e9f5561a2021-12-21 10:29:18.104root 11241100x8000000000000000358994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.104{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3cb2100681665332021-12-21 10:29:18.104root 11241100x8000000000000000358995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.104{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e55c27a033275112021-12-21 10:29:18.104root 11241100x8000000000000000358996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.104{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0aa0e605838c3c52021-12-21 10:29:18.104root 11241100x8000000000000000358997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.104{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a78e05e2781be8c2021-12-21 10:29:18.104root 11241100x8000000000000000358998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.104{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35b2b5d535332a72021-12-21 10:29:18.104root 11241100x8000000000000000358999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.104{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e44b08c6705ecaf2021-12-21 10:29:18.104root 11241100x8000000000000000359000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.105{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8e70c5c3bc568162021-12-21 10:29:18.105root 11241100x8000000000000000359001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.105{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e96e8467199f4552021-12-21 10:29:18.105root 11241100x8000000000000000359002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.105{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea755cad2dbc69532021-12-21 10:29:18.105root 11241100x8000000000000000359003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.105{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6976c3e0dbf007d2021-12-21 10:29:18.105root 11241100x8000000000000000359004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.105{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864d2d35b1bb15942021-12-21 10:29:18.105root 11241100x8000000000000000359005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.105{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a24c40f90c1a0b2021-12-21 10:29:18.105root 534500x8000000000000000359006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.117{ec2b6afe-ac7e-61c1-6834-72e452560000}5708/bin/psroot 354300x8000000000000000359007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.245{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47168-false10.0.1.12-8000- 11241100x8000000000000000359008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f35320081e96989f2021-12-21 10:29:18.443root 11241100x8000000000000000359009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.173332228f3803b42021-12-21 10:29:18.443root 11241100x8000000000000000359010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f529cb39e758ad02021-12-21 10:29:18.443root 11241100x8000000000000000359011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a8dfdcecc57133c2021-12-21 10:29:18.443root 11241100x8000000000000000359012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e3a7848261f5532021-12-21 10:29:18.444root 11241100x8000000000000000359013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc7c5d811cd83ed2021-12-21 10:29:18.444root 11241100x8000000000000000359014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5dc0b3e2c46b802021-12-21 10:29:18.444root 11241100x8000000000000000359015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70439f78974e19f12021-12-21 10:29:18.444root 11241100x8000000000000000359016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0abdedf2d29b11342021-12-21 10:29:18.444root 11241100x8000000000000000359017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b45c4faa4ef98c82021-12-21 10:29:18.444root 11241100x8000000000000000359018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f0005faffd19c672021-12-21 10:29:18.444root 11241100x8000000000000000359019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050c3255697b361e2021-12-21 10:29:18.444root 11241100x8000000000000000359020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74802d4f8bb889142021-12-21 10:29:18.444root 11241100x8000000000000000359021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2bac23d86783522021-12-21 10:29:18.444root 11241100x8000000000000000359022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a722b8ebd7ace3c12021-12-21 10:29:18.444root 11241100x8000000000000000359023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104c0de051edb88c2021-12-21 10:29:18.444root 11241100x8000000000000000359024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef7f66aa5bf62c0b2021-12-21 10:29:18.444root 11241100x8000000000000000359025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a611ce549fa4042021-12-21 10:29:18.444root 11241100x8000000000000000359026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da162267e8ac67312021-12-21 10:29:18.444root 11241100x8000000000000000359027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.803ad2e09530cd852021-12-21 10:29:18.444root 11241100x8000000000000000359028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c29cb3c594e874382021-12-21 10:29:18.445root 11241100x8000000000000000359029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a647c5b83160745f2021-12-21 10:29:18.445root 11241100x8000000000000000359030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0d3745524aee312021-12-21 10:29:18.445root 11241100x8000000000000000359031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.986ab5c854ac02092021-12-21 10:29:18.445root 11241100x8000000000000000359032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d739a9ed724745d42021-12-21 10:29:18.943root 11241100x8000000000000000359033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11840b3522d1c2c2021-12-21 10:29:18.943root 11241100x8000000000000000359034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8d58fc4286be6a2021-12-21 10:29:18.943root 11241100x8000000000000000359035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8cacd1941e0b51e2021-12-21 10:29:18.943root 11241100x8000000000000000359036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463e0d9c80010d762021-12-21 10:29:18.944root 11241100x8000000000000000359037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f894b7a47298b402021-12-21 10:29:18.944root 11241100x8000000000000000359038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee29c3a5cfcde502021-12-21 10:29:18.944root 11241100x8000000000000000359039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78c56b812dfd0242021-12-21 10:29:18.944root 11241100x8000000000000000359040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d47fbd717a2a832021-12-21 10:29:18.944root 11241100x8000000000000000359041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb75d6992f8dab7e2021-12-21 10:29:18.945root 11241100x8000000000000000359042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79626d2751128b82021-12-21 10:29:18.946root 11241100x8000000000000000359043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342a8a1ac56776562021-12-21 10:29:18.946root 11241100x8000000000000000359044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9477c3507d49742021-12-21 10:29:18.946root 11241100x8000000000000000359045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dac16f202d571a662021-12-21 10:29:18.946root 11241100x8000000000000000359046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6556e83191a2cbdc2021-12-21 10:29:18.946root 11241100x8000000000000000359047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03098c2155a518f02021-12-21 10:29:18.946root 11241100x8000000000000000359048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92299ca0d3c5f8932021-12-21 10:29:18.946root 11241100x8000000000000000359049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf0123b0816f65342021-12-21 10:29:18.946root 11241100x8000000000000000359050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab49999336f81b32021-12-21 10:29:18.946root 11241100x8000000000000000359051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aadef0df25f2bab2021-12-21 10:29:18.946root 11241100x8000000000000000359052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcd397b01e7a05132021-12-21 10:29:18.946root 11241100x8000000000000000359053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42e7e874a3078062021-12-21 10:29:18.946root 11241100x8000000000000000359054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e72019a47fe7022a2021-12-21 10:29:18.946root 11241100x8000000000000000359055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:18.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8679f92d4050475e2021-12-21 10:29:18.947root 11241100x8000000000000000359056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f537bad8425b60c2021-12-21 10:29:19.443root 11241100x8000000000000000359057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65da2a76e210d1fe2021-12-21 10:29:19.443root 11241100x8000000000000000359058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffdc30bd8623b05c2021-12-21 10:29:19.443root 11241100x8000000000000000359059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a56fbee213e44f2021-12-21 10:29:19.444root 11241100x8000000000000000359060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f79b2b043099e02021-12-21 10:29:19.444root 11241100x8000000000000000359061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.106f23a14f42289f2021-12-21 10:29:19.444root 11241100x8000000000000000359062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b489af5de8a3d82021-12-21 10:29:19.444root 11241100x8000000000000000359063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73982203f9fe1b272021-12-21 10:29:19.444root 11241100x8000000000000000359064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896f443b5ca5bfeb2021-12-21 10:29:19.444root 11241100x8000000000000000359065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c9ec39166e6bd0d2021-12-21 10:29:19.444root 11241100x8000000000000000359066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.732b68bc2b369ffd2021-12-21 10:29:19.444root 11241100x8000000000000000359067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bad0528d240aed112021-12-21 10:29:19.444root 11241100x8000000000000000359068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d0dc49540eb27a2021-12-21 10:29:19.444root 11241100x8000000000000000359069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc51d65089c657f2021-12-21 10:29:19.444root 11241100x8000000000000000359070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c281c1281049654e2021-12-21 10:29:19.444root 11241100x8000000000000000359071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6661bca424a00b82021-12-21 10:29:19.444root 11241100x8000000000000000359072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14f722b638a3eb12021-12-21 10:29:19.445root 11241100x8000000000000000359073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796956fdae1b24552021-12-21 10:29:19.445root 11241100x8000000000000000359074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5ac0af9e2beeee2021-12-21 10:29:19.445root 11241100x8000000000000000359075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6981271bb24483a2021-12-21 10:29:19.445root 11241100x8000000000000000359076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37cb02be5a58d6422021-12-21 10:29:19.445root 11241100x8000000000000000359077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d255e780703bdb702021-12-21 10:29:19.445root 11241100x8000000000000000359078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30dcca998ea6756f2021-12-21 10:29:19.445root 11241100x8000000000000000359079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76b2fa25abac51d32021-12-21 10:29:19.445root 11241100x8000000000000000359080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be361421ae277ea2021-12-21 10:29:19.943root 11241100x8000000000000000359081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b100251d257d3d02021-12-21 10:29:19.943root 11241100x8000000000000000359082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c83122c0e75b70e2021-12-21 10:29:19.944root 11241100x8000000000000000359083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39167d93a598f54c2021-12-21 10:29:19.944root 11241100x8000000000000000359084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.976d768459557d422021-12-21 10:29:19.944root 11241100x8000000000000000359085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b29810c446932c2021-12-21 10:29:19.944root 11241100x8000000000000000359086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a27a6c5068a1e8fa2021-12-21 10:29:19.944root 11241100x8000000000000000359087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c378a5428b06c52021-12-21 10:29:19.944root 11241100x8000000000000000359088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee24ec91313cd14d2021-12-21 10:29:19.944root 11241100x8000000000000000359089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0edbeb3267b21f12021-12-21 10:29:19.944root 11241100x8000000000000000359090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a2301da65a746e2021-12-21 10:29:19.944root 11241100x8000000000000000359091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e54932a3bbe0f22021-12-21 10:29:19.945root 11241100x8000000000000000359092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc15e906d529c2f2021-12-21 10:29:19.945root 11241100x8000000000000000359093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591ec0de6aaa38be2021-12-21 10:29:19.945root 11241100x8000000000000000359094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e6bcd5bf28f89682021-12-21 10:29:19.945root 11241100x8000000000000000359095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f38f5d0c4ef9a092021-12-21 10:29:19.945root 11241100x8000000000000000359096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f96162b662f42f412021-12-21 10:29:19.945root 11241100x8000000000000000359097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3984a7432c1b1392021-12-21 10:29:19.945root 11241100x8000000000000000359098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72b00f0343824b02021-12-21 10:29:19.945root 11241100x8000000000000000359099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.649ea541438bf6cc2021-12-21 10:29:19.945root 11241100x8000000000000000359100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1590e2d53f99b22021-12-21 10:29:19.945root 11241100x8000000000000000359101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3f3f5c024ba4342021-12-21 10:29:19.945root 11241100x8000000000000000359102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d91423a74bf4a32021-12-21 10:29:19.945root 11241100x8000000000000000359103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a971f8b9a9b9f0e2021-12-21 10:29:19.945root 11241100x8000000000000000359104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b83bf7be99acebe2021-12-21 10:29:20.443root 11241100x8000000000000000359105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b8b44e777170862021-12-21 10:29:20.443root 11241100x8000000000000000359106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5207a65c0f3212dc2021-12-21 10:29:20.443root 11241100x8000000000000000359107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af4bbaf81af79a4e2021-12-21 10:29:20.443root 11241100x8000000000000000359108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0e3a49e5dc320e2021-12-21 10:29:20.444root 11241100x8000000000000000359109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d264ab3515165b2021-12-21 10:29:20.444root 11241100x8000000000000000359110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8901ba8c2072252021-12-21 10:29:20.444root 11241100x8000000000000000359111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb77da3d22c54ac2021-12-21 10:29:20.444root 11241100x8000000000000000359112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be7fabff9ab4b1302021-12-21 10:29:20.444root 11241100x8000000000000000359113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6b0a781685d9f42021-12-21 10:29:20.444root 11241100x8000000000000000359114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aded92ec495f92f2021-12-21 10:29:20.444root 11241100x8000000000000000359115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61afd2f2f96543142021-12-21 10:29:20.444root 11241100x8000000000000000359116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf7316cd86224012021-12-21 10:29:20.444root 11241100x8000000000000000359117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997a81896fe2f4e62021-12-21 10:29:20.444root 11241100x8000000000000000359118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3128debddc8232352021-12-21 10:29:20.444root 11241100x8000000000000000359119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726ac3a563cea6f62021-12-21 10:29:20.444root 11241100x8000000000000000359120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f001a36fd54c57d2021-12-21 10:29:20.444root 11241100x8000000000000000359121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6792f54666f698b42021-12-21 10:29:20.444root 11241100x8000000000000000359122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce42699159111dfc2021-12-21 10:29:20.444root 11241100x8000000000000000359123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ad07ccd08a976172021-12-21 10:29:20.445root 11241100x8000000000000000359124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b707e083404f972021-12-21 10:29:20.445root 11241100x8000000000000000359125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1d8c042b050b952021-12-21 10:29:20.445root 11241100x8000000000000000359126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e492a791110ca252021-12-21 10:29:20.445root 11241100x8000000000000000359127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f8f957af6e5bba2021-12-21 10:29:20.445root 11241100x8000000000000000359128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cecde260ad14e662021-12-21 10:29:20.943root 11241100x8000000000000000359129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ca32e13905833e2021-12-21 10:29:20.943root 11241100x8000000000000000359130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b07406b27438d422021-12-21 10:29:20.944root 11241100x8000000000000000359131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5bab926aa9642f2021-12-21 10:29:20.944root 11241100x8000000000000000359132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d816b659f5fdf742021-12-21 10:29:20.944root 11241100x8000000000000000359133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f3f5294b84853022021-12-21 10:29:20.944root 11241100x8000000000000000359134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879c3d170f2c1cba2021-12-21 10:29:20.944root 11241100x8000000000000000359135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afd250e52e4dba562021-12-21 10:29:20.945root 11241100x8000000000000000359136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b28c0a7e9fe4302021-12-21 10:29:20.945root 11241100x8000000000000000359137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a5628c82e75672b2021-12-21 10:29:20.945root 11241100x8000000000000000359138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d1719e48456f09f2021-12-21 10:29:20.945root 11241100x8000000000000000359139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9424f9f6346fe9602021-12-21 10:29:20.945root 11241100x8000000000000000359140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f10fb3541cdc2b2021-12-21 10:29:20.945root 11241100x8000000000000000359141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a79a7b0b483f419f2021-12-21 10:29:20.945root 11241100x8000000000000000359142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fed5f33c710baac2021-12-21 10:29:20.945root 11241100x8000000000000000359143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.048a4e40e115d00f2021-12-21 10:29:20.945root 11241100x8000000000000000359144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ceb6be70994d5452021-12-21 10:29:20.945root 11241100x8000000000000000359145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edd25c922a405ef02021-12-21 10:29:20.945root 11241100x8000000000000000359146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5305317001b3db22021-12-21 10:29:20.945root 11241100x8000000000000000359147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff49b70aba0f29242021-12-21 10:29:20.945root 11241100x8000000000000000359148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.342487d70d30e5b62021-12-21 10:29:20.945root 11241100x8000000000000000359149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af626c7a3130ee772021-12-21 10:29:20.946root 11241100x8000000000000000359150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7fa2ef32b6acb62021-12-21 10:29:20.946root 11241100x8000000000000000359151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:20.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d5115be2fa8625c2021-12-21 10:29:20.946root 11241100x8000000000000000359152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728e3a1cf51a69e22021-12-21 10:29:21.443root 11241100x8000000000000000359153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d29b228f05ffc82021-12-21 10:29:21.443root 11241100x8000000000000000359154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6812a70f7afe5b12021-12-21 10:29:21.443root 11241100x8000000000000000359155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.294c7b8f942c3eac2021-12-21 10:29:21.443root 11241100x8000000000000000359156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751d6cf93fcd51b72021-12-21 10:29:21.443root 11241100x8000000000000000359157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb3a5399f357d2332021-12-21 10:29:21.444root 11241100x8000000000000000359158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452d33936e1ae70a2021-12-21 10:29:21.444root 11241100x8000000000000000359159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d7e8609e7396652021-12-21 10:29:21.444root 11241100x8000000000000000359160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57acc93e582b1bbf2021-12-21 10:29:21.444root 11241100x8000000000000000359161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f45cf340ce31e4b2021-12-21 10:29:21.444root 11241100x8000000000000000359162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02060860ec921b62021-12-21 10:29:21.444root 11241100x8000000000000000359163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2abe0b9dedbff7d2021-12-21 10:29:21.444root 11241100x8000000000000000359164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5712e6f77d94dcb52021-12-21 10:29:21.444root 11241100x8000000000000000359165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd8e7ac0180421d2021-12-21 10:29:21.444root 11241100x8000000000000000359166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f21a62b1795ac52021-12-21 10:29:21.444root 11241100x8000000000000000359167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492e1b9b9d95eab92021-12-21 10:29:21.444root 11241100x8000000000000000359168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe4fadba7b095342021-12-21 10:29:21.444root 11241100x8000000000000000359169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96bdb9f96a5bfbf2021-12-21 10:29:21.444root 11241100x8000000000000000359170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a03e19e54abe4a1b2021-12-21 10:29:21.444root 11241100x8000000000000000359171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd41817941f5aadb2021-12-21 10:29:21.445root 11241100x8000000000000000359172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ec6411ee2f85c152021-12-21 10:29:21.445root 11241100x8000000000000000359173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff15e31c9c7a099a2021-12-21 10:29:21.445root 11241100x8000000000000000359174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2838c825fcf376532021-12-21 10:29:21.445root 11241100x8000000000000000359175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b25fdf2743d48192021-12-21 10:29:21.445root 11241100x8000000000000000359176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee83dff0bb2ab05a2021-12-21 10:29:21.943root 11241100x8000000000000000359177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388412926a9f16712021-12-21 10:29:21.943root 11241100x8000000000000000359178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad4c93a31310441f2021-12-21 10:29:21.943root 11241100x8000000000000000359179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c37440797e276502021-12-21 10:29:21.943root 11241100x8000000000000000359180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4954a0e54cadef2021-12-21 10:29:21.944root 11241100x8000000000000000359181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39fb469b8837ac822021-12-21 10:29:21.944root 11241100x8000000000000000359182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43243a07182d77032021-12-21 10:29:21.944root 11241100x8000000000000000359183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37ed9a47ea0d62de2021-12-21 10:29:21.944root 11241100x8000000000000000359184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6765c7da54e3ec2021-12-21 10:29:21.944root 11241100x8000000000000000359185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e99a3ec86bb7c12021-12-21 10:29:21.944root 11241100x8000000000000000359186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b677a10d6adcab9f2021-12-21 10:29:21.944root 11241100x8000000000000000359187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16794259b3d230632021-12-21 10:29:21.944root 11241100x8000000000000000359188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9437e71c705954b22021-12-21 10:29:21.944root 11241100x8000000000000000359189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4a47b264070efd2021-12-21 10:29:21.944root 11241100x8000000000000000359190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77258beba8e43acb2021-12-21 10:29:21.944root 11241100x8000000000000000359191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ae0d16c106d3592021-12-21 10:29:21.944root 11241100x8000000000000000359192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515130fef505bd532021-12-21 10:29:21.944root 11241100x8000000000000000359193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e8663f2d727f3c2021-12-21 10:29:21.944root 11241100x8000000000000000359194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319dcadbe81739bd2021-12-21 10:29:21.944root 11241100x8000000000000000359195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77343d386d8a70a92021-12-21 10:29:21.944root 11241100x8000000000000000359196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e85ab1ab67d78ca2021-12-21 10:29:21.945root 11241100x8000000000000000359197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ba29e1bc495b0af2021-12-21 10:29:21.945root 11241100x8000000000000000359198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0146cf29a6d70c2021-12-21 10:29:21.945root 11241100x8000000000000000359199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88d85f4796b5e3a42021-12-21 10:29:21.945root 11241100x8000000000000000359200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e196842dc2f3114b2021-12-21 10:29:22.443root 11241100x8000000000000000359201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb4105ecb57c5bf2021-12-21 10:29:22.443root 11241100x8000000000000000359202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353480bc9608e6022021-12-21 10:29:22.443root 11241100x8000000000000000359203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10e01fa031ef05f72021-12-21 10:29:22.443root 11241100x8000000000000000359204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d83484a9ec92c22021-12-21 10:29:22.443root 11241100x8000000000000000359205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df567647c16fb1a2021-12-21 10:29:22.444root 11241100x8000000000000000359206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9bf675d0555d4e62021-12-21 10:29:22.444root 11241100x8000000000000000359207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d412c9e5cd9e2cd2021-12-21 10:29:22.444root 11241100x8000000000000000359208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae738489806f8fe72021-12-21 10:29:22.444root 11241100x8000000000000000359209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1cdb78777e7bb672021-12-21 10:29:22.444root 11241100x8000000000000000359210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0bf52f4458c47752021-12-21 10:29:22.444root 11241100x8000000000000000359211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3c4f58416f90a82021-12-21 10:29:22.444root 11241100x8000000000000000359212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7912f8d0ef3232c22021-12-21 10:29:22.444root 11241100x8000000000000000359213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.641a8aefdc8fda312021-12-21 10:29:22.444root 11241100x8000000000000000359214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8bc13e61bf75f542021-12-21 10:29:22.444root 11241100x8000000000000000359215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee75e869abe6ba3a2021-12-21 10:29:22.444root 11241100x8000000000000000359216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80431863b2ac06292021-12-21 10:29:22.444root 11241100x8000000000000000359217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37c20e445d4220c2021-12-21 10:29:22.444root 11241100x8000000000000000359218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a878c585231f3b7f2021-12-21 10:29:22.444root 11241100x8000000000000000359219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7adf38b9220e4712021-12-21 10:29:22.444root 11241100x8000000000000000359220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726c7a0b385f3c232021-12-21 10:29:22.444root 11241100x8000000000000000359221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42595fc5caecb0e52021-12-21 10:29:22.445root 11241100x8000000000000000359222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.158b8231e1fc1d9c2021-12-21 10:29:22.445root 11241100x8000000000000000359223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8c6bcc82ebb42fa2021-12-21 10:29:22.445root 11241100x8000000000000000359224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c23b4cf878b1d252021-12-21 10:29:22.943root 11241100x8000000000000000359225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7258eedd18fc3d662021-12-21 10:29:22.943root 11241100x8000000000000000359226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc2c4c5bbba247e2021-12-21 10:29:22.943root 11241100x8000000000000000359227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53788a23155499522021-12-21 10:29:22.944root 11241100x8000000000000000359228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53933a822c3a4f412021-12-21 10:29:22.944root 11241100x8000000000000000359229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad01dc0ee584d5a02021-12-21 10:29:22.944root 11241100x8000000000000000359230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78dad70249fb5aa02021-12-21 10:29:22.944root 11241100x8000000000000000359231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7578bff209f0c5ab2021-12-21 10:29:22.944root 11241100x8000000000000000359232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01955fb1a08fd2752021-12-21 10:29:22.944root 11241100x8000000000000000359233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55056ad9bf511112021-12-21 10:29:22.944root 11241100x8000000000000000359234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c0b5683045166ac2021-12-21 10:29:22.944root 11241100x8000000000000000359235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4cc3bf08dec879a2021-12-21 10:29:22.944root 11241100x8000000000000000359236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e7a3f0e94f71832021-12-21 10:29:22.944root 11241100x8000000000000000359237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d09abd84d687f22021-12-21 10:29:22.944root 11241100x8000000000000000359238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685e17f153fbc3b82021-12-21 10:29:22.944root 11241100x8000000000000000359239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb9f04c2b6037ee2021-12-21 10:29:22.944root 11241100x8000000000000000359240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd6ada85b9d88032021-12-21 10:29:22.944root 11241100x8000000000000000359241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c09af51ab0b82212021-12-21 10:29:22.944root 11241100x8000000000000000359242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af68e9ad1fad084e2021-12-21 10:29:22.945root 11241100x8000000000000000359243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec6787c53f608e7f2021-12-21 10:29:22.945root 11241100x8000000000000000359244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0057f28a7b020d072021-12-21 10:29:22.945root 11241100x8000000000000000359245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc23739097b40f122021-12-21 10:29:22.945root 11241100x8000000000000000359246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b332a24a7daec0c2021-12-21 10:29:22.945root 11241100x8000000000000000359247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb46dcf1277235a2021-12-21 10:29:22.945root 11241100x8000000000000000359248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2598d39be0e2012021-12-21 10:29:23.443root 11241100x8000000000000000359249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ba64d9615273032021-12-21 10:29:23.443root 11241100x8000000000000000359250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1bcbda9d355cc652021-12-21 10:29:23.443root 11241100x8000000000000000359251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a070b3872b94bbe2021-12-21 10:29:23.443root 11241100x8000000000000000359252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f04faaa9b8871c2021-12-21 10:29:23.443root 11241100x8000000000000000359253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0bc22985bb926952021-12-21 10:29:23.444root 11241100x8000000000000000359254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e288c646d5adbb2021-12-21 10:29:23.444root 11241100x8000000000000000359255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed833580de547cab2021-12-21 10:29:23.444root 11241100x8000000000000000359256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d54c1d1b7a8f2272021-12-21 10:29:23.444root 11241100x8000000000000000359257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55489e083aa2b1422021-12-21 10:29:23.444root 11241100x8000000000000000359258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cacf0eb84b3a66492021-12-21 10:29:23.444root 11241100x8000000000000000359259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ee5fc00b0996d612021-12-21 10:29:23.444root 11241100x8000000000000000359260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568b5ea41e88ad6d2021-12-21 10:29:23.444root 11241100x8000000000000000359261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50581e6ee0941832021-12-21 10:29:23.444root 11241100x8000000000000000359262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23984c4ec785b502021-12-21 10:29:23.444root 11241100x8000000000000000359263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c31a8a05af1b0032021-12-21 10:29:23.444root 11241100x8000000000000000359264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18f75d6bf6cf52d2021-12-21 10:29:23.444root 11241100x8000000000000000359265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d6820b2b7c3571b2021-12-21 10:29:23.444root 11241100x8000000000000000359266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba082aca681cce92021-12-21 10:29:23.444root 11241100x8000000000000000359267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d136e2e928ba7e2021-12-21 10:29:23.444root 11241100x8000000000000000359268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5703152f92b3e73c2021-12-21 10:29:23.445root 11241100x8000000000000000359269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3841358ee347722021-12-21 10:29:23.445root 11241100x8000000000000000359270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187ccd54cad104842021-12-21 10:29:23.445root 11241100x8000000000000000359271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e681c0919c228f42021-12-21 10:29:23.445root 11241100x8000000000000000359272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c6de678b8e87122021-12-21 10:29:23.943root 11241100x8000000000000000359273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868fb7f342fbb2f22021-12-21 10:29:23.943root 11241100x8000000000000000359274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d59154938f78c25a2021-12-21 10:29:23.944root 11241100x8000000000000000359275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd7a8c2beba44d7d2021-12-21 10:29:23.944root 11241100x8000000000000000359276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0235d33f19dcab332021-12-21 10:29:23.944root 11241100x8000000000000000359277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd0cd31f421334d02021-12-21 10:29:23.944root 11241100x8000000000000000359278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.389a8d551e3ca0d92021-12-21 10:29:23.944root 11241100x8000000000000000359279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4459f076b32a572021-12-21 10:29:23.944root 11241100x8000000000000000359280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.260f80a448b456162021-12-21 10:29:23.944root 11241100x8000000000000000359281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88cd4972df81cf742021-12-21 10:29:23.944root 11241100x8000000000000000359282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6026ba36b9a302262021-12-21 10:29:23.944root 11241100x8000000000000000359283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6510a01ad330e22021-12-21 10:29:23.944root 11241100x8000000000000000359284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf420aec6381593a2021-12-21 10:29:23.944root 11241100x8000000000000000359285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6143fe69b5257c872021-12-21 10:29:23.944root 11241100x8000000000000000359286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba642e3ee74117d2021-12-21 10:29:23.944root 11241100x8000000000000000359287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0143327779c53e1b2021-12-21 10:29:23.944root 11241100x8000000000000000359288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ff7a3bac92a0222021-12-21 10:29:23.944root 11241100x8000000000000000359289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ccf5e5733ae7e502021-12-21 10:29:23.945root 11241100x8000000000000000359290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c140052c14c4da72021-12-21 10:29:23.945root 11241100x8000000000000000359291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed421538189634842021-12-21 10:29:23.945root 11241100x8000000000000000359292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984939df359549502021-12-21 10:29:23.945root 11241100x8000000000000000359293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a5ca5baa25edf82021-12-21 10:29:23.945root 11241100x8000000000000000359294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9463f5b49c348372021-12-21 10:29:23.945root 11241100x8000000000000000359295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5b2d5860020db542021-12-21 10:29:23.945root 354300x8000000000000000359296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.189{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47170-false10.0.1.12-8000- 11241100x8000000000000000359297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e770359c219a1bf2021-12-21 10:29:24.443root 11241100x8000000000000000359298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4de3b9640df2ece12021-12-21 10:29:24.443root 11241100x8000000000000000359299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6dca774446f62732021-12-21 10:29:24.443root 11241100x8000000000000000359300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a691dbc6f91264712021-12-21 10:29:24.444root 11241100x8000000000000000359301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d45a1e4df6ce04682021-12-21 10:29:24.444root 11241100x8000000000000000359302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2780b275929b86552021-12-21 10:29:24.444root 11241100x8000000000000000359303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c4e3c8324076852021-12-21 10:29:24.444root 11241100x8000000000000000359304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3caed25c0ee0a8232021-12-21 10:29:24.444root 11241100x8000000000000000359305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31169033d955f9982021-12-21 10:29:24.444root 11241100x8000000000000000359306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cddfc7a516c438622021-12-21 10:29:24.444root 11241100x8000000000000000359307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aba4692584710242021-12-21 10:29:24.444root 11241100x8000000000000000359308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5504de342a9c8132021-12-21 10:29:24.445root 11241100x8000000000000000359309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82facc9dec8155e2021-12-21 10:29:24.445root 11241100x8000000000000000359310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55dde81e2a96af02021-12-21 10:29:24.445root 11241100x8000000000000000359311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82400c5fe582698a2021-12-21 10:29:24.445root 11241100x8000000000000000359312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533b86f86d032efe2021-12-21 10:29:24.445root 11241100x8000000000000000359313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f9a0c208dd77c3a2021-12-21 10:29:24.445root 11241100x8000000000000000359314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04d9fcf390703f72021-12-21 10:29:24.445root 11241100x8000000000000000359315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11853abf12f036d12021-12-21 10:29:24.445root 11241100x8000000000000000359316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0726a47eb6af26f52021-12-21 10:29:24.445root 11241100x8000000000000000359317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce12bccc58aa27fc2021-12-21 10:29:24.446root 11241100x8000000000000000359318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd78e4f410b7b1b2021-12-21 10:29:24.446root 11241100x8000000000000000359319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2547e0a9949d00022021-12-21 10:29:24.446root 11241100x8000000000000000359320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b4a58ad63b6c5052021-12-21 10:29:24.446root 11241100x8000000000000000359321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27809724389219102021-12-21 10:29:24.446root 11241100x8000000000000000359322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83323ad5200656392021-12-21 10:29:24.942root 11241100x8000000000000000359323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279c2916904ac8c02021-12-21 10:29:24.943root 11241100x8000000000000000359324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.137f22464b3c4f322021-12-21 10:29:24.943root 11241100x8000000000000000359325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20816ea3ac5194912021-12-21 10:29:24.943root 11241100x8000000000000000359326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762cb4fbf9648d432021-12-21 10:29:24.943root 11241100x8000000000000000359327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc15c13e9e27eee02021-12-21 10:29:24.943root 11241100x8000000000000000359328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0700d50291bdf8ae2021-12-21 10:29:24.943root 11241100x8000000000000000359329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a4d5e01884141022021-12-21 10:29:24.944root 11241100x8000000000000000359330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.715c7142e2a880312021-12-21 10:29:24.944root 11241100x8000000000000000359331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02310e96335f2ced2021-12-21 10:29:24.944root 11241100x8000000000000000359332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965ab938da36d9892021-12-21 10:29:24.944root 11241100x8000000000000000359333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e781c659cb3471c12021-12-21 10:29:24.945root 11241100x8000000000000000359334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc9f71aa9a9234da2021-12-21 10:29:24.945root 11241100x8000000000000000359335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c2b84fbb0faab22021-12-21 10:29:24.945root 11241100x8000000000000000359336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff161454cd5bca22021-12-21 10:29:24.945root 11241100x8000000000000000359337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7531b716747435cc2021-12-21 10:29:24.945root 11241100x8000000000000000359338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1bfaacd9586eb32021-12-21 10:29:24.946root 11241100x8000000000000000359339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7da35520abf72492021-12-21 10:29:24.946root 11241100x8000000000000000359340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee72910cb5a81422021-12-21 10:29:24.946root 11241100x8000000000000000359341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db2da75e1bacb09c2021-12-21 10:29:24.946root 11241100x8000000000000000359342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e63541381420d22021-12-21 10:29:24.947root 11241100x8000000000000000359343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d975950b5180dc2021-12-21 10:29:24.947root 11241100x8000000000000000359344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a427709e966b4bbc2021-12-21 10:29:24.947root 11241100x8000000000000000359345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37334d66e62963872021-12-21 10:29:24.947root 11241100x8000000000000000359346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2f87e8b7cf5c91d2021-12-21 10:29:24.947root 11241100x8000000000000000359347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec31e23deabfc982021-12-21 10:29:24.947root 11241100x8000000000000000359348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c55b280e938151e2021-12-21 10:29:24.947root 11241100x8000000000000000359349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03264dfba35eec022021-12-21 10:29:24.947root 11241100x8000000000000000359350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d9efaf6a60598a2021-12-21 10:29:24.947root 11241100x8000000000000000359351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5194cd31223898ff2021-12-21 10:29:24.947root 11241100x8000000000000000359352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e23c263092a4d50e2021-12-21 10:29:24.948root 11241100x8000000000000000359353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:24.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea358485febb8af2021-12-21 10:29:24.948root 354300x8000000000000000359354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.109{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-34236-false10.0.1.12-8089- 11241100x8000000000000000359355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9705f266c1e1817f2021-12-21 10:29:25.443root 11241100x8000000000000000359356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a121680b19553812021-12-21 10:29:25.444root 11241100x8000000000000000359357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4cca64591fcd6d42021-12-21 10:29:25.444root 11241100x8000000000000000359358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e3ea6e0d76b13ec2021-12-21 10:29:25.444root 11241100x8000000000000000359359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb44fa2e0dea5572021-12-21 10:29:25.444root 11241100x8000000000000000359360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48099d0fde59af382021-12-21 10:29:25.445root 11241100x8000000000000000359361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed550058393b75602021-12-21 10:29:25.445root 11241100x8000000000000000359362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa70e1481438c54e2021-12-21 10:29:25.445root 11241100x8000000000000000359363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f01e97129c045522021-12-21 10:29:25.445root 11241100x8000000000000000359364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44ac941325432e82021-12-21 10:29:25.445root 11241100x8000000000000000359365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ede7ca7ae8dd2a2021-12-21 10:29:25.445root 11241100x8000000000000000359366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ca61f72a3c7f9df2021-12-21 10:29:25.445root 11241100x8000000000000000359367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.600f7206953c55d82021-12-21 10:29:25.445root 11241100x8000000000000000359368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.707988d13f3080842021-12-21 10:29:25.445root 11241100x8000000000000000359369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.047b8892d65ac40a2021-12-21 10:29:25.446root 11241100x8000000000000000359370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e547d8a66dbc01d2021-12-21 10:29:25.446root 11241100x8000000000000000359371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6382046ddb3c68d12021-12-21 10:29:25.446root 11241100x8000000000000000359372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b74879e1d19d5a02021-12-21 10:29:25.446root 11241100x8000000000000000359373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.147edf6b87e170462021-12-21 10:29:25.446root 11241100x8000000000000000359374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dc625539ab176a12021-12-21 10:29:25.446root 11241100x8000000000000000359375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de2df11a903f4c1e2021-12-21 10:29:25.446root 11241100x8000000000000000359376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a12b80c94b7e452021-12-21 10:29:25.446root 11241100x8000000000000000359377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea1ff8ad37f28d72021-12-21 10:29:25.446root 11241100x8000000000000000359378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75695cbc609f07a42021-12-21 10:29:25.446root 11241100x8000000000000000359379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efc91d63b698f2b82021-12-21 10:29:25.446root 11241100x8000000000000000359380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc189a723689d7ef2021-12-21 10:29:25.446root 11241100x8000000000000000359381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f712f6e0fcbcadff2021-12-21 10:29:25.943root 11241100x8000000000000000359382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f7a7e414c95f962021-12-21 10:29:25.943root 11241100x8000000000000000359383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03149c0f906e97b2021-12-21 10:29:25.944root 11241100x8000000000000000359384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a625b93b16fb29ea2021-12-21 10:29:25.944root 11241100x8000000000000000359385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef90bcec526cab662021-12-21 10:29:25.944root 11241100x8000000000000000359386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8f6e3e3c7cd6d72021-12-21 10:29:25.944root 11241100x8000000000000000359387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1b6dc37bf7ccf92021-12-21 10:29:25.944root 11241100x8000000000000000359388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5565e7209327a32021-12-21 10:29:25.944root 11241100x8000000000000000359389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.801fb344ccb4db472021-12-21 10:29:25.945root 11241100x8000000000000000359390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd199af0c335d102021-12-21 10:29:25.945root 11241100x8000000000000000359391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a1e66d752ddcb982021-12-21 10:29:25.945root 11241100x8000000000000000359392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97892d78a15163c2021-12-21 10:29:25.945root 11241100x8000000000000000359393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eac83913be418522021-12-21 10:29:25.945root 11241100x8000000000000000359394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20bdbe17e821ba6d2021-12-21 10:29:25.945root 11241100x8000000000000000359395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a23528e673290c2021-12-21 10:29:25.945root 11241100x8000000000000000359396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95677ed8c66c21b72021-12-21 10:29:25.945root 11241100x8000000000000000359397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d70c07142ed94d02021-12-21 10:29:25.945root 11241100x8000000000000000359398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c66f89aa8d3e5d362021-12-21 10:29:25.945root 11241100x8000000000000000359399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f991b5e631c70d592021-12-21 10:29:25.945root 11241100x8000000000000000359400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44199b388fae579e2021-12-21 10:29:25.945root 11241100x8000000000000000359401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b6c0d9f92fd4bb42021-12-21 10:29:25.946root 11241100x8000000000000000359402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7034927de8442a2021-12-21 10:29:25.946root 11241100x8000000000000000359403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6aaa8a818bfffd32021-12-21 10:29:25.946root 11241100x8000000000000000359404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d99ea11ac582fe2021-12-21 10:29:25.946root 11241100x8000000000000000359405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5292d0114dbc94b72021-12-21 10:29:25.946root 11241100x8000000000000000359406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:25.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbab26921d2ff7c62021-12-21 10:29:25.946root 11241100x8000000000000000359407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6404894d83bbf082021-12-21 10:29:26.443root 11241100x8000000000000000359408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be45290b07c1af372021-12-21 10:29:26.443root 11241100x8000000000000000359409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d69ce2f552008fc2021-12-21 10:29:26.443root 11241100x8000000000000000359410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffc2545af6914452021-12-21 10:29:26.443root 11241100x8000000000000000359411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6cb4396380bfe662021-12-21 10:29:26.443root 11241100x8000000000000000359412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b240e9befc96be72021-12-21 10:29:26.443root 11241100x8000000000000000359413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04defb853462b8712021-12-21 10:29:26.443root 11241100x8000000000000000359414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c412c67978b28c92021-12-21 10:29:26.443root 11241100x8000000000000000359415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc5cfdbce7f00ed12021-12-21 10:29:26.444root 11241100x8000000000000000359416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55ea79acf5eb92a2021-12-21 10:29:26.444root 11241100x8000000000000000359417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5fff09108db0d12021-12-21 10:29:26.444root 11241100x8000000000000000359418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f051543de2c55e182021-12-21 10:29:26.444root 11241100x8000000000000000359419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8818fefcf15828ea2021-12-21 10:29:26.444root 11241100x8000000000000000359420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba07f4ce4f3baffe2021-12-21 10:29:26.444root 11241100x8000000000000000359421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590e5361b7233e9e2021-12-21 10:29:26.444root 11241100x8000000000000000359422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fcc9f86199404252021-12-21 10:29:26.444root 11241100x8000000000000000359423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c689b4de116e85a12021-12-21 10:29:26.444root 11241100x8000000000000000359424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f64f42994f749262021-12-21 10:29:26.444root 11241100x8000000000000000359425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b1097e279cce132021-12-21 10:29:26.444root 11241100x8000000000000000359426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb29edcb28f505e72021-12-21 10:29:26.445root 11241100x8000000000000000359427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486f7a09f7168e712021-12-21 10:29:26.445root 11241100x8000000000000000359428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec574a069e390572021-12-21 10:29:26.445root 11241100x8000000000000000359429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d9ab3bec388bb152021-12-21 10:29:26.445root 11241100x8000000000000000359430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc1d368a16add59d2021-12-21 10:29:26.445root 11241100x8000000000000000359431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1993f0e1f76a7da92021-12-21 10:29:26.445root 11241100x8000000000000000359432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de0ac4e3cdd776b2021-12-21 10:29:26.445root 11241100x8000000000000000359433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1668b6118984d4562021-12-21 10:29:26.445root 11241100x8000000000000000359434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0f734c7c66b9abf2021-12-21 10:29:26.445root 11241100x8000000000000000359435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef58272d57ced932021-12-21 10:29:26.445root 11241100x8000000000000000359436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4095671d5dd3c2d12021-12-21 10:29:26.445root 11241100x8000000000000000359437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a394be577cf94c42021-12-21 10:29:26.446root 11241100x8000000000000000359438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa46f0a18abaea9f2021-12-21 10:29:26.446root 11241100x8000000000000000359439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3f7a9cbb4016e42021-12-21 10:29:26.446root 11241100x8000000000000000359440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f401d305f1e9fbc12021-12-21 10:29:26.446root 11241100x8000000000000000359441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f398537af3ca45052021-12-21 10:29:26.446root 11241100x8000000000000000359442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.492f3db6008c111e2021-12-21 10:29:26.446root 11241100x8000000000000000359443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10609c71637d1572021-12-21 10:29:26.446root 11241100x8000000000000000359444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f7afe32aa86c0992021-12-21 10:29:26.447root 11241100x8000000000000000359445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18af3a4e14221312021-12-21 10:29:26.448root 11241100x8000000000000000359446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e164defe67ad6ba92021-12-21 10:29:26.448root 11241100x8000000000000000359447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b17bbfc8e6d84a2021-12-21 10:29:26.449root 11241100x8000000000000000359448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534cc8d3492aa1892021-12-21 10:29:26.449root 11241100x8000000000000000359449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28ff58287872c342021-12-21 10:29:26.449root 11241100x8000000000000000359450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30222db821c6c992021-12-21 10:29:26.449root 11241100x8000000000000000359451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edfff962356ad412021-12-21 10:29:26.943root 11241100x8000000000000000359452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4163b4db6500bcf2021-12-21 10:29:26.943root 11241100x8000000000000000359453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879b82523d2c367f2021-12-21 10:29:26.943root 11241100x8000000000000000359454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42cb8703696e7132021-12-21 10:29:26.944root 11241100x8000000000000000359455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca1b63a35ac92262021-12-21 10:29:26.944root 11241100x8000000000000000359456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8aafc3ed13065252021-12-21 10:29:26.944root 11241100x8000000000000000359457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2cb4c206dff28532021-12-21 10:29:26.944root 11241100x8000000000000000359458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26ca61bcb21ad4a2021-12-21 10:29:26.944root 11241100x8000000000000000359459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c681775762751a302021-12-21 10:29:26.944root 11241100x8000000000000000359460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3eb4849e75c2512021-12-21 10:29:26.944root 11241100x8000000000000000359461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22dec430279735382021-12-21 10:29:26.945root 11241100x8000000000000000359462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ddf34c09ec1a572021-12-21 10:29:26.945root 11241100x8000000000000000359463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611f7608e75b5bd02021-12-21 10:29:26.945root 11241100x8000000000000000359464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c5cccc83f5aca82021-12-21 10:29:26.945root 11241100x8000000000000000359465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa44bc313e6a1062021-12-21 10:29:26.945root 11241100x8000000000000000359466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae5f688a4b156dc2021-12-21 10:29:26.945root 11241100x8000000000000000359467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5137a927209c6e3d2021-12-21 10:29:26.945root 11241100x8000000000000000359468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48f6045bc031121d2021-12-21 10:29:26.945root 11241100x8000000000000000359469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d67738bff10bc22021-12-21 10:29:26.945root 11241100x8000000000000000359470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65d48de43f0ac1e12021-12-21 10:29:26.945root 11241100x8000000000000000359471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8be513e8e13b7992021-12-21 10:29:26.946root 11241100x8000000000000000359472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f22af8fa35da50bc2021-12-21 10:29:26.946root 11241100x8000000000000000359473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d58f9355b2e6f58f2021-12-21 10:29:26.946root 11241100x8000000000000000359474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7640329667f85e802021-12-21 10:29:26.946root 11241100x8000000000000000359475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd0e1d1613bdc552021-12-21 10:29:26.946root 11241100x8000000000000000359476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12f9b1dd49100b292021-12-21 10:29:26.946root 11241100x8000000000000000359477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96835bd96c06822f2021-12-21 10:29:26.946root 11241100x8000000000000000359478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6676fa8eea72a1742021-12-21 10:29:26.946root 11241100x8000000000000000359479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e0dd8536ba2aa162021-12-21 10:29:26.946root 11241100x8000000000000000359480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.888b22644a3edc7c2021-12-21 10:29:26.946root 11241100x8000000000000000359481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1363a4a7b3e1b0bc2021-12-21 10:29:26.946root 11241100x8000000000000000359482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed44e5f47b49a3992021-12-21 10:29:26.946root 11241100x8000000000000000359483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afc3114c9529cee12021-12-21 10:29:26.946root 11241100x8000000000000000359484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00749f8a3e23f8d2021-12-21 10:29:26.946root 11241100x8000000000000000359485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae42407cc35e2e92021-12-21 10:29:27.443root 11241100x8000000000000000359486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de60c10fbfeea092021-12-21 10:29:27.443root 11241100x8000000000000000359487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c239033e3343b02021-12-21 10:29:27.443root 11241100x8000000000000000359488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413f1387f412fbec2021-12-21 10:29:27.443root 11241100x8000000000000000359489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d1a42edd7ee5212021-12-21 10:29:27.444root 11241100x8000000000000000359490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa7a41a316760312021-12-21 10:29:27.444root 11241100x8000000000000000359491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1fa9acff4af30092021-12-21 10:29:27.444root 11241100x8000000000000000359492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4ae0eac03f333e62021-12-21 10:29:27.444root 11241100x8000000000000000359493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7763b4e096ddd4b32021-12-21 10:29:27.444root 11241100x8000000000000000359494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f359cd0524b2d66a2021-12-21 10:29:27.444root 11241100x8000000000000000359495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca658ee62ffadc92021-12-21 10:29:27.444root 11241100x8000000000000000359496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33f48e8e52aca23e2021-12-21 10:29:27.444root 11241100x8000000000000000359497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0120b111f0fc6bbe2021-12-21 10:29:27.444root 11241100x8000000000000000359498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb2bcc4f74171bed2021-12-21 10:29:27.444root 11241100x8000000000000000359499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b3787b64913a1e2021-12-21 10:29:27.444root 11241100x8000000000000000359500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.962b7c7fe2c24fb02021-12-21 10:29:27.444root 11241100x8000000000000000359501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2aba5900d0168d2021-12-21 10:29:27.445root 11241100x8000000000000000359502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae8822ec87aea5f92021-12-21 10:29:27.445root 11241100x8000000000000000359503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81aa6ba557db11cd2021-12-21 10:29:27.445root 11241100x8000000000000000359504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5c4fab086963312021-12-21 10:29:27.445root 11241100x8000000000000000359505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0caad6a1af4e75b72021-12-21 10:29:27.445root 11241100x8000000000000000359506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bde65e0d6434ce12021-12-21 10:29:27.445root 11241100x8000000000000000359507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3186f1ab7c9aa8152021-12-21 10:29:27.445root 11241100x8000000000000000359508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c741b8dfae8cd42021-12-21 10:29:27.445root 11241100x8000000000000000359509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79813fb2fe1743d92021-12-21 10:29:27.445root 11241100x8000000000000000359510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90aace85a166ef0f2021-12-21 10:29:27.445root 11241100x8000000000000000359511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c5b2c0fe6d94f12021-12-21 10:29:27.942root 11241100x8000000000000000359512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f83fba1744587982021-12-21 10:29:27.943root 11241100x8000000000000000359513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5b996d8f003a102021-12-21 10:29:27.943root 11241100x8000000000000000359514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1081e3fa7ff416832021-12-21 10:29:27.943root 11241100x8000000000000000359515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.033ad00277700e852021-12-21 10:29:27.943root 11241100x8000000000000000359516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24f1fb2d6ef3e2d2021-12-21 10:29:27.943root 11241100x8000000000000000359517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b87703cac0253c2021-12-21 10:29:27.943root 11241100x8000000000000000359518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c22965b485b845f2021-12-21 10:29:27.944root 11241100x8000000000000000359519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c6e11ebc48af98c2021-12-21 10:29:27.944root 11241100x8000000000000000359520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e66dec329a0d1c2f2021-12-21 10:29:27.944root 11241100x8000000000000000359521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c107aeacc4812caf2021-12-21 10:29:27.944root 11241100x8000000000000000359522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20558ea3f534c2bd2021-12-21 10:29:27.944root 11241100x8000000000000000359523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8499a85b1b3a0ba52021-12-21 10:29:27.944root 11241100x8000000000000000359524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3918383a41e341a2021-12-21 10:29:27.944root 11241100x8000000000000000359525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1090dd5bc1ac82212021-12-21 10:29:27.944root 11241100x8000000000000000359526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d1df396569c84d2021-12-21 10:29:27.944root 11241100x8000000000000000359527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512b9c813fe66ef32021-12-21 10:29:27.944root 11241100x8000000000000000359528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca818843a19d360a2021-12-21 10:29:27.945root 11241100x8000000000000000359529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.635f75da05b137872021-12-21 10:29:27.945root 11241100x8000000000000000359530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b81fc8fd75919e52021-12-21 10:29:27.945root 11241100x8000000000000000359531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ce28cf71762c572021-12-21 10:29:27.945root 11241100x8000000000000000359532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee078115dc342482021-12-21 10:29:27.945root 11241100x8000000000000000359533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0795eb039df08af2021-12-21 10:29:27.945root 11241100x8000000000000000359534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c092ffe3e78dd902021-12-21 10:29:27.945root 11241100x8000000000000000359535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fba6ebd3d9c2fb62021-12-21 10:29:27.945root 11241100x8000000000000000359536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2bcc3ac629e63c82021-12-21 10:29:27.945root 11241100x8000000000000000359537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6af4e7f47d66d522021-12-21 10:29:27.946root 11241100x8000000000000000359538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44fb0b1caa55e792021-12-21 10:29:27.946root 11241100x8000000000000000359539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df857b89adb755372021-12-21 10:29:27.946root 11241100x8000000000000000359540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e08382a482c3d5a2021-12-21 10:29:27.946root 11241100x8000000000000000359541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c220eebeebd46ec02021-12-21 10:29:27.946root 11241100x8000000000000000359542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22a5b40fe3caa662021-12-21 10:29:28.442root 11241100x8000000000000000359543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dba593001a57fec2021-12-21 10:29:28.443root 11241100x8000000000000000359544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af54baf3e2e79b982021-12-21 10:29:28.443root 11241100x8000000000000000359545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454b1e02203082e72021-12-21 10:29:28.443root 11241100x8000000000000000359546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb29246454126912021-12-21 10:29:28.443root 11241100x8000000000000000359547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7ad9a2c667612d2021-12-21 10:29:28.443root 11241100x8000000000000000359548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1554bd0cbc0e8b2a2021-12-21 10:29:28.443root 11241100x8000000000000000359549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e95a30c1c279a72021-12-21 10:29:28.443root 11241100x8000000000000000359550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a751eb6eda39d422021-12-21 10:29:28.444root 11241100x8000000000000000359551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50c7e63d173baa4f2021-12-21 10:29:28.444root 11241100x8000000000000000359552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a3f981272b4f782021-12-21 10:29:28.444root 11241100x8000000000000000359553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d04e3a370a3402a2021-12-21 10:29:28.444root 11241100x8000000000000000359554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82deb8477626f2292021-12-21 10:29:28.444root 11241100x8000000000000000359555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c4feb6bbc36e6b2021-12-21 10:29:28.444root 11241100x8000000000000000359556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac6df501292bd9d2021-12-21 10:29:28.444root 11241100x8000000000000000359557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d06a81c1ceed3c2021-12-21 10:29:28.444root 11241100x8000000000000000359558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114007ab9d1473002021-12-21 10:29:28.445root 11241100x8000000000000000359559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5254584a6975df602021-12-21 10:29:28.445root 11241100x8000000000000000359560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18153e9ec2851742021-12-21 10:29:28.445root 11241100x8000000000000000359561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3e0f5d50e0d6a32021-12-21 10:29:28.445root 11241100x8000000000000000359562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.926dea51d70237632021-12-21 10:29:28.445root 11241100x8000000000000000359563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96a15c7c41dcbbc2021-12-21 10:29:28.445root 11241100x8000000000000000359564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1bf3ca94ec0b6f92021-12-21 10:29:28.446root 11241100x8000000000000000359565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0af23d26fb8ff34a2021-12-21 10:29:28.446root 11241100x8000000000000000359566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa5c98b13ea0b722021-12-21 10:29:28.446root 11241100x8000000000000000359567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407a2f354cf142882021-12-21 10:29:28.446root 11241100x8000000000000000359568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.032d3ba7bf14a93a2021-12-21 10:29:28.448root 11241100x8000000000000000359569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2129065fe9c7de2a2021-12-21 10:29:28.448root 11241100x8000000000000000359570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e6b33a0190c30e2021-12-21 10:29:28.448root 11241100x8000000000000000359571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0089935331c89b302021-12-21 10:29:28.448root 11241100x8000000000000000359572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834f18d8443ea1112021-12-21 10:29:28.448root 11241100x8000000000000000359573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddd6362ea0eb3ef72021-12-21 10:29:28.448root 11241100x8000000000000000359574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa62747210f25b632021-12-21 10:29:28.448root 11241100x8000000000000000359575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc6cf7cc9b1861e72021-12-21 10:29:28.943root 11241100x8000000000000000359576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f93407f6e038f22021-12-21 10:29:28.944root 11241100x8000000000000000359577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51cb3d6daaadaf952021-12-21 10:29:28.944root 11241100x8000000000000000359578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf8510709b456c62021-12-21 10:29:28.944root 11241100x8000000000000000359579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a5c4ada0765ef02021-12-21 10:29:28.944root 11241100x8000000000000000359580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d37b94af416de252021-12-21 10:29:28.945root 11241100x8000000000000000359581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.330654488753fa862021-12-21 10:29:28.945root 11241100x8000000000000000359582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b190117e2a9ebd22021-12-21 10:29:28.945root 11241100x8000000000000000359583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f722f3612a1ea1ac2021-12-21 10:29:28.945root 11241100x8000000000000000359584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4582e31b471b554b2021-12-21 10:29:28.945root 11241100x8000000000000000359585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8768a1c83435c72b2021-12-21 10:29:28.945root 11241100x8000000000000000359586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28c62cc77feab6ec2021-12-21 10:29:28.946root 11241100x8000000000000000359587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a585dc620f288c2021-12-21 10:29:28.946root 11241100x8000000000000000359588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e22c4ed62b9d9292021-12-21 10:29:28.946root 11241100x8000000000000000359589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c86ef1d2e33db92021-12-21 10:29:28.946root 11241100x8000000000000000359590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e05f907fcd9ec82021-12-21 10:29:28.946root 11241100x8000000000000000359591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d802c5df9ef812d2021-12-21 10:29:28.946root 11241100x8000000000000000359592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1c9e695e2644cbf2021-12-21 10:29:28.946root 11241100x8000000000000000359593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774186944c0bb09b2021-12-21 10:29:28.946root 11241100x8000000000000000359594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6b9b30ca4f293f2021-12-21 10:29:28.946root 11241100x8000000000000000359595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a50242b368914062021-12-21 10:29:28.946root 11241100x8000000000000000359596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71cd701604bb16962021-12-21 10:29:28.946root 11241100x8000000000000000359597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3714ea9e76de19e32021-12-21 10:29:28.946root 11241100x8000000000000000359598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68634e2188ffe3832021-12-21 10:29:28.948root 11241100x8000000000000000359599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41dc8a7abaa60c692021-12-21 10:29:28.948root 11241100x8000000000000000359600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:28.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4577216875884a2021-12-21 10:29:28.948root 11241100x8000000000000000359601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.902dc2d165e12c012021-12-21 10:29:29.443root 11241100x8000000000000000359602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55e0d7cd4033578b2021-12-21 10:29:29.443root 11241100x8000000000000000359603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.551f4efe5ab999852021-12-21 10:29:29.443root 11241100x8000000000000000359604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f88706d007a3a69d2021-12-21 10:29:29.444root 11241100x8000000000000000359605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e97c70d6decc9c3b2021-12-21 10:29:29.444root 11241100x8000000000000000359606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293500183fe0a79d2021-12-21 10:29:29.444root 11241100x8000000000000000359607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcda15f309de4a7b2021-12-21 10:29:29.444root 11241100x8000000000000000359608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe8a243d61e71822021-12-21 10:29:29.444root 11241100x8000000000000000359609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2314187a2f0c122021-12-21 10:29:29.444root 11241100x8000000000000000359610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83500a587f18af8c2021-12-21 10:29:29.444root 11241100x8000000000000000359611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360f0f9760906e5e2021-12-21 10:29:29.445root 11241100x8000000000000000359612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef31a9887b9a92e82021-12-21 10:29:29.445root 11241100x8000000000000000359613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c005c62fca2c59d12021-12-21 10:29:29.445root 11241100x8000000000000000359614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b9996fbdc7609c2021-12-21 10:29:29.445root 11241100x8000000000000000359615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2ae93e07f6750f2021-12-21 10:29:29.445root 11241100x8000000000000000359616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04234327fa1ef6682021-12-21 10:29:29.445root 11241100x8000000000000000359617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f28f508480e8feb2021-12-21 10:29:29.445root 11241100x8000000000000000359618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7155bc4be35279c2021-12-21 10:29:29.445root 11241100x8000000000000000359619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797c4767fff758e72021-12-21 10:29:29.445root 11241100x8000000000000000359620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78c54dbd6e2529572021-12-21 10:29:29.445root 11241100x8000000000000000359621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4fab786a0f025f2021-12-21 10:29:29.445root 11241100x8000000000000000359622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6145692b9eb0962021-12-21 10:29:29.446root 11241100x8000000000000000359623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d622e62fa3050112021-12-21 10:29:29.446root 11241100x8000000000000000359624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ddb920ce85a67542021-12-21 10:29:29.446root 11241100x8000000000000000359625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e9873ca09430f62021-12-21 10:29:29.446root 11241100x8000000000000000359626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df6f802bb64f1702021-12-21 10:29:29.446root 11241100x8000000000000000359627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6070e5da0f95332021-12-21 10:29:29.943root 11241100x8000000000000000359628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18b3c0d96824b062021-12-21 10:29:29.943root 11241100x8000000000000000359629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ef1e527aa14b0c02021-12-21 10:29:29.943root 11241100x8000000000000000359630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7dfea855d69ed7f2021-12-21 10:29:29.943root 11241100x8000000000000000359631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df4dbfe6c042de42021-12-21 10:29:29.943root 11241100x8000000000000000359632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c8a578fb9ec67f2021-12-21 10:29:29.943root 11241100x8000000000000000359633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c9f5bfe49a8e372021-12-21 10:29:29.943root 11241100x8000000000000000359634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6580f24354ee61b2021-12-21 10:29:29.943root 11241100x8000000000000000359635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d2d0d50b69cea62021-12-21 10:29:29.944root 11241100x8000000000000000359636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a296f6f859eccbe82021-12-21 10:29:29.944root 11241100x8000000000000000359637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.307102108f710b682021-12-21 10:29:29.944root 11241100x8000000000000000359638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96c601f5be698e082021-12-21 10:29:29.944root 11241100x8000000000000000359639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2832810aa87eb4982021-12-21 10:29:29.944root 11241100x8000000000000000359640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b02bcb7078582002021-12-21 10:29:29.944root 11241100x8000000000000000359641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39b29c6334ca5082021-12-21 10:29:29.944root 11241100x8000000000000000359642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4366f56f99fd46302021-12-21 10:29:29.944root 11241100x8000000000000000359643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c60a8094be340292021-12-21 10:29:29.944root 11241100x8000000000000000359644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365254c7bfd6413b2021-12-21 10:29:29.944root 11241100x8000000000000000359645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1878f688334b91432021-12-21 10:29:29.945root 11241100x8000000000000000359646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83ee8c782a1d36472021-12-21 10:29:29.945root 11241100x8000000000000000359647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed7072cc0ab6a192021-12-21 10:29:29.945root 11241100x8000000000000000359648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.682bc0e0c15f9b4c2021-12-21 10:29:29.945root 11241100x8000000000000000359649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1da72a0f657714572021-12-21 10:29:29.945root 11241100x8000000000000000359650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7c23035fa7881d2021-12-21 10:29:29.945root 11241100x8000000000000000359651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d10520237834202021-12-21 10:29:29.945root 11241100x8000000000000000359652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff68af07360a1c812021-12-21 10:29:29.945root 11241100x8000000000000000359653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.997814ddd002625a2021-12-21 10:29:29.945root 11241100x8000000000000000359654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034b5db5933e94542021-12-21 10:29:29.946root 11241100x8000000000000000359655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10f357c84c81e09a2021-12-21 10:29:29.946root 11241100x8000000000000000359656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1551d60f870af0342021-12-21 10:29:29.946root 11241100x8000000000000000359657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:29.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d68eb8c76c6d9562021-12-21 10:29:29.946root 354300x8000000000000000359658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.178{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47174-false10.0.1.12-8000- 11241100x8000000000000000359659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e439d17b7625732021-12-21 10:29:30.442root 11241100x8000000000000000359660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54cc779ec135c9cb2021-12-21 10:29:30.443root 11241100x8000000000000000359661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20eea898446963162021-12-21 10:29:30.443root 11241100x8000000000000000359662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd64535aba6bdff2021-12-21 10:29:30.443root 11241100x8000000000000000359663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a364ebe0080b8b2021-12-21 10:29:30.443root 11241100x8000000000000000359664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28984fb2d3a439fd2021-12-21 10:29:30.444root 11241100x8000000000000000359665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.545e33597eb065292021-12-21 10:29:30.444root 11241100x8000000000000000359666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06d425c6143e7132021-12-21 10:29:30.444root 11241100x8000000000000000359667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bba0c0a225836b82021-12-21 10:29:30.444root 11241100x8000000000000000359668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d0caafea68f53f2021-12-21 10:29:30.444root 11241100x8000000000000000359669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e5dc16db4c497962021-12-21 10:29:30.444root 11241100x8000000000000000359670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4345e06e606328962021-12-21 10:29:30.444root 11241100x8000000000000000359671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbdd09638b91ade02021-12-21 10:29:30.444root 11241100x8000000000000000359672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607f6cf7dd5a76de2021-12-21 10:29:30.444root 11241100x8000000000000000359673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e2b4d07265ba702021-12-21 10:29:30.444root 11241100x8000000000000000359674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98b1373cb51c030d2021-12-21 10:29:30.444root 11241100x8000000000000000359675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffbc0ee3318be532021-12-21 10:29:30.444root 11241100x8000000000000000359676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16515198a33b63e2021-12-21 10:29:30.444root 11241100x8000000000000000359677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a730dab2d7c679a82021-12-21 10:29:30.444root 11241100x8000000000000000359678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c70861589c10d152021-12-21 10:29:30.444root 11241100x8000000000000000359679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd77f602842f9b4c2021-12-21 10:29:30.444root 11241100x8000000000000000359680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7dc99c233accab02021-12-21 10:29:30.445root 11241100x8000000000000000359681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383dd2507fe4e32e2021-12-21 10:29:30.445root 11241100x8000000000000000359682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23f63c630bebd1af2021-12-21 10:29:30.445root 11241100x8000000000000000359683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72d83b963bcd83d2021-12-21 10:29:30.445root 11241100x8000000000000000359684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3032160a982cf72021-12-21 10:29:30.445root 11241100x8000000000000000359685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59354b15fb17cff12021-12-21 10:29:30.445root 11241100x8000000000000000359686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8898504fe8001eb82021-12-21 10:29:30.445root 11241100x8000000000000000359687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d6f0a503d67f992021-12-21 10:29:30.445root 11241100x8000000000000000359688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a85c8e76b080f2aa2021-12-21 10:29:30.943root 11241100x8000000000000000359689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9354f477b637cc2021-12-21 10:29:30.943root 11241100x8000000000000000359690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47cac5fa23e8e4fe2021-12-21 10:29:30.943root 11241100x8000000000000000359691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a4ce3fcaad459712021-12-21 10:29:30.943root 11241100x8000000000000000359692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f24b97649df63fa2021-12-21 10:29:30.943root 11241100x8000000000000000359693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfc168873d679f22021-12-21 10:29:30.943root 11241100x8000000000000000359694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c2b213f68361a072021-12-21 10:29:30.944root 11241100x8000000000000000359695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da83a59ac0d2bd3f2021-12-21 10:29:30.944root 11241100x8000000000000000359696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3029cebe15cb2d82021-12-21 10:29:30.944root 11241100x8000000000000000359697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8be747ac6a21cdf2021-12-21 10:29:30.944root 11241100x8000000000000000359698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f158b910db8ec602021-12-21 10:29:30.944root 11241100x8000000000000000359699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2861ecdbd13fe9682021-12-21 10:29:30.944root 11241100x8000000000000000359700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c1633c7816d8e832021-12-21 10:29:30.944root 11241100x8000000000000000359701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9260c3be67d995bf2021-12-21 10:29:30.944root 11241100x8000000000000000359702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.734f55e14b2639232021-12-21 10:29:30.944root 11241100x8000000000000000359703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0939692c85f631c62021-12-21 10:29:30.944root 11241100x8000000000000000359704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4903aa2d19f1be2021-12-21 10:29:30.944root 11241100x8000000000000000359705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc496c97669ea61c2021-12-21 10:29:30.944root 11241100x8000000000000000359706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a685957c48c50e5c2021-12-21 10:29:30.944root 11241100x8000000000000000359707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ebfd03017530eec2021-12-21 10:29:30.945root 11241100x8000000000000000359708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06555ea098f8c7e2021-12-21 10:29:30.945root 11241100x8000000000000000359709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60cff8c255af68a32021-12-21 10:29:30.945root 11241100x8000000000000000359710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42cd0cc0c081e9812021-12-21 10:29:30.945root 11241100x8000000000000000359711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d3c312cc98e06eb2021-12-21 10:29:30.945root 11241100x8000000000000000359712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701f06bc2514c7a32021-12-21 10:29:30.945root 11241100x8000000000000000359713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.395237a3978783132021-12-21 10:29:30.945root 11241100x8000000000000000359714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4520a5bd1df860f42021-12-21 10:29:30.945root 11241100x8000000000000000359715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22be20f5889e40552021-12-21 10:29:31.443root 11241100x8000000000000000359716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e47877408f13a5382021-12-21 10:29:31.443root 11241100x8000000000000000359717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515ffb1614d6ecd72021-12-21 10:29:31.443root 11241100x8000000000000000359718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7dd47dd446b4242021-12-21 10:29:31.443root 11241100x8000000000000000359719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9a0511e600861952021-12-21 10:29:31.443root 11241100x8000000000000000359720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c6a5240acb1a0a2021-12-21 10:29:31.444root 11241100x8000000000000000359721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6f2eaa8d1caeff2021-12-21 10:29:31.444root 11241100x8000000000000000359722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d175a79c0000e1142021-12-21 10:29:31.444root 11241100x8000000000000000359723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d119510384d4f1c2021-12-21 10:29:31.444root 11241100x8000000000000000359724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ff686497cb2fa7b2021-12-21 10:29:31.444root 11241100x8000000000000000359725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9647faa510ae3472021-12-21 10:29:31.444root 11241100x8000000000000000359726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e454d029d78005fd2021-12-21 10:29:31.444root 11241100x8000000000000000359727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4f6e1e93d524a22021-12-21 10:29:31.444root 11241100x8000000000000000359728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77fb907fba9b06bd2021-12-21 10:29:31.444root 11241100x8000000000000000359729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f1265ba827d57a2021-12-21 10:29:31.444root 11241100x8000000000000000359730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfc5cec8cf698032021-12-21 10:29:31.445root 11241100x8000000000000000359731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ef9587c84730ce2021-12-21 10:29:31.445root 11241100x8000000000000000359732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac46cac717a9b3a72021-12-21 10:29:31.445root 11241100x8000000000000000359733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968e3b214e59a6b02021-12-21 10:29:31.445root 11241100x8000000000000000359734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86fa6711e2e245b2021-12-21 10:29:31.446root 11241100x8000000000000000359735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a1e691636995d22021-12-21 10:29:31.446root 11241100x8000000000000000359736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58831895f5482a82021-12-21 10:29:31.447root 11241100x8000000000000000359737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d072b7d297adea72021-12-21 10:29:31.447root 11241100x8000000000000000359738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530e95d6749be9182021-12-21 10:29:31.447root 11241100x8000000000000000359739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14024b0c59bb3e782021-12-21 10:29:31.448root 11241100x8000000000000000359740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6e49abc2677a842021-12-21 10:29:31.448root 11241100x8000000000000000359741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493e3e5dabcf8bc92021-12-21 10:29:31.448root 11241100x8000000000000000359742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3468cfca3b90f8922021-12-21 10:29:31.942root 11241100x8000000000000000359743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8711e4c7cb179672021-12-21 10:29:31.943root 11241100x8000000000000000359744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9ee70600c512f12021-12-21 10:29:31.943root 11241100x8000000000000000359745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c391887832e5e60f2021-12-21 10:29:31.943root 11241100x8000000000000000359746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d9f4d6886837c02021-12-21 10:29:31.944root 11241100x8000000000000000359747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c8c2e0bc4cf3612021-12-21 10:29:31.944root 11241100x8000000000000000359748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2010e3e6227ba2e2021-12-21 10:29:31.944root 11241100x8000000000000000359749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d37f2dbdc2b8ace2021-12-21 10:29:31.944root 11241100x8000000000000000359750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d634aaa6857618ba2021-12-21 10:29:31.944root 11241100x8000000000000000359751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7107841a86b72ea92021-12-21 10:29:31.945root 11241100x8000000000000000359752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0a2c822ca108f532021-12-21 10:29:31.945root 11241100x8000000000000000359753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58b13cbcf8217fae2021-12-21 10:29:31.945root 11241100x8000000000000000359754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1828a4494066e042021-12-21 10:29:31.945root 11241100x8000000000000000359755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da71e7f620b506252021-12-21 10:29:31.946root 11241100x8000000000000000359756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1845cf048842a5022021-12-21 10:29:31.946root 11241100x8000000000000000359757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35f941dc94ce3e6c2021-12-21 10:29:31.946root 11241100x8000000000000000359758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c80f3f223e325922021-12-21 10:29:31.946root 11241100x8000000000000000359759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0636e48fc8d364b2021-12-21 10:29:31.946root 11241100x8000000000000000359760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4e322f52b08efbb2021-12-21 10:29:31.947root 11241100x8000000000000000359761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec44cdd827d42e702021-12-21 10:29:31.947root 11241100x8000000000000000359762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.812231fd7f9d361f2021-12-21 10:29:31.947root 11241100x8000000000000000359763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df42f90a3a6812d2021-12-21 10:29:31.947root 11241100x8000000000000000359764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b3eab6fbc099b32021-12-21 10:29:31.947root 11241100x8000000000000000359765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.568d4a9b9994c9ca2021-12-21 10:29:31.947root 11241100x8000000000000000359766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.431a4d62cdb472f82021-12-21 10:29:31.948root 11241100x8000000000000000359767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2cb7b6dd5ba6deb2021-12-21 10:29:31.948root 11241100x8000000000000000359768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55fb1ce02ff728812021-12-21 10:29:31.948root 11241100x8000000000000000359769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853d5387ead6ea7b2021-12-21 10:29:31.948root 11241100x8000000000000000359770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de150989a27086b2021-12-21 10:29:31.948root 11241100x8000000000000000359771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049e41f6d0b1ad3c2021-12-21 10:29:31.948root 11241100x8000000000000000359772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5d69a589bb63052021-12-21 10:29:31.948root 11241100x8000000000000000359773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d30e8f7a2ba49a6a2021-12-21 10:29:32.443root 11241100x8000000000000000359774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7abaff9401809272021-12-21 10:29:32.443root 11241100x8000000000000000359775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c04b2f27da2a312021-12-21 10:29:32.443root 11241100x8000000000000000359776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e185504fc87ff82021-12-21 10:29:32.443root 11241100x8000000000000000359777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177d13f628278d8a2021-12-21 10:29:32.444root 11241100x8000000000000000359778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa497ee989b7fa3a2021-12-21 10:29:32.444root 11241100x8000000000000000359779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.580d0bef004253562021-12-21 10:29:32.444root 11241100x8000000000000000359780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e9eb5cbca731b22021-12-21 10:29:32.444root 11241100x8000000000000000359781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04203afc8cb276912021-12-21 10:29:32.444root 11241100x8000000000000000359782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22ece6d0b327f5992021-12-21 10:29:32.444root 11241100x8000000000000000359783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b57396530b38142021-12-21 10:29:32.444root 11241100x8000000000000000359784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bfe4058fdacf3732021-12-21 10:29:32.445root 11241100x8000000000000000359785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b708949d44dcdc2021-12-21 10:29:32.445root 11241100x8000000000000000359786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834d00326c95bb0e2021-12-21 10:29:32.445root 11241100x8000000000000000359787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e79a0ab44b6c25252021-12-21 10:29:32.445root 11241100x8000000000000000359788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420896f158a219ad2021-12-21 10:29:32.445root 11241100x8000000000000000359789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1616da223fd6512021-12-21 10:29:32.445root 11241100x8000000000000000359790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb4b6498d2c52ace2021-12-21 10:29:32.445root 11241100x8000000000000000359791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f80d697869e5a5f2021-12-21 10:29:32.445root 11241100x8000000000000000359792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fec4de8a5ddbc5b82021-12-21 10:29:32.445root 11241100x8000000000000000359793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e610d1b581b041c52021-12-21 10:29:32.446root 11241100x8000000000000000359794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b3076b1b49ec0132021-12-21 10:29:32.446root 11241100x8000000000000000359795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ba36cd5a44e09c2021-12-21 10:29:32.446root 11241100x8000000000000000359796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8537f4f0f4d7e9fe2021-12-21 10:29:32.446root 11241100x8000000000000000359797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f485b67e32f78b712021-12-21 10:29:32.446root 11241100x8000000000000000359798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32dc56c9d320ccc2021-12-21 10:29:32.446root 11241100x8000000000000000359799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dae0c16a83591a3d2021-12-21 10:29:32.446root 11241100x8000000000000000359800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81106cd529d40a2d2021-12-21 10:29:32.943root 11241100x8000000000000000359801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e5133106663f4732021-12-21 10:29:32.943root 11241100x8000000000000000359802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01895396e98240142021-12-21 10:29:32.943root 11241100x8000000000000000359803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc002a6fdec92db2021-12-21 10:29:32.944root 11241100x8000000000000000359804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4bf1c018e9905842021-12-21 10:29:32.944root 11241100x8000000000000000359805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.094602b7867590ae2021-12-21 10:29:32.944root 11241100x8000000000000000359806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b2eced2faff2212021-12-21 10:29:32.944root 11241100x8000000000000000359807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e210b0d119ee422021-12-21 10:29:32.944root 11241100x8000000000000000359808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55ca89e50c4eb0d32021-12-21 10:29:32.944root 11241100x8000000000000000359809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a5294f96f229bc2021-12-21 10:29:32.944root 11241100x8000000000000000359810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad7cff47590880b12021-12-21 10:29:32.944root 11241100x8000000000000000359811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c32e54c798b14fad2021-12-21 10:29:32.944root 11241100x8000000000000000359812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e9d12b35f288a82021-12-21 10:29:32.944root 11241100x8000000000000000359813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf5610e204c255a2021-12-21 10:29:32.945root 11241100x8000000000000000359814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe835849ce2e5702021-12-21 10:29:32.945root 11241100x8000000000000000359815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f645cddf9299f7db2021-12-21 10:29:32.945root 11241100x8000000000000000359816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0968c0ba5f9b97652021-12-21 10:29:32.945root 11241100x8000000000000000359817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8683154973f7d72021-12-21 10:29:32.945root 11241100x8000000000000000359818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864c9786126838272021-12-21 10:29:32.945root 11241100x8000000000000000359819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a57d62abb00143062021-12-21 10:29:32.945root 11241100x8000000000000000359820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735164e8530cf9b92021-12-21 10:29:32.946root 11241100x8000000000000000359821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc1cfc6f6dbb8242021-12-21 10:29:32.946root 11241100x8000000000000000359822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b31e5c676e73949b2021-12-21 10:29:32.946root 11241100x8000000000000000359823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.026b4343a45777742021-12-21 10:29:32.946root 11241100x8000000000000000359824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1599ce5bec115eaf2021-12-21 10:29:32.946root 11241100x8000000000000000359825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b74f4ca6761e357e2021-12-21 10:29:32.946root 11241100x8000000000000000359826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.897d34bd04b45cc92021-12-21 10:29:32.946root 11241100x8000000000000000359827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566ca7e58d79a2342021-12-21 10:29:33.443root 11241100x8000000000000000359828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d0eba63c8aad872021-12-21 10:29:33.443root 11241100x8000000000000000359829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f56683ae317ce8f2021-12-21 10:29:33.443root 11241100x8000000000000000359830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec169e041aa56ccd2021-12-21 10:29:33.443root 11241100x8000000000000000359831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8673c1af3ba6eeda2021-12-21 10:29:33.443root 11241100x8000000000000000359832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb42b3424a5d7632021-12-21 10:29:33.443root 11241100x8000000000000000359833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6515397f119a3ca52021-12-21 10:29:33.443root 11241100x8000000000000000359834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cdcafefd6c73bcd2021-12-21 10:29:33.443root 11241100x8000000000000000359835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3798a05ee7816a2021-12-21 10:29:33.444root 11241100x8000000000000000359836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8acd51030c2a5a052021-12-21 10:29:33.444root 11241100x8000000000000000359837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8755491f63bff27b2021-12-21 10:29:33.444root 11241100x8000000000000000359838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84bf494c4d8abdb2021-12-21 10:29:33.444root 11241100x8000000000000000359839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26acf250b2f769842021-12-21 10:29:33.444root 11241100x8000000000000000359840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6fd2b589b47e6882021-12-21 10:29:33.444root 11241100x8000000000000000359841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb12667c8911df12021-12-21 10:29:33.444root 11241100x8000000000000000359842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82638d881c9a472c2021-12-21 10:29:33.444root 11241100x8000000000000000359843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40bfa9b48dd1aa692021-12-21 10:29:33.444root 11241100x8000000000000000359844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7befbc05be1a86b02021-12-21 10:29:33.445root 11241100x8000000000000000359845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a64cd824b21453d2021-12-21 10:29:33.445root 11241100x8000000000000000359846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6a1c1383722327c2021-12-21 10:29:33.445root 11241100x8000000000000000359847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f850c8f2d68b01362021-12-21 10:29:33.445root 11241100x8000000000000000359848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0cfda61202fa30d2021-12-21 10:29:33.445root 11241100x8000000000000000359849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0b34c0542c76e52021-12-21 10:29:33.445root 11241100x8000000000000000359850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d7d86863a9560a32021-12-21 10:29:33.445root 11241100x8000000000000000359851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5d6e7f01ac25942021-12-21 10:29:33.445root 11241100x8000000000000000359852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26708c53251cb1fd2021-12-21 10:29:33.445root 11241100x8000000000000000359853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ada87796a7ab93d2021-12-21 10:29:33.445root 11241100x8000000000000000359854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42e4f9d028a637aa2021-12-21 10:29:33.445root 11241100x8000000000000000359855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f5cfa681be8a4162021-12-21 10:29:33.446root 11241100x8000000000000000359856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7754d06411a584062021-12-21 10:29:33.446root 11241100x8000000000000000359857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.215a5e1caa6928fe2021-12-21 10:29:33.446root 11241100x8000000000000000359858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82fa21fca9d12a472021-12-21 10:29:33.446root 11241100x8000000000000000359859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80fc5ca28524cc82021-12-21 10:29:33.943root 11241100x8000000000000000359860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7e258d5bbae41652021-12-21 10:29:33.943root 11241100x8000000000000000359861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7297604788c9f1b82021-12-21 10:29:33.943root 11241100x8000000000000000359862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21961aa5441d62912021-12-21 10:29:33.944root 11241100x8000000000000000359863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc504a8c86c972702021-12-21 10:29:33.944root 11241100x8000000000000000359864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f83797452fb0cae2021-12-21 10:29:33.944root 11241100x8000000000000000359865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a0937fc234c2a862021-12-21 10:29:33.944root 11241100x8000000000000000359866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e1919ec0e3c68c2021-12-21 10:29:33.944root 11241100x8000000000000000359867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f98c2aefad6eb22021-12-21 10:29:33.944root 11241100x8000000000000000359868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04667cd5d27d26372021-12-21 10:29:33.944root 11241100x8000000000000000359869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aa80855e9276e922021-12-21 10:29:33.945root 11241100x8000000000000000359870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41c5b859c919cf62021-12-21 10:29:33.945root 11241100x8000000000000000359871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a811af18a1ce7c2021-12-21 10:29:33.945root 11241100x8000000000000000359872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2253961c4b4bc8e12021-12-21 10:29:33.945root 11241100x8000000000000000359873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388dca6a7091da0f2021-12-21 10:29:33.945root 11241100x8000000000000000359874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a059682b6c0742182021-12-21 10:29:33.945root 11241100x8000000000000000359875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2d7e69218261a62021-12-21 10:29:33.945root 11241100x8000000000000000359876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9fc75318beca462021-12-21 10:29:33.946root 11241100x8000000000000000359877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5d7b3ea245fade2021-12-21 10:29:33.946root 11241100x8000000000000000359878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30b33b7ffd05aa852021-12-21 10:29:33.946root 11241100x8000000000000000359879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3644ab3fd75c692021-12-21 10:29:33.946root 11241100x8000000000000000359880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f1906256ff84cbc2021-12-21 10:29:33.946root 11241100x8000000000000000359881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fd1b03fed1d9f1e2021-12-21 10:29:33.946root 11241100x8000000000000000359882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbd478351d591932021-12-21 10:29:33.946root 11241100x8000000000000000359883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c724ff7b626018062021-12-21 10:29:33.946root 11241100x8000000000000000359884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6b1fb196047e202021-12-21 10:29:33.946root 11241100x8000000000000000359885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:33.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48fea50f606a2e622021-12-21 10:29:33.947root 11241100x8000000000000000359886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4f00812c918eadd2021-12-21 10:29:34.443root 11241100x8000000000000000359887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d3b50073a057d962021-12-21 10:29:34.443root 11241100x8000000000000000359888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3976a4757d1b0bce2021-12-21 10:29:34.443root 11241100x8000000000000000359889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe5f1070d42193c2021-12-21 10:29:34.444root 11241100x8000000000000000359890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9182467ade333242021-12-21 10:29:34.444root 11241100x8000000000000000359891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d033e73a1cbaf112021-12-21 10:29:34.444root 11241100x8000000000000000359892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a3b035c26e743f2021-12-21 10:29:34.445root 11241100x8000000000000000359893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe2885668cc547b2021-12-21 10:29:34.445root 11241100x8000000000000000359894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6832610a298fd392021-12-21 10:29:34.445root 11241100x8000000000000000359895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00c8876d672bcbb2021-12-21 10:29:34.445root 11241100x8000000000000000359896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c077b6a9fb2130e2021-12-21 10:29:34.445root 11241100x8000000000000000359897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455bf552ae304dbd2021-12-21 10:29:34.446root 11241100x8000000000000000359898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dffe9ee4d8235c422021-12-21 10:29:34.446root 11241100x8000000000000000359899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.690b6ec2f84452552021-12-21 10:29:34.446root 11241100x8000000000000000359900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f11c7d6a03463492021-12-21 10:29:34.447root 11241100x8000000000000000359901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b726d78ca020d8ff2021-12-21 10:29:34.447root 11241100x8000000000000000359902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d223237e27480a162021-12-21 10:29:34.447root 11241100x8000000000000000359903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6d3f169a65b89412021-12-21 10:29:34.447root 11241100x8000000000000000359904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.397c7426c0317b592021-12-21 10:29:34.447root 11241100x8000000000000000359905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e037835edcfa3572021-12-21 10:29:34.447root 11241100x8000000000000000359906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa8e653337c988c2021-12-21 10:29:34.447root 11241100x8000000000000000359907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02e4e6d0aaa224c2021-12-21 10:29:34.448root 11241100x8000000000000000359908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.935a27302cb103bd2021-12-21 10:29:34.448root 11241100x8000000000000000359909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbd7c8d18c24e0b2021-12-21 10:29:34.448root 11241100x8000000000000000359910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85803c58282cbfa42021-12-21 10:29:34.448root 11241100x8000000000000000359911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ef382b1e9b4f772021-12-21 10:29:34.448root 11241100x8000000000000000359912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc0950b7423044b32021-12-21 10:29:34.449root 11241100x8000000000000000359913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c88282d9f752ea922021-12-21 10:29:34.449root 11241100x8000000000000000359914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0ef44ba612650762021-12-21 10:29:34.449root 11241100x8000000000000000359915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f73514879dcb1a2021-12-21 10:29:34.943root 11241100x8000000000000000359916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf805f193801dbc2021-12-21 10:29:34.943root 11241100x8000000000000000359917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33d8e4cf38ea34262021-12-21 10:29:34.944root 11241100x8000000000000000359918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1536c045c4a94f372021-12-21 10:29:34.944root 11241100x8000000000000000359919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3e5b684d030b3772021-12-21 10:29:34.944root 11241100x8000000000000000359920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d469e90b58cdfa42021-12-21 10:29:34.944root 11241100x8000000000000000359921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d44968592e8b62092021-12-21 10:29:34.945root 11241100x8000000000000000359922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfc1cfce5ff6aaf52021-12-21 10:29:34.945root 11241100x8000000000000000359923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783251446c5845b82021-12-21 10:29:34.945root 11241100x8000000000000000359924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6e81c759c99b302021-12-21 10:29:34.945root 11241100x8000000000000000359925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13bd28586d10a4002021-12-21 10:29:34.945root 11241100x8000000000000000359926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c6b98551b8016e2021-12-21 10:29:34.946root 11241100x8000000000000000359927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba5e3e77f2a40d32021-12-21 10:29:34.946root 11241100x8000000000000000359928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae99848ed26fc2a82021-12-21 10:29:34.946root 11241100x8000000000000000359929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fae7070065bda02021-12-21 10:29:34.946root 11241100x8000000000000000359930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d619700bb47b43492021-12-21 10:29:34.946root 11241100x8000000000000000359931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080e4bea425091732021-12-21 10:29:34.947root 11241100x8000000000000000359932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9612551fe6b4c912021-12-21 10:29:34.947root 11241100x8000000000000000359933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85fd529e7e28216e2021-12-21 10:29:34.947root 11241100x8000000000000000359934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3239dd9de79e51b82021-12-21 10:29:34.947root 11241100x8000000000000000359935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7908e039c1dda2a02021-12-21 10:29:34.948root 11241100x8000000000000000359936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457c01148dc8d1ff2021-12-21 10:29:34.948root 11241100x8000000000000000359937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df5e9cd50b3dcdca2021-12-21 10:29:34.948root 11241100x8000000000000000359938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1655460a58504e92021-12-21 10:29:34.948root 11241100x8000000000000000359939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff045cb04659de02021-12-21 10:29:34.949root 11241100x8000000000000000359940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4412b5aa03c415172021-12-21 10:29:34.949root 11241100x8000000000000000359941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:34.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4559d6f02af3fe22021-12-21 10:29:34.949root 354300x8000000000000000359942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.251{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47176-false10.0.1.12-8000- 11241100x8000000000000000359943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2857f08dfdcf51fe2021-12-21 10:29:35.253root 11241100x8000000000000000359944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e47a28d4e706412021-12-21 10:29:35.253root 11241100x8000000000000000359945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b61693292a09f0d02021-12-21 10:29:35.253root 11241100x8000000000000000359946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df400feb291cd4fc2021-12-21 10:29:35.253root 11241100x8000000000000000359947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1526e75838c1fd3d2021-12-21 10:29:35.253root 11241100x8000000000000000359948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2deaf91e9977a922021-12-21 10:29:35.253root 11241100x8000000000000000359949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db8f0eef4d5e0f02021-12-21 10:29:35.253root 11241100x8000000000000000359950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0289a441b84420c2021-12-21 10:29:35.253root 11241100x8000000000000000359951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305d253fbabc252d2021-12-21 10:29:35.253root 11241100x8000000000000000359952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72550823390ce0a22021-12-21 10:29:35.254root 11241100x8000000000000000359953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef6f281d35b59d502021-12-21 10:29:35.254root 11241100x8000000000000000359954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362b4f62c99d82602021-12-21 10:29:35.254root 11241100x8000000000000000359955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcfe7a7da171abc62021-12-21 10:29:35.254root 11241100x8000000000000000359956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d345299e44dd282021-12-21 10:29:35.254root 11241100x8000000000000000359957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2887e773c5d15152021-12-21 10:29:35.254root 11241100x8000000000000000359958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73078996c17208b02021-12-21 10:29:35.254root 11241100x8000000000000000359959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.254{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627eb306795c2d782021-12-21 10:29:35.254root 11241100x8000000000000000359960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ffd6ce532d3abcf2021-12-21 10:29:35.255root 11241100x8000000000000000359961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cae2a3dbfd4a4972021-12-21 10:29:35.255root 11241100x8000000000000000359962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76432625915da5c12021-12-21 10:29:35.255root 11241100x8000000000000000359963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed6f85b02f15f432021-12-21 10:29:35.255root 11241100x8000000000000000359964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9830bc5f3f1404b62021-12-21 10:29:35.255root 11241100x8000000000000000359965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32cf4588c6af4b6d2021-12-21 10:29:35.255root 11241100x8000000000000000359966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f09c7669ff280f72021-12-21 10:29:35.255root 11241100x8000000000000000359967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff997b8896b826b2021-12-21 10:29:35.255root 11241100x8000000000000000359968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8342325ed838e372021-12-21 10:29:35.255root 11241100x8000000000000000359969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d69210125fb20b72021-12-21 10:29:35.256root 11241100x8000000000000000359970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3c7a3ed5a19a18b2021-12-21 10:29:35.257root 11241100x8000000000000000359971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96cb974db921c93b2021-12-21 10:29:35.694root 11241100x8000000000000000359972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7b4566f4ce4c302021-12-21 10:29:35.694root 11241100x8000000000000000359973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8eab700012d82c232021-12-21 10:29:35.694root 11241100x8000000000000000359974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a06aee703f17522021-12-21 10:29:35.694root 11241100x8000000000000000359975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf4b149ceb5f9a32021-12-21 10:29:35.694root 11241100x8000000000000000359976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31fcfa3478aba6172021-12-21 10:29:35.694root 11241100x8000000000000000359977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9dcbc34827ba0ce2021-12-21 10:29:35.694root 11241100x8000000000000000359978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379c68bc61de4df72021-12-21 10:29:35.694root 11241100x8000000000000000359979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a2bf6fa1658a242021-12-21 10:29:35.695root 11241100x8000000000000000359980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d34da4fb2e1270022021-12-21 10:29:35.695root 11241100x8000000000000000359981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04da0b9289bc2902021-12-21 10:29:35.695root 11241100x8000000000000000359982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67247f51239c77092021-12-21 10:29:35.695root 11241100x8000000000000000359983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d70f00817587352021-12-21 10:29:35.695root 11241100x8000000000000000359984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7d6b354c715d9f2021-12-21 10:29:35.695root 11241100x8000000000000000359985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77d2326f13db5d3f2021-12-21 10:29:35.695root 11241100x8000000000000000359986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f40ecf06936051b2021-12-21 10:29:35.695root 11241100x8000000000000000359987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9121862a17179d9a2021-12-21 10:29:35.695root 11241100x8000000000000000359988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe2d29ee3110cdb52021-12-21 10:29:35.696root 11241100x8000000000000000359989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eab11c3a12376d6f2021-12-21 10:29:35.696root 11241100x8000000000000000359990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed1d1f7eee4429612021-12-21 10:29:35.696root 11241100x8000000000000000359991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b86817664200952021-12-21 10:29:35.696root 11241100x8000000000000000359992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c226f59aca015dcb2021-12-21 10:29:35.696root 11241100x8000000000000000359993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e35a476b59f875d2021-12-21 10:29:35.696root 11241100x8000000000000000359994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.761a90ad710c83aa2021-12-21 10:29:35.696root 11241100x8000000000000000359995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6237e7e266647a692021-12-21 10:29:35.696root 11241100x8000000000000000359996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a412c28f25b7ab2021-12-21 10:29:35.696root 11241100x8000000000000000359997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4fcb6d228e758e2021-12-21 10:29:35.696root 11241100x8000000000000000359998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4a71b728cd87592021-12-21 10:29:35.697root 11241100x8000000000000000359999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe90b3d1d72c044e2021-12-21 10:29:36.194root 11241100x8000000000000000360000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a889a5e6937d06372021-12-21 10:29:36.194root 11241100x8000000000000000360001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97cecfb2fbebf9142021-12-21 10:29:36.194root 11241100x8000000000000000360002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c44d01857305d1d72021-12-21 10:29:36.194root 11241100x8000000000000000360003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bea158ebfd0e6ec2021-12-21 10:29:36.194root 11241100x8000000000000000360004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfa90f6eeb900682021-12-21 10:29:36.194root 11241100x8000000000000000360005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c14e9ac63de19882021-12-21 10:29:36.194root 11241100x8000000000000000360006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c222f90283f0ae1c2021-12-21 10:29:36.194root 11241100x8000000000000000360007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcfca1ec784bac462021-12-21 10:29:36.195root 11241100x8000000000000000360008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2457efc54a96911b2021-12-21 10:29:36.195root 11241100x8000000000000000360009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae8d4a34cc3b36c2021-12-21 10:29:36.195root 11241100x8000000000000000360010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2a1be5d083f7722021-12-21 10:29:36.195root 11241100x8000000000000000360011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67ffedc3635f35e2021-12-21 10:29:36.195root 11241100x8000000000000000360012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88e67775e9b4316d2021-12-21 10:29:36.195root 11241100x8000000000000000360013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05ab8cffaa06f3f12021-12-21 10:29:36.195root 11241100x8000000000000000360014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e26964df638d0192021-12-21 10:29:36.195root 11241100x8000000000000000360015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b60a98c930c6b42021-12-21 10:29:36.195root 11241100x8000000000000000360016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b89336ce414f9262021-12-21 10:29:36.196root 11241100x8000000000000000360017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785625ae043421bf2021-12-21 10:29:36.196root 11241100x8000000000000000360018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3ecfdc8c4cc74c02021-12-21 10:29:36.196root 11241100x8000000000000000360019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7ae93775dc84702021-12-21 10:29:36.196root 11241100x8000000000000000360020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e856a0ae2e0ca7862021-12-21 10:29:36.196root 11241100x8000000000000000360021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.305fdddcf849869b2021-12-21 10:29:36.196root 11241100x8000000000000000360022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da39f3da0ae77f412021-12-21 10:29:36.196root 11241100x8000000000000000360023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c96417ffb2f129712021-12-21 10:29:36.196root 11241100x8000000000000000360024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bafaad024e615c72021-12-21 10:29:36.196root 11241100x8000000000000000360025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b3b8b9f4888f47f2021-12-21 10:29:36.196root 11241100x8000000000000000360026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667c16fcc2def4a72021-12-21 10:29:36.197root 11241100x8000000000000000360027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.347{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:29:36.347root 11241100x8000000000000000360028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45fc9a6be7185adc2021-12-21 10:29:36.692root 11241100x8000000000000000360029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae7acbff918b6a82021-12-21 10:29:36.693root 11241100x8000000000000000360030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632d5b35a919a8842021-12-21 10:29:36.693root 11241100x8000000000000000360031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a61d283a7db215a2021-12-21 10:29:36.693root 11241100x8000000000000000360032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.416153dff467c3412021-12-21 10:29:36.693root 11241100x8000000000000000360033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa31182c234833f2021-12-21 10:29:36.693root 11241100x8000000000000000360034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbf62b008ca66dea2021-12-21 10:29:36.693root 11241100x8000000000000000360035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a789ab30892255c2021-12-21 10:29:36.693root 11241100x8000000000000000360036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c696df97d6861ba22021-12-21 10:29:36.693root 11241100x8000000000000000360037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ce51b36806de74b2021-12-21 10:29:36.693root 11241100x8000000000000000360038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d52e7c1b88e9482021-12-21 10:29:36.693root 11241100x8000000000000000360039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbecb42b27f8d7712021-12-21 10:29:36.694root 11241100x8000000000000000360040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035dbd822fe8c5172021-12-21 10:29:36.694root 11241100x8000000000000000360041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84fff7e7c67def652021-12-21 10:29:36.694root 11241100x8000000000000000360042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a249502a9f8d3112021-12-21 10:29:36.694root 11241100x8000000000000000360043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3076dfafbc17619d2021-12-21 10:29:36.694root 11241100x8000000000000000360044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.487d32ee92c3e2c12021-12-21 10:29:36.694root 11241100x8000000000000000360045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4b0002cb786e052021-12-21 10:29:36.695root 11241100x8000000000000000360046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18df48ecdb3539212021-12-21 10:29:36.695root 11241100x8000000000000000360047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a24f6b73ca6b3b2021-12-21 10:29:36.695root 11241100x8000000000000000360048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c8cd3d10c354afc2021-12-21 10:29:36.695root 11241100x8000000000000000360049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4882f02262cd0e012021-12-21 10:29:36.695root 11241100x8000000000000000360050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86c98dd0b443e1b2021-12-21 10:29:36.695root 11241100x8000000000000000360051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a83838bb3680e1a2021-12-21 10:29:36.696root 11241100x8000000000000000360052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.280c62804d0990a32021-12-21 10:29:36.696root 11241100x8000000000000000360053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e11ea208f2d11622021-12-21 10:29:36.696root 11241100x8000000000000000360054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.417169f00cf9d9042021-12-21 10:29:36.696root 11241100x8000000000000000360055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c0121b6ab3b28462021-12-21 10:29:36.696root 11241100x8000000000000000360056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0d897bd31378d02021-12-21 10:29:36.696root 11241100x8000000000000000360057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e330e69fae3d36722021-12-21 10:29:36.696root 11241100x8000000000000000360058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85220c77b92a70a92021-12-21 10:29:36.697root 11241100x8000000000000000360059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655038b81acaea822021-12-21 10:29:36.697root 11241100x8000000000000000360060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06a68d59d00fd2562021-12-21 10:29:36.697root 11241100x8000000000000000360061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe5485a1d3aa6e82021-12-21 10:29:36.697root 11241100x8000000000000000360062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae31c562554b0cdd2021-12-21 10:29:36.697root 11241100x8000000000000000360063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b490ed982c0edf2021-12-21 10:29:36.697root 11241100x8000000000000000360064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7abf21a07cd792452021-12-21 10:29:36.698root 11241100x8000000000000000360065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd4a933ad2aae1c2021-12-21 10:29:36.698root 11241100x8000000000000000360066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a85f8755f1267f22021-12-21 10:29:36.698root 11241100x8000000000000000360067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09fa7ae93ec5a32e2021-12-21 10:29:36.698root 11241100x8000000000000000360068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20dd4b9876013d7e2021-12-21 10:29:37.192root 11241100x8000000000000000360069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c96090fca1dd48a2021-12-21 10:29:37.193root 11241100x8000000000000000360070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b77ab7d48df6e522021-12-21 10:29:37.193root 11241100x8000000000000000360071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8504d69b5043632021-12-21 10:29:37.193root 11241100x8000000000000000360072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a90f1d85a6fc022021-12-21 10:29:37.193root 11241100x8000000000000000360073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8874e332e6078f7b2021-12-21 10:29:37.193root 11241100x8000000000000000360074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b8abe8b938aac492021-12-21 10:29:37.193root 11241100x8000000000000000360075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbcc688157f2f0632021-12-21 10:29:37.193root 11241100x8000000000000000360076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd68498f5c476ad2021-12-21 10:29:37.193root 11241100x8000000000000000360077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c65392c47650452021-12-21 10:29:37.193root 11241100x8000000000000000360078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.161ae5e4e4ff76292021-12-21 10:29:37.193root 11241100x8000000000000000360079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404c1a8735a3909d2021-12-21 10:29:37.194root 11241100x8000000000000000360080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b27049601ef2d52021-12-21 10:29:37.194root 11241100x8000000000000000360081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faea75c4537915bf2021-12-21 10:29:37.194root 11241100x8000000000000000360082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c52c91330b92ae2021-12-21 10:29:37.194root 11241100x8000000000000000360083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22a11491404ec652021-12-21 10:29:37.194root 11241100x8000000000000000360084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1831ef965f745b2021-12-21 10:29:37.194root 11241100x8000000000000000360085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ccd4b442525f77a2021-12-21 10:29:37.194root 11241100x8000000000000000360086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71dec1adb75323252021-12-21 10:29:37.194root 11241100x8000000000000000360087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.258df08283dad5c52021-12-21 10:29:37.194root 11241100x8000000000000000360088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a112489f85ee14672021-12-21 10:29:37.194root 11241100x8000000000000000360089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eb9751e06f525e92021-12-21 10:29:37.194root 11241100x8000000000000000360090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d56afd43e796b362021-12-21 10:29:37.195root 11241100x8000000000000000360091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb417a9dc5cb595e2021-12-21 10:29:37.195root 11241100x8000000000000000360092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70a4db588deb9df92021-12-21 10:29:37.195root 11241100x8000000000000000360093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f617ad3f757da0342021-12-21 10:29:37.195root 11241100x8000000000000000360094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165e18e5c2a169092021-12-21 10:29:37.195root 11241100x8000000000000000360095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25183d5cb0b1b9ed2021-12-21 10:29:37.195root 11241100x8000000000000000360096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4022e744ac4685f02021-12-21 10:29:37.195root 11241100x8000000000000000360097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baf95847095dae732021-12-21 10:29:37.196root 11241100x8000000000000000360098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c3df8ed3b726d4a2021-12-21 10:29:37.196root 11241100x8000000000000000360099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cee4ca8c3f148b92021-12-21 10:29:37.196root 11241100x8000000000000000360100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e8623b07da44e42021-12-21 10:29:37.196root 11241100x8000000000000000360101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5630b886804e2782021-12-21 10:29:37.196root 11241100x8000000000000000360102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a696d1a2a195bc1b2021-12-21 10:29:37.196root 11241100x8000000000000000360103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5af5ac2509f81a02021-12-21 10:29:37.196root 11241100x8000000000000000360104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6459ed2729b458e2021-12-21 10:29:37.196root 11241100x8000000000000000360105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6943060a0711f52021-12-21 10:29:37.196root 11241100x8000000000000000360106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff61878f5bf83a92021-12-21 10:29:37.196root 11241100x8000000000000000360107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0c04c05cf3821c2021-12-21 10:29:37.197root 11241100x8000000000000000360108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6196948ee29ae5ad2021-12-21 10:29:37.197root 11241100x8000000000000000360109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540276a083de7f242021-12-21 10:29:37.197root 11241100x8000000000000000360110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3abc016a378e722021-12-21 10:29:37.197root 11241100x8000000000000000360111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233040c09c22a7e22021-12-21 10:29:37.197root 11241100x8000000000000000360112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eadeb9aacb3a31f02021-12-21 10:29:37.197root 11241100x8000000000000000360113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155c69c522aa8ca52021-12-21 10:29:37.197root 11241100x8000000000000000360114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5c871dd26f8538c2021-12-21 10:29:37.197root 11241100x8000000000000000360115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44e04421e228fdc2021-12-21 10:29:37.197root 11241100x8000000000000000360116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.623e1b06b5a9b4e92021-12-21 10:29:37.198root 11241100x8000000000000000360117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24a99df5e4b49742021-12-21 10:29:37.198root 11241100x8000000000000000360118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cffdc1d114af68622021-12-21 10:29:37.198root 11241100x8000000000000000360119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99160722c0f48f432021-12-21 10:29:37.198root 11241100x8000000000000000360120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fcf292572a200342021-12-21 10:29:37.198root 11241100x8000000000000000360121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80cadd4cd93e2b9e2021-12-21 10:29:37.693root 11241100x8000000000000000360122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de6ed29bd5a7a2b2021-12-21 10:29:37.693root 11241100x8000000000000000360123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0363b3806667b6522021-12-21 10:29:37.693root 11241100x8000000000000000360124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dad216d823fe96d2021-12-21 10:29:37.693root 11241100x8000000000000000360125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79647bcd20ffe7882021-12-21 10:29:37.693root 11241100x8000000000000000360126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cebed21f4ba4572c2021-12-21 10:29:37.694root 11241100x8000000000000000360127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c25487f77f26ad2021-12-21 10:29:37.694root 11241100x8000000000000000360128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e58fa288b751c92021-12-21 10:29:37.694root 11241100x8000000000000000360129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7878b6a8494934bc2021-12-21 10:29:37.694root 11241100x8000000000000000360130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0cbf5798e0e645d2021-12-21 10:29:37.694root 11241100x8000000000000000360131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8873d2ae8e0891ae2021-12-21 10:29:37.694root 11241100x8000000000000000360132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27d44fd4af4c2bb22021-12-21 10:29:37.694root 11241100x8000000000000000360133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b200dd03203630a2021-12-21 10:29:37.695root 11241100x8000000000000000360134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d41eb0f74ad5992021-12-21 10:29:37.695root 11241100x8000000000000000360135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa41845db078ca72021-12-21 10:29:37.695root 11241100x8000000000000000360136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5921831bbd3627732021-12-21 10:29:37.695root 11241100x8000000000000000360137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80bf83f809802d0c2021-12-21 10:29:37.695root 11241100x8000000000000000360138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e68f839694f97882021-12-21 10:29:37.696root 11241100x8000000000000000360139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad997c3f7f1246e82021-12-21 10:29:37.696root 11241100x8000000000000000360140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3430ce2ef3a6e9302021-12-21 10:29:37.696root 11241100x8000000000000000360141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624ea854f9980f0a2021-12-21 10:29:37.696root 11241100x8000000000000000360142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9521e9e0b9ee112021-12-21 10:29:37.696root 11241100x8000000000000000360143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22edacfe37afbd7e2021-12-21 10:29:37.696root 11241100x8000000000000000360144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0823c36d5f037902021-12-21 10:29:37.696root 11241100x8000000000000000360145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4c681a41e5466b2021-12-21 10:29:37.697root 11241100x8000000000000000360146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6ed601dfcb126a22021-12-21 10:29:37.697root 11241100x8000000000000000360147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27cafdfe48526f312021-12-21 10:29:37.697root 11241100x8000000000000000360148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7bfb38b9f54b18e2021-12-21 10:29:37.697root 11241100x8000000000000000360149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a5627fe69e251112021-12-21 10:29:37.697root 11241100x8000000000000000360150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad39d098b60f97cf2021-12-21 10:29:37.697root 11241100x8000000000000000360151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d0d612ba8d597f42021-12-21 10:29:37.698root 11241100x8000000000000000360152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4743bb9f42a70a632021-12-21 10:29:37.698root 11241100x8000000000000000360153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09c197ea9a3e75522021-12-21 10:29:37.698root 11241100x8000000000000000360154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d817d81af6379462021-12-21 10:29:37.698root 11241100x8000000000000000360155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e642a72e6fff360f2021-12-21 10:29:37.698root 11241100x8000000000000000360156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.069c8bdf1128d5652021-12-21 10:29:37.698root 11241100x8000000000000000360157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5618f6fa240dba972021-12-21 10:29:37.698root 11241100x8000000000000000360158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0878b1bb8610ec6c2021-12-21 10:29:37.699root 11241100x8000000000000000360159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ae9cc9afe4c47c2021-12-21 10:29:37.699root 11241100x8000000000000000360160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e0556aea6b97752021-12-21 10:29:37.699root 11241100x8000000000000000360161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28748195e11fa1902021-12-21 10:29:37.699root 11241100x8000000000000000360162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:37.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97f3a0b36a6c7c212021-12-21 10:29:37.699root 11241100x8000000000000000360163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070327dcd127bf302021-12-21 10:29:38.193root 11241100x8000000000000000360164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e2f0297e8e76e82021-12-21 10:29:38.193root 11241100x8000000000000000360165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271f79d6c1b5d1e52021-12-21 10:29:38.193root 11241100x8000000000000000360166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5bf34552e00a2a2021-12-21 10:29:38.193root 11241100x8000000000000000360167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5dc7986d6e4ae1d2021-12-21 10:29:38.194root 11241100x8000000000000000360168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb4d905ca27baeba2021-12-21 10:29:38.194root 11241100x8000000000000000360169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c8edc341c755d12021-12-21 10:29:38.194root 11241100x8000000000000000360170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f91d31a7fbce5802021-12-21 10:29:38.194root 11241100x8000000000000000360171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ef7b6a818e6d8662021-12-21 10:29:38.194root 11241100x8000000000000000360172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58e1960e9e66ce522021-12-21 10:29:38.194root 11241100x8000000000000000360173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b89748fc5f03c412021-12-21 10:29:38.195root 11241100x8000000000000000360174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1289f3513ba353d22021-12-21 10:29:38.195root 11241100x8000000000000000360175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04ec28f207370a42021-12-21 10:29:38.195root 11241100x8000000000000000360176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dbffdb1849ab2972021-12-21 10:29:38.195root 11241100x8000000000000000360177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45fea8801391e4ee2021-12-21 10:29:38.195root 11241100x8000000000000000360178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f89dac5f99f89052021-12-21 10:29:38.195root 11241100x8000000000000000360179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a556ea8c31b7d802021-12-21 10:29:38.195root 11241100x8000000000000000360180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f258084ba10f0392021-12-21 10:29:38.196root 11241100x8000000000000000360181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f4643165f054e782021-12-21 10:29:38.196root 11241100x8000000000000000360182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ba1d1e9c3562f62021-12-21 10:29:38.196root 11241100x8000000000000000360183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f4b29aced9038772021-12-21 10:29:38.196root 11241100x8000000000000000360184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc0a302d9f99cdb2021-12-21 10:29:38.196root 11241100x8000000000000000360185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.deaa57039a66314a2021-12-21 10:29:38.196root 11241100x8000000000000000360186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde7f75ff1d5e01f2021-12-21 10:29:38.197root 11241100x8000000000000000360187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0ded5311ada9f72021-12-21 10:29:38.197root 11241100x8000000000000000360188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.034eecceae5652902021-12-21 10:29:38.197root 11241100x8000000000000000360189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9cf6fd43d9661a2021-12-21 10:29:38.197root 11241100x8000000000000000360190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f940d05c23a9282021-12-21 10:29:38.197root 11241100x8000000000000000360191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc780d485789fcaa2021-12-21 10:29:38.197root 11241100x8000000000000000360192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a147f35260bda62021-12-21 10:29:38.197root 11241100x8000000000000000360193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7a6a99563e007052021-12-21 10:29:38.197root 11241100x8000000000000000360194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f32afdd84f4f80192021-12-21 10:29:38.197root 11241100x8000000000000000360195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f909ddf77854974d2021-12-21 10:29:38.197root 11241100x8000000000000000360196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725e0ecc460e83c62021-12-21 10:29:38.198root 11241100x8000000000000000360197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a516f2591a5008ae2021-12-21 10:29:38.198root 11241100x8000000000000000360198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2224fda62f904f32021-12-21 10:29:38.693root 11241100x8000000000000000360199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d90a303f9361482021-12-21 10:29:38.693root 11241100x8000000000000000360200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.766e11425529ad082021-12-21 10:29:38.694root 11241100x8000000000000000360201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95daadf5e02107722021-12-21 10:29:38.694root 11241100x8000000000000000360202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e1bd3eccff87352021-12-21 10:29:38.694root 11241100x8000000000000000360203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67b4d7026abafbaf2021-12-21 10:29:38.695root 11241100x8000000000000000360204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd1fabdd5e3059b2021-12-21 10:29:38.695root 11241100x8000000000000000360205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7497537ba7d3a3f12021-12-21 10:29:38.695root 11241100x8000000000000000360206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d18ba318686d93d2021-12-21 10:29:38.695root 11241100x8000000000000000360207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd086867ce024b6d2021-12-21 10:29:38.696root 11241100x8000000000000000360208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3477050d710441a82021-12-21 10:29:38.696root 11241100x8000000000000000360209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80816f47769bb3402021-12-21 10:29:38.697root 11241100x8000000000000000360210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77ebd64edf2433f2021-12-21 10:29:38.697root 11241100x8000000000000000360211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b5dca433cf112e2021-12-21 10:29:38.697root 11241100x8000000000000000360212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f3c7b10eb0422b2021-12-21 10:29:38.698root 11241100x8000000000000000360213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4190470190e37ca2021-12-21 10:29:38.698root 11241100x8000000000000000360214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adb9c66103fcaa4f2021-12-21 10:29:38.698root 11241100x8000000000000000360215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f754b9d9d5f8e2552021-12-21 10:29:38.698root 11241100x8000000000000000360216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cfc3bd16efa77c62021-12-21 10:29:38.699root 11241100x8000000000000000360217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9e9ec210b53a0c2021-12-21 10:29:38.699root 11241100x8000000000000000360218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69981383e7301812021-12-21 10:29:38.699root 11241100x8000000000000000360219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f229b4ed8302b16e2021-12-21 10:29:38.699root 11241100x8000000000000000360220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c304a5fc1133ca2021-12-21 10:29:38.700root 11241100x8000000000000000360221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468005565f7b92b12021-12-21 10:29:38.700root 11241100x8000000000000000360222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f25d6e1fa0b5bf12021-12-21 10:29:38.700root 11241100x8000000000000000360223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91b58bc27b429fb2021-12-21 10:29:38.700root 11241100x8000000000000000360224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835b644ed9c7c4992021-12-21 10:29:38.700root 11241100x8000000000000000360225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bf00e5458615322021-12-21 10:29:38.701root 11241100x8000000000000000360226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.540be4ee0e10a9732021-12-21 10:29:38.701root 11241100x8000000000000000360227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d9e57768eb4f052021-12-21 10:29:38.701root 11241100x8000000000000000360228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35cabd5ce66ce6442021-12-21 10:29:38.701root 11241100x8000000000000000360229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c18f29041a26f562021-12-21 10:29:38.701root 11241100x8000000000000000360230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:38.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76487eb7a44b3cde2021-12-21 10:29:38.701root 11241100x8000000000000000360231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9f228063da39be2021-12-21 10:29:39.193root 11241100x8000000000000000360232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2355e8b3abdc7e212021-12-21 10:29:39.193root 11241100x8000000000000000360233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753438398874ba022021-12-21 10:29:39.194root 11241100x8000000000000000360234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec8218b3b3c673ee2021-12-21 10:29:39.194root 11241100x8000000000000000360235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.773f362b7dffaf3d2021-12-21 10:29:39.194root 11241100x8000000000000000360236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb9dc18406a69ef2021-12-21 10:29:39.194root 11241100x8000000000000000360237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee160ada7e2a461e2021-12-21 10:29:39.194root 11241100x8000000000000000360238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc40d41c095b6ed12021-12-21 10:29:39.194root 11241100x8000000000000000360239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8796c5805f7589e52021-12-21 10:29:39.194root 11241100x8000000000000000360240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d4b9c59833ecb5d2021-12-21 10:29:39.195root 11241100x8000000000000000360241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f2166b005236892021-12-21 10:29:39.195root 11241100x8000000000000000360242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e1e782318d61492021-12-21 10:29:39.195root 11241100x8000000000000000360243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf9442e649999fd2021-12-21 10:29:39.195root 11241100x8000000000000000360244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f25d541b08f7902021-12-21 10:29:39.195root 11241100x8000000000000000360245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685da1d1e45f32c02021-12-21 10:29:39.195root 11241100x8000000000000000360246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed192c1785c9d802021-12-21 10:29:39.195root 11241100x8000000000000000360247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4077044c397c140e2021-12-21 10:29:39.195root 11241100x8000000000000000360248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eaa26eeb463f1362021-12-21 10:29:39.195root 11241100x8000000000000000360249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfaaadc9e74b68182021-12-21 10:29:39.196root 11241100x8000000000000000360250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a6ec57ced9865dd2021-12-21 10:29:39.196root 11241100x8000000000000000360251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8abaeb1a98cd02142021-12-21 10:29:39.196root 11241100x8000000000000000360252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4b866a232f88a72021-12-21 10:29:39.196root 11241100x8000000000000000360253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a7ad58809a95b92021-12-21 10:29:39.196root 11241100x8000000000000000360254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b6b340fc3a423c32021-12-21 10:29:39.196root 11241100x8000000000000000360255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6344aebbcba0d4eb2021-12-21 10:29:39.196root 11241100x8000000000000000360256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79c68cc7995263232021-12-21 10:29:39.196root 11241100x8000000000000000360257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fb37482b0f582042021-12-21 10:29:39.197root 11241100x8000000000000000360258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470b92fce93e2b1c2021-12-21 10:29:39.197root 11241100x8000000000000000360259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a2f9ba84fab76a2021-12-21 10:29:39.197root 11241100x8000000000000000360260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3bf833a5abaec5f2021-12-21 10:29:39.197root 11241100x8000000000000000360261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83be25881cf7c5662021-12-21 10:29:39.197root 11241100x8000000000000000360262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e9de918d3036952021-12-21 10:29:39.198root 23542300x8000000000000000360263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.349{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000360264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3108a802a22347662021-12-21 10:29:39.693root 11241100x8000000000000000360265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d97893c0ca56062021-12-21 10:29:39.693root 11241100x8000000000000000360266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74747c4d253ebfff2021-12-21 10:29:39.693root 11241100x8000000000000000360267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01650be5e35748552021-12-21 10:29:39.694root 11241100x8000000000000000360268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6a28adde04dcbb2021-12-21 10:29:39.694root 11241100x8000000000000000360269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02092d262d0d9962021-12-21 10:29:39.694root 11241100x8000000000000000360270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39b714732733f9332021-12-21 10:29:39.694root 11241100x8000000000000000360271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2165db1e369462d62021-12-21 10:29:39.694root 11241100x8000000000000000360272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8055500963884d972021-12-21 10:29:39.694root 11241100x8000000000000000360273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b9c1deb74c1443e2021-12-21 10:29:39.694root 11241100x8000000000000000360274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f16903c8baa60fab2021-12-21 10:29:39.694root 11241100x8000000000000000360275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19dbc02b78e4cb4e2021-12-21 10:29:39.695root 11241100x8000000000000000360276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187d66589f535f472021-12-21 10:29:39.695root 11241100x8000000000000000360277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3c98c1106820a82021-12-21 10:29:39.695root 11241100x8000000000000000360278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cce50e9a879d275f2021-12-21 10:29:39.695root 11241100x8000000000000000360279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddf12b0daeef29fc2021-12-21 10:29:39.695root 11241100x8000000000000000360280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66709967b04f12162021-12-21 10:29:39.695root 11241100x8000000000000000360281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca2adc40c2b29f502021-12-21 10:29:39.695root 11241100x8000000000000000360282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c11b1b8d073ed962021-12-21 10:29:39.695root 11241100x8000000000000000360283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9f981e3fe2238472021-12-21 10:29:39.695root 11241100x8000000000000000360284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586c5eb3b0f7ea7f2021-12-21 10:29:39.696root 11241100x8000000000000000360285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe32a582073d7a82021-12-21 10:29:39.696root 11241100x8000000000000000360286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.729fdc9ab747a9692021-12-21 10:29:39.696root 11241100x8000000000000000360287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccb21d0d3534aec22021-12-21 10:29:39.696root 11241100x8000000000000000360288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18d7fedfe97e1c22021-12-21 10:29:39.696root 11241100x8000000000000000360289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8eca5e3045107e72021-12-21 10:29:39.696root 11241100x8000000000000000360290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45d24bf4ed538982021-12-21 10:29:39.696root 11241100x8000000000000000360291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ecc5958dacce2542021-12-21 10:29:39.696root 11241100x8000000000000000360292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b6f85ebffa6569f2021-12-21 10:29:39.696root 11241100x8000000000000000360293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f5c5988d79937542021-12-21 10:29:39.696root 11241100x8000000000000000360294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92530289162e021d2021-12-21 10:29:39.696root 11241100x8000000000000000360295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceadabd94b568fb92021-12-21 10:29:40.193root 11241100x8000000000000000360296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87eeedbb371651732021-12-21 10:29:40.193root 11241100x8000000000000000360297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30561751535ea1b52021-12-21 10:29:40.194root 11241100x8000000000000000360298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109b933f4f2b671a2021-12-21 10:29:40.194root 11241100x8000000000000000360299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b1c8588e77d83a2021-12-21 10:29:40.194root 11241100x8000000000000000360300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853de8656e1da6542021-12-21 10:29:40.194root 11241100x8000000000000000360301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55a09f2a271c65102021-12-21 10:29:40.195root 11241100x8000000000000000360302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115a1f77a7ee040d2021-12-21 10:29:40.195root 11241100x8000000000000000360303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d134b3a8592a71b2021-12-21 10:29:40.195root 11241100x8000000000000000360304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab1989def4eaca12021-12-21 10:29:40.195root 11241100x8000000000000000360305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aa7fe1442a894812021-12-21 10:29:40.195root 11241100x8000000000000000360306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d4c17e1bfd311742021-12-21 10:29:40.195root 11241100x8000000000000000360307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf709e44cea921282021-12-21 10:29:40.195root 11241100x8000000000000000360308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11490f1de52599e2021-12-21 10:29:40.196root 11241100x8000000000000000360309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7babf18dfc7bf072021-12-21 10:29:40.196root 11241100x8000000000000000360310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b52af1faa3d7aba2021-12-21 10:29:40.196root 11241100x8000000000000000360311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6637aa7597a7f9d52021-12-21 10:29:40.196root 11241100x8000000000000000360312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99461c1cc1aec662021-12-21 10:29:40.196root 11241100x8000000000000000360313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a80866da005a8a682021-12-21 10:29:40.196root 11241100x8000000000000000360314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd90ee909c391e112021-12-21 10:29:40.197root 11241100x8000000000000000360315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5175b4ea6ebdeb0c2021-12-21 10:29:40.197root 11241100x8000000000000000360316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a30cef7dd4f1c62021-12-21 10:29:40.197root 11241100x8000000000000000360317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cdfdc61529d94ad2021-12-21 10:29:40.197root 11241100x8000000000000000360318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9787999d4c394f172021-12-21 10:29:40.197root 11241100x8000000000000000360319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d457e9a57e9a8deb2021-12-21 10:29:40.197root 11241100x8000000000000000360320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5559135f4f37dd432021-12-21 10:29:40.197root 11241100x8000000000000000360321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50274e55f04938de2021-12-21 10:29:40.197root 11241100x8000000000000000360322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc14d1c2b2dcfd22021-12-21 10:29:40.198root 11241100x8000000000000000360323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8033a3ab8f38be2021-12-21 10:29:40.198root 11241100x8000000000000000360324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17ddc2fea9828e272021-12-21 10:29:40.198root 11241100x8000000000000000360325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03924e98d5dd8cf32021-12-21 10:29:40.198root 11241100x8000000000000000360326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0206c7b9b096e622021-12-21 10:29:40.198root 11241100x8000000000000000360327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd339863dca55882021-12-21 10:29:40.198root 11241100x8000000000000000360328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.578d7d03b1a2e1452021-12-21 10:29:40.693root 11241100x8000000000000000360329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9c02b23fdb5c662021-12-21 10:29:40.693root 11241100x8000000000000000360330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e01fae17842af72021-12-21 10:29:40.693root 11241100x8000000000000000360331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14f9c69dbe7b92b62021-12-21 10:29:40.693root 11241100x8000000000000000360332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f607972a83a244642021-12-21 10:29:40.693root 11241100x8000000000000000360333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82d3bde23c333b932021-12-21 10:29:40.693root 11241100x8000000000000000360334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.044145efc7e574072021-12-21 10:29:40.693root 11241100x8000000000000000360335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150622942c2bd9fb2021-12-21 10:29:40.694root 11241100x8000000000000000360336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6159804e8a07daa72021-12-21 10:29:40.694root 11241100x8000000000000000360337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25451894ae038e9e2021-12-21 10:29:40.694root 11241100x8000000000000000360338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c235130e7efd06c62021-12-21 10:29:40.694root 11241100x8000000000000000360339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e16e935e6a909c2021-12-21 10:29:40.694root 11241100x8000000000000000360340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574a69a96905684d2021-12-21 10:29:40.694root 11241100x8000000000000000360341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe2bd28ee5e22e12021-12-21 10:29:40.694root 11241100x8000000000000000360342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46fe2e59d185fb662021-12-21 10:29:40.694root 11241100x8000000000000000360343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d0359bb2c019d72021-12-21 10:29:40.694root 11241100x8000000000000000360344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463ad8a1cbf136dd2021-12-21 10:29:40.695root 11241100x8000000000000000360345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f2314e135409bf2021-12-21 10:29:40.695root 11241100x8000000000000000360346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3eb467f9e110632021-12-21 10:29:40.695root 11241100x8000000000000000360347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a71f9acf48155c5c2021-12-21 10:29:40.695root 11241100x8000000000000000360348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a5d036b0c24b9f2021-12-21 10:29:40.695root 11241100x8000000000000000360349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b981afc6b29906d2021-12-21 10:29:40.695root 11241100x8000000000000000360350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1438c2f5bd8df72021-12-21 10:29:40.695root 11241100x8000000000000000360351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff3745226dba0ce82021-12-21 10:29:40.695root 11241100x8000000000000000360352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb27c30760125b3d2021-12-21 10:29:40.696root 11241100x8000000000000000360353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.398e8a894d38270f2021-12-21 10:29:40.696root 11241100x8000000000000000360354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9e46054dd438b252021-12-21 10:29:40.696root 11241100x8000000000000000360355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b5b042a2fdb3bd92021-12-21 10:29:40.696root 11241100x8000000000000000360356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e10478ab8406acb02021-12-21 10:29:40.696root 11241100x8000000000000000360357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6a6531a6653d412021-12-21 10:29:40.696root 11241100x8000000000000000360358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8881bf1b2a220ed2021-12-21 10:29:40.696root 11241100x8000000000000000360359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454dc39600de42c72021-12-21 10:29:40.696root 11241100x8000000000000000360360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c57fe737bcd4e0f2021-12-21 10:29:40.697root 11241100x8000000000000000360361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55f6a1b10c79c012021-12-21 10:29:40.697root 11241100x8000000000000000360362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bbb77268194d36c2021-12-21 10:29:40.697root 11241100x8000000000000000360363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d95561a66b24e1662021-12-21 10:29:40.697root 11241100x8000000000000000360364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af2971b56b880c1c2021-12-21 10:29:40.697root 11241100x8000000000000000360365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297a3efb4eb37ebb2021-12-21 10:29:40.697root 11241100x8000000000000000360366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab693d471f6c67092021-12-21 10:29:40.698root 11241100x8000000000000000360367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79833c143c3b0b12021-12-21 10:29:40.698root 11241100x8000000000000000360368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:40.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f1d3677459bd692021-12-21 10:29:40.698root 11241100x8000000000000000360369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df394163322d3942021-12-21 10:29:41.193root 11241100x8000000000000000360370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c464601f0422591a2021-12-21 10:29:41.193root 11241100x8000000000000000360371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1fc5abb7e18eb42021-12-21 10:29:41.194root 11241100x8000000000000000360372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f25671bb9d92eee2021-12-21 10:29:41.194root 11241100x8000000000000000360373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc3efac2146ea432021-12-21 10:29:41.194root 11241100x8000000000000000360374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a081e8d2fbbf22af2021-12-21 10:29:41.194root 354300x8000000000000000360375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.194{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47178-false10.0.1.12-8000- 11241100x8000000000000000360376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3925aeb56be284302021-12-21 10:29:41.194root 11241100x8000000000000000360377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f3e1450812d9022021-12-21 10:29:41.194root 11241100x8000000000000000360378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52dfc3cfe8aa9bbc2021-12-21 10:29:41.194root 11241100x8000000000000000360379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b6947c74df4e162021-12-21 10:29:41.194root 11241100x8000000000000000360380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436af0f413b99bad2021-12-21 10:29:41.194root 11241100x8000000000000000360381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b52524f3de9f4372021-12-21 10:29:41.195root 11241100x8000000000000000360382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3c7d093b9011f92021-12-21 10:29:41.195root 11241100x8000000000000000360383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cd8421296c57732021-12-21 10:29:41.195root 11241100x8000000000000000360384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e264885dd9116ad22021-12-21 10:29:41.195root 11241100x8000000000000000360385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e76ef1cabca6092021-12-21 10:29:41.195root 11241100x8000000000000000360386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe955136981b6ba2021-12-21 10:29:41.195root 11241100x8000000000000000360387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c78d157e502b7e2021-12-21 10:29:41.195root 11241100x8000000000000000360388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.818c6204c8dc136d2021-12-21 10:29:41.195root 11241100x8000000000000000360389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ddfb5d84b3fbe82021-12-21 10:29:41.195root 11241100x8000000000000000360390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ad62901f01a1ef2021-12-21 10:29:41.195root 11241100x8000000000000000360391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075b3dbac32046492021-12-21 10:29:41.196root 11241100x8000000000000000360392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.681b10148cbf5e0e2021-12-21 10:29:41.196root 11241100x8000000000000000360393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c642c57abfccf8d2021-12-21 10:29:41.196root 11241100x8000000000000000360394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c24ca6232b66342021-12-21 10:29:41.196root 11241100x8000000000000000360395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5d39abeff1abdb22021-12-21 10:29:41.196root 11241100x8000000000000000360396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41c285ba3430a2b2021-12-21 10:29:41.196root 11241100x8000000000000000360397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9bdf8077996fb472021-12-21 10:29:41.196root 11241100x8000000000000000360398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3646d4b55b920222021-12-21 10:29:41.196root 11241100x8000000000000000360399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129de4ebc094cc182021-12-21 10:29:41.196root 11241100x8000000000000000360400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a7309149cefcb792021-12-21 10:29:41.693root 11241100x8000000000000000360401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c766ff602e4daa6d2021-12-21 10:29:41.693root 11241100x8000000000000000360402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0233fad5d35c65002021-12-21 10:29:41.693root 11241100x8000000000000000360403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0adc03cf0bdea742021-12-21 10:29:41.693root 11241100x8000000000000000360404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f7d6cbd264c5752021-12-21 10:29:41.693root 11241100x8000000000000000360405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77f08b087ac5c742021-12-21 10:29:41.693root 11241100x8000000000000000360406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86a69ad2f7d2cba2021-12-21 10:29:41.693root 11241100x8000000000000000360407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f6c076637500ae2021-12-21 10:29:41.693root 11241100x8000000000000000360408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48e59e2a2589ec32021-12-21 10:29:41.693root 11241100x8000000000000000360409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfeb422f066d8402021-12-21 10:29:41.694root 11241100x8000000000000000360410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b814e988d833fd12021-12-21 10:29:41.694root 11241100x8000000000000000360411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302404f9ed7d7a5d2021-12-21 10:29:41.694root 11241100x8000000000000000360412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f63c798681c78182021-12-21 10:29:41.694root 11241100x8000000000000000360413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdd29c76c44f9be02021-12-21 10:29:41.694root 11241100x8000000000000000360414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53c9e484073ac072021-12-21 10:29:41.694root 11241100x8000000000000000360415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cb71468cbc5285b2021-12-21 10:29:41.695root 11241100x8000000000000000360416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8d8c038f80200c2021-12-21 10:29:41.695root 11241100x8000000000000000360417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4edc2b3b2628e602021-12-21 10:29:41.695root 11241100x8000000000000000360418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.912264f4833e3e732021-12-21 10:29:41.695root 11241100x8000000000000000360419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a73fba529ad7c22021-12-21 10:29:41.695root 11241100x8000000000000000360420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.082cba7d6cf6de7d2021-12-21 10:29:41.695root 11241100x8000000000000000360421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.185ff15e733980a72021-12-21 10:29:41.695root 11241100x8000000000000000360422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7be9624746bbff8d2021-12-21 10:29:41.695root 11241100x8000000000000000360423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81fa2549a24965852021-12-21 10:29:41.695root 11241100x8000000000000000360424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a8b8895cd0ca10b2021-12-21 10:29:41.696root 11241100x8000000000000000360425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edfd90ab8bfdd3a92021-12-21 10:29:41.696root 11241100x8000000000000000360426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.360ce1948523c5972021-12-21 10:29:41.696root 11241100x8000000000000000360427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a96e9d27692fe4d2021-12-21 10:29:41.696root 11241100x8000000000000000360428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4059b8d612487b2021-12-21 10:29:41.697root 11241100x8000000000000000360429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad5a346c2776ddee2021-12-21 10:29:41.697root 11241100x8000000000000000360430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f348ae0b77896ca2021-12-21 10:29:41.697root 11241100x8000000000000000360431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8365470d8dc0eea32021-12-21 10:29:41.697root 11241100x8000000000000000360432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999f985035804f612021-12-21 10:29:41.697root 11241100x8000000000000000360433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d99770f85c86939d2021-12-21 10:29:41.697root 11241100x8000000000000000360434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0eaa4e4f2850a8fa2021-12-21 10:29:41.698root 11241100x8000000000000000360435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60e0669a080147762021-12-21 10:29:41.698root 11241100x8000000000000000360436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.722ce366603d4ab42021-12-21 10:29:41.698root 11241100x8000000000000000360437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04c866dbca28b9192021-12-21 10:29:41.698root 11241100x8000000000000000360438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133d840bbd81f8c12021-12-21 10:29:41.698root 11241100x8000000000000000360439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aec6e00580bca742021-12-21 10:29:41.698root 11241100x8000000000000000360440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d997f7a97ea22312021-12-21 10:29:41.699root 11241100x8000000000000000360441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1654b34e7df04c942021-12-21 10:29:41.699root 11241100x8000000000000000360442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22822769b6e760a22021-12-21 10:29:41.699root 11241100x8000000000000000360443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.301456c764e15ec62021-12-21 10:29:41.699root 11241100x8000000000000000360444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209b38618a13eeca2021-12-21 10:29:41.700root 11241100x8000000000000000360445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ec07ce8dc5841c2021-12-21 10:29:41.700root 11241100x8000000000000000360446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6964de15d2abb2c92021-12-21 10:29:41.700root 11241100x8000000000000000360447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00d6a44e12dd8e242021-12-21 10:29:41.700root 11241100x8000000000000000360448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.070bd1d2c8ae59912021-12-21 10:29:41.700root 11241100x8000000000000000360449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6a9f12f6ea5462f2021-12-21 10:29:41.701root 11241100x8000000000000000360450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c565c7e0398504732021-12-21 10:29:41.701root 11241100x8000000000000000360451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a65429e817a0c88a2021-12-21 10:29:41.702root 11241100x8000000000000000360452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4e7b16de773915a2021-12-21 10:29:41.702root 11241100x8000000000000000360453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a182dd162caef8a2021-12-21 10:29:41.703root 11241100x8000000000000000360454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:41.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9baf85b1f7f64f5e2021-12-21 10:29:41.703root 11241100x8000000000000000360455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e295500277a23ed2021-12-21 10:29:42.193root 11241100x8000000000000000360456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1053df29242ccc32021-12-21 10:29:42.193root 11241100x8000000000000000360457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7052f023b3caaf9d2021-12-21 10:29:42.194root 11241100x8000000000000000360458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3adab411e2206fc2021-12-21 10:29:42.194root 11241100x8000000000000000360459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e6ca36715482d632021-12-21 10:29:42.194root 11241100x8000000000000000360460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbd349292340d4e52021-12-21 10:29:42.194root 11241100x8000000000000000360461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccebce08a59f47362021-12-21 10:29:42.194root 11241100x8000000000000000360462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8265f354cbe82b0a2021-12-21 10:29:42.194root 11241100x8000000000000000360463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c4728b9108d7d42021-12-21 10:29:42.194root 11241100x8000000000000000360464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23690907cc7c7c782021-12-21 10:29:42.194root 11241100x8000000000000000360465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4160de8560466c2021-12-21 10:29:42.194root 11241100x8000000000000000360466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9311ca2407f11312021-12-21 10:29:42.195root 11241100x8000000000000000360467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dd4c2a68aea04992021-12-21 10:29:42.195root 11241100x8000000000000000360468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee8e7693cf7cb832021-12-21 10:29:42.195root 11241100x8000000000000000360469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c8e185f065546b2021-12-21 10:29:42.195root 11241100x8000000000000000360470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993cb27312d9d8342021-12-21 10:29:42.195root 11241100x8000000000000000360471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35d15369db898392021-12-21 10:29:42.195root 11241100x8000000000000000360472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d8a839c0f278652021-12-21 10:29:42.195root 11241100x8000000000000000360473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209abd6cda07b17d2021-12-21 10:29:42.196root 11241100x8000000000000000360474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cc3bdb43cdc06af2021-12-21 10:29:42.196root 11241100x8000000000000000360475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96cfbbe49c11be922021-12-21 10:29:42.196root 11241100x8000000000000000360476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a62bed02f714e8a2021-12-21 10:29:42.196root 11241100x8000000000000000360477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39571638b21fb2fa2021-12-21 10:29:42.196root 11241100x8000000000000000360478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80e3845a23fcbb8e2021-12-21 10:29:42.197root 11241100x8000000000000000360479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a46f0613128226982021-12-21 10:29:42.197root 11241100x8000000000000000360480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d759ab11a1d8f1982021-12-21 10:29:42.197root 11241100x8000000000000000360481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.864fa030d3f419182021-12-21 10:29:42.197root 11241100x8000000000000000360482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d285a88fb1654b0d2021-12-21 10:29:42.197root 11241100x8000000000000000360483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.220f8388c7b3cff12021-12-21 10:29:42.197root 11241100x8000000000000000360484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3286b8c6e9e25612021-12-21 10:29:42.197root 11241100x8000000000000000360485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e147c4c4f75f722021-12-21 10:29:42.198root 11241100x8000000000000000360486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57e9f07ddfc3413b2021-12-21 10:29:42.198root 11241100x8000000000000000360487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.817be2029f72724d2021-12-21 10:29:42.198root 11241100x8000000000000000360488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f86ca999b8c29732021-12-21 10:29:42.693root 11241100x8000000000000000360489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a01105d33701bcb2021-12-21 10:29:42.693root 11241100x8000000000000000360490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ad701686eeb3ff2021-12-21 10:29:42.694root 11241100x8000000000000000360491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b87f0e7d2eebffd2021-12-21 10:29:42.694root 11241100x8000000000000000360492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6024bd7a134aa862021-12-21 10:29:42.694root 11241100x8000000000000000360493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e211d1e6f6a4dc2021-12-21 10:29:42.694root 11241100x8000000000000000360494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0b643f68c3b37bb2021-12-21 10:29:42.694root 11241100x8000000000000000360495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6cb38a0025c1882021-12-21 10:29:42.694root 11241100x8000000000000000360496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24bfd7a86b5f1b3c2021-12-21 10:29:42.694root 11241100x8000000000000000360497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fedbde6cd0b0ad102021-12-21 10:29:42.694root 11241100x8000000000000000360498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2bc1c26955520112021-12-21 10:29:42.694root 11241100x8000000000000000360499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7d7243c21cb38c32021-12-21 10:29:42.695root 11241100x8000000000000000360500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85efa5d038fbf8bf2021-12-21 10:29:42.695root 11241100x8000000000000000360501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17339e747492e5932021-12-21 10:29:42.695root 11241100x8000000000000000360502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.570c4b224f2032912021-12-21 10:29:42.695root 11241100x8000000000000000360503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b0e30bb9cb04bf22021-12-21 10:29:42.696root 11241100x8000000000000000360504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a5c0e63ebe30022021-12-21 10:29:42.696root 11241100x8000000000000000360505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e5484ef0013f042021-12-21 10:29:42.696root 11241100x8000000000000000360506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae8142e892bfd5a2021-12-21 10:29:42.696root 11241100x8000000000000000360507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad717a54c960d2b2021-12-21 10:29:42.696root 11241100x8000000000000000360508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a56ca497bb0a23182021-12-21 10:29:42.696root 11241100x8000000000000000360509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0cf7c14c4502e52021-12-21 10:29:42.696root 11241100x8000000000000000360510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a35d79fba3f1632021-12-21 10:29:42.697root 11241100x8000000000000000360511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.371e68d841280e612021-12-21 10:29:42.697root 11241100x8000000000000000360512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb479cf2fa71de6b2021-12-21 10:29:42.697root 11241100x8000000000000000360513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b64e011b5a094e2021-12-21 10:29:42.697root 11241100x8000000000000000360514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e39c0a9525ec8e372021-12-21 10:29:42.697root 11241100x8000000000000000360515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ca6c08d745f886d2021-12-21 10:29:42.698root 11241100x8000000000000000360516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4797c722cc2771fb2021-12-21 10:29:42.698root 11241100x8000000000000000360517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d291400f0452abee2021-12-21 10:29:42.698root 11241100x8000000000000000360518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:42.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a487bedb6c4cabb42021-12-21 10:29:42.699root 11241100x8000000000000000360519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae4252f42295c6a2021-12-21 10:29:43.193root 11241100x8000000000000000360520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f609446d30ee732021-12-21 10:29:43.193root 11241100x8000000000000000360521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafb326e46a758cf2021-12-21 10:29:43.193root 11241100x8000000000000000360522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.903093ba23a7d0942021-12-21 10:29:43.193root 11241100x8000000000000000360523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe55177bdf67ba62021-12-21 10:29:43.194root 11241100x8000000000000000360524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910a852bfc1860772021-12-21 10:29:43.194root 11241100x8000000000000000360525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.471a2f3773b367ee2021-12-21 10:29:43.194root 11241100x8000000000000000360526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07e4324ecf3bd8cc2021-12-21 10:29:43.194root 11241100x8000000000000000360527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1d09f184174b03d2021-12-21 10:29:43.194root 11241100x8000000000000000360528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccfdb283d898523f2021-12-21 10:29:43.195root 11241100x8000000000000000360529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9232f816d8af43e2021-12-21 10:29:43.195root 11241100x8000000000000000360530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ee5bf7a9030d912021-12-21 10:29:43.195root 11241100x8000000000000000360531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15bddf6bae1501ee2021-12-21 10:29:43.195root 11241100x8000000000000000360532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8faa50a3222880482021-12-21 10:29:43.195root 11241100x8000000000000000360533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38bbf4d2996e766b2021-12-21 10:29:43.195root 11241100x8000000000000000360534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd688b6408e203562021-12-21 10:29:43.195root 11241100x8000000000000000360535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a77b764c09e48b032021-12-21 10:29:43.196root 11241100x8000000000000000360536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c49dd3bdec409d62021-12-21 10:29:43.196root 11241100x8000000000000000360537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dfd24375fc74e232021-12-21 10:29:43.196root 11241100x8000000000000000360538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f089ab7a662de532021-12-21 10:29:43.196root 11241100x8000000000000000360539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379973bbe4ac58542021-12-21 10:29:43.196root 11241100x8000000000000000360540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eda39ebe0ac699fb2021-12-21 10:29:43.196root 11241100x8000000000000000360541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2537cee50ee7f42021-12-21 10:29:43.197root 11241100x8000000000000000360542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba44d335c065e472021-12-21 10:29:43.197root 11241100x8000000000000000360543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c442b4e6ddee002021-12-21 10:29:43.197root 11241100x8000000000000000360544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534e178b38ec3df32021-12-21 10:29:43.197root 11241100x8000000000000000360545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29f801302d36cab72021-12-21 10:29:43.197root 11241100x8000000000000000360546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7177e9f46cb18a1c2021-12-21 10:29:43.197root 11241100x8000000000000000360547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07aef2c4f5b56b302021-12-21 10:29:43.198root 11241100x8000000000000000360548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3421807ed725d2c2021-12-21 10:29:43.198root 11241100x8000000000000000360549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.259f06c6a1fc81fc2021-12-21 10:29:43.198root 11241100x8000000000000000360550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8734f047a88e2f462021-12-21 10:29:43.198root 11241100x8000000000000000360551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23d4156bdbb98da2021-12-21 10:29:43.693root 11241100x8000000000000000360552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97b847b0d0eb2b362021-12-21 10:29:43.693root 11241100x8000000000000000360553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39b9abf7f1a31372021-12-21 10:29:43.693root 11241100x8000000000000000360554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f781222c2e991e52021-12-21 10:29:43.694root 11241100x8000000000000000360555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a905910fb2cd73f2021-12-21 10:29:43.694root 11241100x8000000000000000360556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299e2c214e64e7382021-12-21 10:29:43.694root 11241100x8000000000000000360557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.746e8b8fab7902932021-12-21 10:29:43.694root 11241100x8000000000000000360558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629b1be5f847ef7c2021-12-21 10:29:43.694root 11241100x8000000000000000360559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14fc5f671a09b7702021-12-21 10:29:43.695root 11241100x8000000000000000360560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bed4528244045762021-12-21 10:29:43.695root 11241100x8000000000000000360561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a9068a5c69af0152021-12-21 10:29:43.695root 11241100x8000000000000000360562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60241d92bfb048ec2021-12-21 10:29:43.695root 11241100x8000000000000000360563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a321688e6585e32021-12-21 10:29:43.695root 11241100x8000000000000000360564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d319a48adbaa8fb2021-12-21 10:29:43.695root 11241100x8000000000000000360565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84d2f61041907d902021-12-21 10:29:43.696root 11241100x8000000000000000360566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc306be4a271dc32021-12-21 10:29:43.696root 11241100x8000000000000000360567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdcc30e5893f76cb2021-12-21 10:29:43.696root 11241100x8000000000000000360568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f6e230b937c4d272021-12-21 10:29:43.696root 11241100x8000000000000000360569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25c8c72190d6d7d2021-12-21 10:29:43.696root 11241100x8000000000000000360570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e595ba30630ac14f2021-12-21 10:29:43.696root 11241100x8000000000000000360571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4239f44fb95e7542021-12-21 10:29:43.696root 11241100x8000000000000000360572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a7bfa49f0149ae2021-12-21 10:29:43.696root 11241100x8000000000000000360573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1e4426aebdf68312021-12-21 10:29:43.698root 11241100x8000000000000000360574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99670596f377fa12021-12-21 10:29:43.698root 11241100x8000000000000000360575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35fa35b2c54eb0662021-12-21 10:29:43.698root 11241100x8000000000000000360576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbb9361ab88b2baf2021-12-21 10:29:43.698root 11241100x8000000000000000360577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeb125249090a8862021-12-21 10:29:43.698root 11241100x8000000000000000360578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41e89c22b31dd2492021-12-21 10:29:43.698root 11241100x8000000000000000360579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4660b05d348ffa682021-12-21 10:29:43.699root 11241100x8000000000000000360580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d369b92b932332fa2021-12-21 10:29:43.699root 11241100x8000000000000000360581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d39c28e6db50d592021-12-21 10:29:43.699root 11241100x8000000000000000360582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:43.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d799215b6ce6ab2021-12-21 10:29:43.699root 11241100x8000000000000000360583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f340553465083e32021-12-21 10:29:44.193root 11241100x8000000000000000360584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57a2a505c3a24202021-12-21 10:29:44.193root 11241100x8000000000000000360585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.062c174448c2484e2021-12-21 10:29:44.193root 11241100x8000000000000000360586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302eb5f37e107d732021-12-21 10:29:44.193root 11241100x8000000000000000360587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.979b7133a72d3a832021-12-21 10:29:44.193root 11241100x8000000000000000360588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.120741ce50c578eb2021-12-21 10:29:44.193root 11241100x8000000000000000360589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.176148c0a4cb6edb2021-12-21 10:29:44.194root 11241100x8000000000000000360590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08865c8eaa86838a2021-12-21 10:29:44.194root 11241100x8000000000000000360591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a6e881c49e41bd2021-12-21 10:29:44.194root 11241100x8000000000000000360592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b52c3d89fe26c5f92021-12-21 10:29:44.194root 11241100x8000000000000000360593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f716d70d0fdc0832021-12-21 10:29:44.194root 11241100x8000000000000000360594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db6c1fd6cc17ef1e2021-12-21 10:29:44.194root 11241100x8000000000000000360595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ced6bf5773142342021-12-21 10:29:44.194root 11241100x8000000000000000360596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965ef47994f3de602021-12-21 10:29:44.195root 11241100x8000000000000000360597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5f03141208e54c52021-12-21 10:29:44.195root 11241100x8000000000000000360598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.735749e0551008952021-12-21 10:29:44.195root 11241100x8000000000000000360599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2361fe73fde4862021-12-21 10:29:44.195root 11241100x8000000000000000360600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf224ea7800efe62021-12-21 10:29:44.195root 11241100x8000000000000000360601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b788592ab108905a2021-12-21 10:29:44.195root 11241100x8000000000000000360602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3e07c228df5a6a2021-12-21 10:29:44.196root 11241100x8000000000000000360603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc9a2408d76eb7a2021-12-21 10:29:44.196root 11241100x8000000000000000360604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73383f1969c4d7d92021-12-21 10:29:44.196root 11241100x8000000000000000360605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b9eabe9d76934e62021-12-21 10:29:44.196root 11241100x8000000000000000360606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df225b9a3545fc72021-12-21 10:29:44.196root 11241100x8000000000000000360607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1697ece4a84377662021-12-21 10:29:44.196root 11241100x8000000000000000360608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b61073daf23c8c2021-12-21 10:29:44.197root 11241100x8000000000000000360609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96a67a21f59569c92021-12-21 10:29:44.197root 11241100x8000000000000000360610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d85d50e235d5ec62021-12-21 10:29:44.197root 11241100x8000000000000000360611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcbe78ba548d089a2021-12-21 10:29:44.197root 11241100x8000000000000000360612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aefe6e249f303712021-12-21 10:29:44.197root 11241100x8000000000000000360613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c62e19c72df59fe2021-12-21 10:29:44.197root 11241100x8000000000000000360614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f4efd9b418afbd2021-12-21 10:29:44.197root 11241100x8000000000000000360615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5a5047ce69af132021-12-21 10:29:44.198root 11241100x8000000000000000360616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c82b79a5c13bfd22021-12-21 10:29:44.198root 11241100x8000000000000000360617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420a446fe0c1c8242021-12-21 10:29:44.198root 11241100x8000000000000000360618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fab795c40ee1faee2021-12-21 10:29:44.198root 11241100x8000000000000000360619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7deca5f5d24fef6e2021-12-21 10:29:44.198root 11241100x8000000000000000360620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b45c613a27c4b62021-12-21 10:29:44.198root 11241100x8000000000000000360621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3fe1e35a560c7a92021-12-21 10:29:44.199root 11241100x8000000000000000360622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae4b2d5521093dba2021-12-21 10:29:44.199root 23542300x8000000000000000360623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.523{ec2b6afe-ac59-61c1-8012-0a519a550000}5707ubuntu/bin/nano/home/ubuntu/./.mod_sudoer.sh.swp--- 534500x8000000000000000360624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.524{ec2b6afe-ac59-61c1-8012-0a519a550000}5707/bin/nanoubuntu 11241100x8000000000000000360625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.524{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e982cea67f66012021-12-21 10:29:44.524root 11241100x8000000000000000360626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.524{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1067a2cc60e2e61c2021-12-21 10:29:44.524root 11241100x8000000000000000360627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.524{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c7d3b10e1eb3152021-12-21 10:29:44.524root 11241100x8000000000000000360628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.524{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.096fc107dfebd1ae2021-12-21 10:29:44.524root 11241100x8000000000000000360629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.524{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca18a9741893aed2021-12-21 10:29:44.524root 11241100x8000000000000000360630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.524{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccf7f9d652c3b41b2021-12-21 10:29:44.524root 11241100x8000000000000000360631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.524{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f146162cafbe1f902021-12-21 10:29:44.524root 11241100x8000000000000000360632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.524{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce1899146f85ad92021-12-21 10:29:44.524root 11241100x8000000000000000360633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1241306ec691d60f2021-12-21 10:29:44.525root 11241100x8000000000000000360634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9692a32a65f4e82b2021-12-21 10:29:44.525root 11241100x8000000000000000360635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7246e3880e80d4cc2021-12-21 10:29:44.525root 11241100x8000000000000000360636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99b300c1202c84a2021-12-21 10:29:44.525root 11241100x8000000000000000360637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12171feaf473cdfb2021-12-21 10:29:44.525root 11241100x8000000000000000360638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80240f21b50260232021-12-21 10:29:44.525root 11241100x8000000000000000360639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6a33f2e4ba7634a2021-12-21 10:29:44.525root 11241100x8000000000000000360640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0b7286d3ae3732c2021-12-21 10:29:44.525root 11241100x8000000000000000360641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00876764b5456f472021-12-21 10:29:44.525root 11241100x8000000000000000360642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34128b29c9528cf52021-12-21 10:29:44.525root 11241100x8000000000000000360643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.525{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2545c2e80ece422021-12-21 10:29:44.525root 11241100x8000000000000000360644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.526{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc11c5f7d4767a712021-12-21 10:29:44.526root 11241100x8000000000000000360645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.526{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd860bd7016ea8d2021-12-21 10:29:44.526root 11241100x8000000000000000360646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.526{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6744d94167a74bb2021-12-21 10:29:44.526root 11241100x8000000000000000360647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.526{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19821cd97ed97ec52021-12-21 10:29:44.526root 11241100x8000000000000000360648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.526{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ce9e8d7210e4f52021-12-21 10:29:44.526root 11241100x8000000000000000360649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.526{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1248fc7372943e492021-12-21 10:29:44.526root 11241100x8000000000000000360650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.526{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9792af784b6cdca32021-12-21 10:29:44.526root 11241100x8000000000000000360651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.526{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d8e703876c08f62021-12-21 10:29:44.526root 11241100x8000000000000000360652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.526{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199037b10302ffec2021-12-21 10:29:44.526root 11241100x8000000000000000360653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.526{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd33b36097c0e5e2021-12-21 10:29:44.526root 11241100x8000000000000000360654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.526{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593b8b2c744add4f2021-12-21 10:29:44.526root 11241100x8000000000000000360655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.527{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b640fee849f784d2021-12-21 10:29:44.527root 11241100x8000000000000000360656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.527{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.181cc5529a6f11c32021-12-21 10:29:44.527root 11241100x8000000000000000360657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.527{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79d98a49dcbe55b42021-12-21 10:29:44.527root 11241100x8000000000000000360658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.527{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b10e6bb3fcec352021-12-21 10:29:44.527root 11241100x8000000000000000360659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.527{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ccd81e5e4fcf552021-12-21 10:29:44.527root 11241100x8000000000000000360660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.527{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9f610fa7f896362021-12-21 10:29:44.527root 11241100x8000000000000000360661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.527{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a006a4057f4d77a2021-12-21 10:29:44.527root 11241100x8000000000000000360662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.527{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a7604591f9eb102021-12-21 10:29:44.527root 11241100x8000000000000000360663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.527{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30fe731a219e44072021-12-21 10:29:44.527root 11241100x8000000000000000360664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.527{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.886d0a934a4814ea2021-12-21 10:29:44.527root 11241100x8000000000000000360665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.528{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f692efe1e15a8452021-12-21 10:29:44.528root 11241100x8000000000000000360666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.528{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37b6aea31e93cd32021-12-21 10:29:44.528root 11241100x8000000000000000360667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.528{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5aafa992ef24a71b2021-12-21 10:29:44.528root 11241100x8000000000000000360668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.529{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb256e4debe0cf12021-12-21 10:29:44.529root 11241100x8000000000000000360669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.529{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ff11811caabb692021-12-21 10:29:44.529root 11241100x8000000000000000360670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.529{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1ef1f583cc4bd4c2021-12-21 10:29:44.529root 11241100x8000000000000000360671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.529{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da576d204ed2d0ac2021-12-21 10:29:44.529root 11241100x8000000000000000360672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.529{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c1b003479de8eda2021-12-21 10:29:44.529root 11241100x8000000000000000360673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.530{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8298c57e422688422021-12-21 10:29:44.530root 11241100x8000000000000000360674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.530{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1b4f9816de35722021-12-21 10:29:44.530root 11241100x8000000000000000360675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.530{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4a295c8517fdc022021-12-21 10:29:44.530root 11241100x8000000000000000360676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.530{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86a77b200ce71532021-12-21 10:29:44.530root 11241100x8000000000000000360677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.530{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f94726a550c4ea02021-12-21 10:29:44.530root 11241100x8000000000000000360678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.530{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8224d40fca472e42021-12-21 10:29:44.530root 11241100x8000000000000000360679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.530{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8d5d786b44ec0b2021-12-21 10:29:44.530root 11241100x8000000000000000360680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.530{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62204d539b1a61712021-12-21 10:29:44.530root 11241100x8000000000000000360681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.531{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3f1748b460314402021-12-21 10:29:44.531root 11241100x8000000000000000360682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.531{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7247933a7e96762021-12-21 10:29:44.531root 11241100x8000000000000000360683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.531{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e0d289fb94275062021-12-21 10:29:44.531root 11241100x8000000000000000360684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.531{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63edd115f50524cf2021-12-21 10:29:44.531root 11241100x8000000000000000360685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.531{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a6a708dbae21dd62021-12-21 10:29:44.531root 11241100x8000000000000000360686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.531{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9678ba8c7ca6ce172021-12-21 10:29:44.531root 11241100x8000000000000000360687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.531{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cda582e287c23bd2021-12-21 10:29:44.531root 11241100x8000000000000000360688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.531{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecf20150474a14c12021-12-21 10:29:44.531root 11241100x8000000000000000360689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.531{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.836cba5020c68d922021-12-21 10:29:44.531root 11241100x8000000000000000360690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.531{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd27e5389de69b082021-12-21 10:29:44.531root 11241100x8000000000000000360691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.532{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91765b8e489674a62021-12-21 10:29:44.532root 11241100x8000000000000000360692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.532{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe4496696048a892021-12-21 10:29:44.532root 11241100x8000000000000000360693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89340130d910f2bc2021-12-21 10:29:44.942root 11241100x8000000000000000360694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61bd68f279a996532021-12-21 10:29:44.943root 11241100x8000000000000000360695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3cc441132806942021-12-21 10:29:44.943root 11241100x8000000000000000360696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43cb8697eb8dc4062021-12-21 10:29:44.943root 11241100x8000000000000000360697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f20378a14089bc2021-12-21 10:29:44.943root 11241100x8000000000000000360698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89026e7fb18c062d2021-12-21 10:29:44.943root 11241100x8000000000000000360699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56db2fa96d9f5a282021-12-21 10:29:44.943root 11241100x8000000000000000360700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25c647d2e80bc0d32021-12-21 10:29:44.944root 11241100x8000000000000000360701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33822ba42f4936f72021-12-21 10:29:44.944root 11241100x8000000000000000360702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc5d6dff04a364aa2021-12-21 10:29:44.944root 11241100x8000000000000000360703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807a615f145540412021-12-21 10:29:44.944root 11241100x8000000000000000360704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fcad71c1eca2942021-12-21 10:29:44.944root 11241100x8000000000000000360705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26210832a2a66502021-12-21 10:29:44.944root 11241100x8000000000000000360706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9625de6494e923ee2021-12-21 10:29:44.945root 11241100x8000000000000000360707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a3c707020437dd2021-12-21 10:29:44.945root 11241100x8000000000000000360708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b17a50cc86a7c502021-12-21 10:29:44.945root 11241100x8000000000000000360709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad022760c380050a2021-12-21 10:29:44.945root 11241100x8000000000000000360710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff63228756841652021-12-21 10:29:44.945root 11241100x8000000000000000360711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fabd31c4892f0f92021-12-21 10:29:44.945root 11241100x8000000000000000360712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415dc7838aa1b20c2021-12-21 10:29:44.945root 11241100x8000000000000000360713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18b3ca0e010824982021-12-21 10:29:44.945root 11241100x8000000000000000360714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5164945246d7ee3d2021-12-21 10:29:44.945root 11241100x8000000000000000360715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00cfa1ebb957763d2021-12-21 10:29:44.945root 11241100x8000000000000000360716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.645883f83fbdcf942021-12-21 10:29:44.946root 11241100x8000000000000000360717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49e2e8c0ed6eba922021-12-21 10:29:44.946root 11241100x8000000000000000360718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4a95c9c4e11a5ba2021-12-21 10:29:44.946root 11241100x8000000000000000360719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c26a29940197c56d2021-12-21 10:29:44.946root 11241100x8000000000000000360720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e824115e8b26f502021-12-21 10:29:44.946root 11241100x8000000000000000360721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd75a789329d3b02021-12-21 10:29:44.946root 11241100x8000000000000000360722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e444bfe1cefb2c0c2021-12-21 10:29:44.946root 11241100x8000000000000000360723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b6c60f7975c5b12021-12-21 10:29:44.946root 11241100x8000000000000000360724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8762b9da2a27f9022021-12-21 10:29:44.946root 11241100x8000000000000000360725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca4019bb70611e12021-12-21 10:29:44.946root 11241100x8000000000000000360726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6947f84782f3d402021-12-21 10:29:44.946root 11241100x8000000000000000360727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc63157a362b7052021-12-21 10:29:44.947root 11241100x8000000000000000360728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43b1c1f15c451322021-12-21 10:29:44.947root 11241100x8000000000000000360729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:44.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c26378cd2f3d5262021-12-21 10:29:44.947root 11241100x8000000000000000360730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807d80ae611698812021-12-21 10:29:45.443root 11241100x8000000000000000360731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71af65a0bb3efd4d2021-12-21 10:29:45.443root 11241100x8000000000000000360732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7628fed2b5beb5342021-12-21 10:29:45.443root 11241100x8000000000000000360733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4748a8059d56012021-12-21 10:29:45.444root 11241100x8000000000000000360734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74b1aebe0456c5412021-12-21 10:29:45.444root 11241100x8000000000000000360735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2f44a97a02f08a2021-12-21 10:29:45.444root 11241100x8000000000000000360736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708c7a6a5ec520cc2021-12-21 10:29:45.444root 11241100x8000000000000000360737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba24cc1f4ab80d462021-12-21 10:29:45.444root 11241100x8000000000000000360738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.055f9a1045f633632021-12-21 10:29:45.444root 11241100x8000000000000000360739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b35db7f277a96702021-12-21 10:29:45.444root 11241100x8000000000000000360740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df9cca61f724aa02021-12-21 10:29:45.444root 11241100x8000000000000000360741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae26c8c86a3e0302021-12-21 10:29:45.444root 11241100x8000000000000000360742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d17f88765e983e92021-12-21 10:29:45.445root 11241100x8000000000000000360743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335a2ae91a4505482021-12-21 10:29:45.445root 11241100x8000000000000000360744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049758528995217f2021-12-21 10:29:45.445root 11241100x8000000000000000360745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82cc5195c70be072021-12-21 10:29:45.445root 11241100x8000000000000000360746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6029dd9364f971492021-12-21 10:29:45.445root 11241100x8000000000000000360747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8a2f589e4378012021-12-21 10:29:45.445root 11241100x8000000000000000360748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd988be97e173bfc2021-12-21 10:29:45.445root 11241100x8000000000000000360749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe8278d9d441d08e2021-12-21 10:29:45.446root 11241100x8000000000000000360750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3608c4a132f633702021-12-21 10:29:45.446root 11241100x8000000000000000360751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a76a671dbc5eaa2021-12-21 10:29:45.446root 11241100x8000000000000000360752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45afe324c0388e7f2021-12-21 10:29:45.446root 11241100x8000000000000000360753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee4420823a04a0bf2021-12-21 10:29:45.446root 11241100x8000000000000000360754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e52b7d6a3d9a812021-12-21 10:29:45.446root 11241100x8000000000000000360755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00f3634f8d64bcc52021-12-21 10:29:45.446root 11241100x8000000000000000360756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a531d304fb3ec3a2021-12-21 10:29:45.447root 11241100x8000000000000000360757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed07ab28a4fc83da2021-12-21 10:29:45.447root 11241100x8000000000000000360758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47f654125d60ad92021-12-21 10:29:45.447root 11241100x8000000000000000360759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd866a35d8e8a7c2021-12-21 10:29:45.447root 11241100x8000000000000000360760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60ad769ff5da2372021-12-21 10:29:45.447root 11241100x8000000000000000360761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f115b1562acdb0a12021-12-21 10:29:45.447root 11241100x8000000000000000360762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c143e549b9e374962021-12-21 10:29:45.447root 11241100x8000000000000000360763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f9ae254e1ae39e12021-12-21 10:29:45.943root 11241100x8000000000000000360764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81b0705efcbb03ef2021-12-21 10:29:45.943root 11241100x8000000000000000360765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f02311ecb851185e2021-12-21 10:29:45.944root 11241100x8000000000000000360766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebaf24d1cee59c112021-12-21 10:29:45.944root 11241100x8000000000000000360767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7577d9a5059ea3d12021-12-21 10:29:45.944root 11241100x8000000000000000360768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f39dcd56e5b58e522021-12-21 10:29:45.944root 11241100x8000000000000000360769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b94313127a3410f42021-12-21 10:29:45.944root 11241100x8000000000000000360770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb3b0a36d96b83b2021-12-21 10:29:45.944root 11241100x8000000000000000360771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2def7ded73d3d6fc2021-12-21 10:29:45.944root 11241100x8000000000000000360772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454ef8f217020f182021-12-21 10:29:45.944root 11241100x8000000000000000360773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41ff18d721cf1f982021-12-21 10:29:45.944root 11241100x8000000000000000360774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81616eb4ab0e853b2021-12-21 10:29:45.944root 11241100x8000000000000000360775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfb0fd70bda648542021-12-21 10:29:45.945root 11241100x8000000000000000360776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd53c572df72990b2021-12-21 10:29:45.945root 11241100x8000000000000000360777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e3ba65e1463b8e12021-12-21 10:29:45.945root 11241100x8000000000000000360778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.653c7598d4d5bb4d2021-12-21 10:29:45.945root 11241100x8000000000000000360779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852d596b452c16fa2021-12-21 10:29:45.945root 11241100x8000000000000000360780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b5240b495c37332021-12-21 10:29:45.945root 11241100x8000000000000000360781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e06757ded054818e2021-12-21 10:29:45.945root 11241100x8000000000000000360782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc70643e577e45d2021-12-21 10:29:45.945root 11241100x8000000000000000360783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633813bf4914f18d2021-12-21 10:29:45.945root 11241100x8000000000000000360784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1828b5b5db40e692021-12-21 10:29:45.945root 11241100x8000000000000000360785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca1b96eace202052021-12-21 10:29:45.945root 11241100x8000000000000000360786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e195187d35a47b2021-12-21 10:29:45.946root 11241100x8000000000000000360787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6fa0564aff70c182021-12-21 10:29:45.946root 11241100x8000000000000000360788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df6557ef78a34332021-12-21 10:29:45.946root 11241100x8000000000000000360789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e773613d43697f62021-12-21 10:29:45.946root 11241100x8000000000000000360790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a2ba2e16b4a70182021-12-21 10:29:45.946root 11241100x8000000000000000360791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8377a358f07e25912021-12-21 10:29:45.946root 11241100x8000000000000000360792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1435656cbe9e91712021-12-21 10:29:45.946root 11241100x8000000000000000360793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce562c6dd0bed3142021-12-21 10:29:45.946root 11241100x8000000000000000360794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87134b92dbcb6cf2021-12-21 10:29:45.946root 11241100x8000000000000000360795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fce2cbb124c50b632021-12-21 10:29:45.946root 11241100x8000000000000000360796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:45.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfb148b5e77ed5b2021-12-21 10:29:45.947root 354300x8000000000000000360797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.254{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47180-false10.0.1.12-8000- 11241100x8000000000000000360798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c7ea8a980eb03cc2021-12-21 10:29:46.255root 11241100x8000000000000000360799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.548439472124eebf2021-12-21 10:29:46.255root 11241100x8000000000000000360800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8d6e69dcaba37b62021-12-21 10:29:46.255root 11241100x8000000000000000360801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da8f179625b866d2021-12-21 10:29:46.255root 11241100x8000000000000000360802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.255{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d05805c8073fb4fe2021-12-21 10:29:46.255root 11241100x8000000000000000360803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.252746b862bcb66c2021-12-21 10:29:46.256root 11241100x8000000000000000360804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc804a3e58be72832021-12-21 10:29:46.256root 11241100x8000000000000000360805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b8001042e7ac8532021-12-21 10:29:46.256root 11241100x8000000000000000360806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ccd1fb565fbf5a2021-12-21 10:29:46.256root 11241100x8000000000000000360807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3541bd487ab15d242021-12-21 10:29:46.256root 11241100x8000000000000000360808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4574dede2ba0bdb32021-12-21 10:29:46.256root 11241100x8000000000000000360809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cbeb7a95dc4458c2021-12-21 10:29:46.256root 11241100x8000000000000000360810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5511712afa201b52021-12-21 10:29:46.256root 11241100x8000000000000000360811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f6221772fc6e532021-12-21 10:29:46.256root 11241100x8000000000000000360812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9d0d3586ef347d2021-12-21 10:29:46.256root 11241100x8000000000000000360813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baeb7cbf602fb88d2021-12-21 10:29:46.256root 11241100x8000000000000000360814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5476a0d75180d76e2021-12-21 10:29:46.256root 11241100x8000000000000000360815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ddf9b331ce5ded2021-12-21 10:29:46.256root 11241100x8000000000000000360816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1fbf007de24f982021-12-21 10:29:46.256root 11241100x8000000000000000360817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.256{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3237977c3d8396572021-12-21 10:29:46.256root 11241100x8000000000000000360818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e0d16a1fe859342021-12-21 10:29:46.257root 11241100x8000000000000000360819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3faf69ec3898dd9a2021-12-21 10:29:46.257root 11241100x8000000000000000360820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34627840ea231dcc2021-12-21 10:29:46.257root 11241100x8000000000000000360821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91ef9a0b899ccd02021-12-21 10:29:46.257root 11241100x8000000000000000360822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7562fefdf60763682021-12-21 10:29:46.257root 11241100x8000000000000000360823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c899dee4d12f392021-12-21 10:29:46.257root 11241100x8000000000000000360824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa7fc9680a6dd942021-12-21 10:29:46.257root 11241100x8000000000000000360825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.257{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82825824c087d89f2021-12-21 10:29:46.257root 11241100x8000000000000000360826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c37226b2b386c5932021-12-21 10:29:46.258root 11241100x8000000000000000360827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fbc792fe022f0a2021-12-21 10:29:46.258root 11241100x8000000000000000360828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a175e31da4f231c42021-12-21 10:29:46.258root 11241100x8000000000000000360829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7ea146dff4ea7952021-12-21 10:29:46.258root 11241100x8000000000000000360830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793920562ba209852021-12-21 10:29:46.258root 11241100x8000000000000000360831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25eb1caa8bfcb37c2021-12-21 10:29:46.258root 11241100x8000000000000000360832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba495f5f2d73753a2021-12-21 10:29:46.258root 11241100x8000000000000000360833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e240502dd60c9d2021-12-21 10:29:46.258root 11241100x8000000000000000360834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bc545030a3e242e2021-12-21 10:29:46.258root 11241100x8000000000000000360835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee0eca54a60a3582021-12-21 10:29:46.258root 11241100x8000000000000000360836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.258{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59dbd74f0beae15f2021-12-21 10:29:46.258root 11241100x8000000000000000360837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baa5f33d1fc114be2021-12-21 10:29:46.259root 11241100x8000000000000000360838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.081baa5f0c0008b72021-12-21 10:29:46.259root 11241100x8000000000000000360839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.186fb05dca2e2c242021-12-21 10:29:46.259root 11241100x8000000000000000360840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd6b39e4cdf7a0112021-12-21 10:29:46.259root 11241100x8000000000000000360841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcecb8739fa95f572021-12-21 10:29:46.259root 11241100x8000000000000000360842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48a8a677b0c81c0d2021-12-21 10:29:46.259root 11241100x8000000000000000360843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79cd5992a756baec2021-12-21 10:29:46.259root 11241100x8000000000000000360844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6848b9522cbc198f2021-12-21 10:29:46.259root 11241100x8000000000000000360845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba2117854a431ac2021-12-21 10:29:46.259root 11241100x8000000000000000360846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cde144407cc55b9d2021-12-21 10:29:46.259root 11241100x8000000000000000360847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce00081c9be6434d2021-12-21 10:29:46.259root 11241100x8000000000000000360848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a542848decf386ed2021-12-21 10:29:46.259root 11241100x8000000000000000360849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5eeba515d12e7b32021-12-21 10:29:46.259root 11241100x8000000000000000360850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4bf22c4096b26f2021-12-21 10:29:46.259root 11241100x8000000000000000360851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c72e2645dde772e2021-12-21 10:29:46.259root 11241100x8000000000000000360852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.259{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39454a764e7c65892021-12-21 10:29:46.259root 11241100x8000000000000000360853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c743cca07af15982021-12-21 10:29:46.260root 11241100x8000000000000000360854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ffaaf66752f8cf2021-12-21 10:29:46.260root 11241100x8000000000000000360855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ac2674b0eb4ee02021-12-21 10:29:46.260root 11241100x8000000000000000360856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82f7718cf3a7698e2021-12-21 10:29:46.260root 11241100x8000000000000000360857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc708c53818a30292021-12-21 10:29:46.260root 11241100x8000000000000000360858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.260{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dc4bbaa7a04cd1b2021-12-21 10:29:46.260root 11241100x8000000000000000360859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542ef2de930ab83f2021-12-21 10:29:46.693root 11241100x8000000000000000360860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e3a1341a03717f2021-12-21 10:29:46.693root 11241100x8000000000000000360861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e42d994294c945ab2021-12-21 10:29:46.693root 11241100x8000000000000000360862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8071dfe75650932021-12-21 10:29:46.694root 11241100x8000000000000000360863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f99668d613004a2021-12-21 10:29:46.694root 11241100x8000000000000000360864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43924d8669514e382021-12-21 10:29:46.694root 11241100x8000000000000000360865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3db375297473e7bb2021-12-21 10:29:46.694root 11241100x8000000000000000360866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26dc9b2a0cb064eb2021-12-21 10:29:46.694root 11241100x8000000000000000360867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd34e581000be1982021-12-21 10:29:46.694root 11241100x8000000000000000360868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60971b78ca7e1aca2021-12-21 10:29:46.695root 11241100x8000000000000000360869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f57f168c4ac37b22021-12-21 10:29:46.695root 11241100x8000000000000000360870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1db0ab4761f26aa2021-12-21 10:29:46.695root 11241100x8000000000000000360871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b144de63b356b8142021-12-21 10:29:46.695root 11241100x8000000000000000360872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5668354f8d91fc12021-12-21 10:29:46.695root 11241100x8000000000000000360873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83133ab249e2e9bd2021-12-21 10:29:46.695root 11241100x8000000000000000360874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2e4fea400913052021-12-21 10:29:46.696root 11241100x8000000000000000360875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5770c5acec351c612021-12-21 10:29:46.696root 11241100x8000000000000000360876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7127598da165ba252021-12-21 10:29:46.696root 11241100x8000000000000000360877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5296a94e3893292021-12-21 10:29:46.696root 11241100x8000000000000000360878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f871bdba4679172e2021-12-21 10:29:46.696root 11241100x8000000000000000360879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf00ea21ba116e502021-12-21 10:29:46.696root 11241100x8000000000000000360880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86bce328532197122021-12-21 10:29:46.696root 11241100x8000000000000000360881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4eb25417feb6d62021-12-21 10:29:46.697root 11241100x8000000000000000360882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dede1988d620a7a2021-12-21 10:29:46.697root 11241100x8000000000000000360883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6f2e23eff82d5e92021-12-21 10:29:46.697root 11241100x8000000000000000360884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91c1bf4482d63ec2021-12-21 10:29:46.697root 11241100x8000000000000000360885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f06a47b7ccc0b932021-12-21 10:29:46.697root 11241100x8000000000000000360886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011092d08aae6b012021-12-21 10:29:46.697root 11241100x8000000000000000360887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f20c7bf26bd54b2021-12-21 10:29:46.697root 11241100x8000000000000000360888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6114a17caa740882021-12-21 10:29:46.698root 11241100x8000000000000000360889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80548f71547b04132021-12-21 10:29:46.698root 11241100x8000000000000000360890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a533ebcb50cce72021-12-21 10:29:46.698root 11241100x8000000000000000360891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca4d28c7e8c902a82021-12-21 10:29:46.698root 11241100x8000000000000000360892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:46.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b6565fc379ac382021-12-21 10:29:46.698root 11241100x8000000000000000360893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6add7e71b65a87312021-12-21 10:29:47.193root 11241100x8000000000000000360894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abeeabf7f359c89d2021-12-21 10:29:47.193root 11241100x8000000000000000360895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b284857dd3de84d42021-12-21 10:29:47.193root 11241100x8000000000000000360896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be086ed6532b8a6e2021-12-21 10:29:47.193root 11241100x8000000000000000360897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4a3125a5f5243922021-12-21 10:29:47.193root 11241100x8000000000000000360898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b2cda65c6a6966e2021-12-21 10:29:47.194root 11241100x8000000000000000360899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18ec309d1d01aeec2021-12-21 10:29:47.194root 11241100x8000000000000000360900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2447f888b2d4c9c32021-12-21 10:29:47.194root 11241100x8000000000000000360901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa59e96a19b002b52021-12-21 10:29:47.194root 11241100x8000000000000000360902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9acfa0c3f2ff5d32021-12-21 10:29:47.194root 11241100x8000000000000000360903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8babc8b58afae61d2021-12-21 10:29:47.194root 11241100x8000000000000000360904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9dff1a1db9cffd12021-12-21 10:29:47.194root 11241100x8000000000000000360905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efe3b3169d2048b2021-12-21 10:29:47.194root 11241100x8000000000000000360906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee8e25b44f9690e2021-12-21 10:29:47.194root 11241100x8000000000000000360907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603db47464f05caf2021-12-21 10:29:47.194root 11241100x8000000000000000360908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8de2e4206d719af42021-12-21 10:29:47.195root 11241100x8000000000000000360909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00009f427e17794b2021-12-21 10:29:47.195root 11241100x8000000000000000360910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc8914a6f8221032021-12-21 10:29:47.195root 11241100x8000000000000000360911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.016c98871097d6052021-12-21 10:29:47.195root 11241100x8000000000000000360912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022791f6b0511f632021-12-21 10:29:47.195root 11241100x8000000000000000360913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a14b7fd3639c62f52021-12-21 10:29:47.195root 11241100x8000000000000000360914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e26dcad0f7993032021-12-21 10:29:47.195root 11241100x8000000000000000360915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a41bd88ce98550f52021-12-21 10:29:47.196root 11241100x8000000000000000360916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8285bef56d889f82021-12-21 10:29:47.196root 11241100x8000000000000000360917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e42a46ddcb3a32f2021-12-21 10:29:47.196root 11241100x8000000000000000360918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adcf96f99ed778bb2021-12-21 10:29:47.196root 11241100x8000000000000000360919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff201247921d1a862021-12-21 10:29:47.197root 11241100x8000000000000000360920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85127af5159b9ef2021-12-21 10:29:47.197root 11241100x8000000000000000360921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e206018ac38c5ef2021-12-21 10:29:47.197root 11241100x8000000000000000360922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce9d24d0b5a99212021-12-21 10:29:47.197root 11241100x8000000000000000360923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7e4f3199e41dff2021-12-21 10:29:47.197root 11241100x8000000000000000360924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.160b514218db8ad12021-12-21 10:29:47.197root 11241100x8000000000000000360925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51410858280a60b02021-12-21 10:29:47.197root 11241100x8000000000000000360926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ad7e0522e3159ad2021-12-21 10:29:47.197root 11241100x8000000000000000360927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3daf86f44fd5df1f2021-12-21 10:29:47.198root 11241100x8000000000000000360928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0327e12d5a5e63fe2021-12-21 10:29:47.693root 11241100x8000000000000000360929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.135096b781df22042021-12-21 10:29:47.693root 11241100x8000000000000000360930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723d42fc8914823d2021-12-21 10:29:47.693root 11241100x8000000000000000360931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136a7722145e3d8c2021-12-21 10:29:47.693root 11241100x8000000000000000360932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37779023622aa8c2021-12-21 10:29:47.694root 11241100x8000000000000000360933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d8be9ab5127af62021-12-21 10:29:47.694root 11241100x8000000000000000360934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c3b1f65b4be9932021-12-21 10:29:47.694root 11241100x8000000000000000360935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090dd8f91cee32222021-12-21 10:29:47.694root 11241100x8000000000000000360936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72a0d92bbd1d95842021-12-21 10:29:47.695root 11241100x8000000000000000360937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81267845c540a4432021-12-21 10:29:47.695root 11241100x8000000000000000360938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8cadf425261a02c2021-12-21 10:29:47.695root 11241100x8000000000000000360939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.314bb954e1de02602021-12-21 10:29:47.695root 11241100x8000000000000000360940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6745e31a478388782021-12-21 10:29:47.696root 11241100x8000000000000000360941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf5072262c93a9582021-12-21 10:29:47.696root 11241100x8000000000000000360942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a4b49386394a71a2021-12-21 10:29:47.696root 11241100x8000000000000000360943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e5ed4e88ebfeb82021-12-21 10:29:47.696root 11241100x8000000000000000360944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5effc9e05dbe2bc62021-12-21 10:29:47.696root 11241100x8000000000000000360945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16dbaa79515aa0352021-12-21 10:29:47.697root 11241100x8000000000000000360946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0febc9ec89eb78772021-12-21 10:29:47.697root 11241100x8000000000000000360947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b02bd97ea5481ee2021-12-21 10:29:47.697root 11241100x8000000000000000360948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.222cd9c2cc3e0deb2021-12-21 10:29:47.697root 11241100x8000000000000000360949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.381c5b36c3d4d7442021-12-21 10:29:47.697root 11241100x8000000000000000360950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ba9ff791e3a9e412021-12-21 10:29:47.697root 11241100x8000000000000000360951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b8222c61e344562021-12-21 10:29:47.697root 11241100x8000000000000000360952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c5b573ddb5062fc2021-12-21 10:29:47.697root 11241100x8000000000000000360953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d7b6e487037640c2021-12-21 10:29:47.698root 11241100x8000000000000000360954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10fb62da3a8f63eb2021-12-21 10:29:47.698root 11241100x8000000000000000360955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41dab0cf9a80f3002021-12-21 10:29:47.698root 11241100x8000000000000000360956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.693434f2fd9c8b362021-12-21 10:29:47.698root 11241100x8000000000000000360957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136da58c8aadffb92021-12-21 10:29:47.698root 11241100x8000000000000000360958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66952cf4901f1e012021-12-21 10:29:47.698root 11241100x8000000000000000360959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e5a2b5de135f6a22021-12-21 10:29:47.698root 11241100x8000000000000000360960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a86fd80839ae1d62021-12-21 10:29:47.698root 11241100x8000000000000000360961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a796cf261a3d412021-12-21 10:29:47.698root 11241100x8000000000000000360962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3efa211ff4f8dd862021-12-21 10:29:47.699root 11241100x8000000000000000360963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efca53372b76f3a2021-12-21 10:29:47.699root 11241100x8000000000000000360964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b09f43b3b6a558182021-12-21 10:29:47.699root 11241100x8000000000000000360965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a5795044d95a03d2021-12-21 10:29:47.699root 11241100x8000000000000000360966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:47.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77af95fa90e16222021-12-21 10:29:47.699root 11241100x8000000000000000360967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04e223df7e9f3ea2021-12-21 10:29:48.193root 11241100x8000000000000000360968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2caba3e35aa789782021-12-21 10:29:48.193root 11241100x8000000000000000360969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28dc0e7e05b7bfd2021-12-21 10:29:48.193root 11241100x8000000000000000360970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63753c1c6f7d74c2021-12-21 10:29:48.193root 11241100x8000000000000000360971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5cb824edf6422882021-12-21 10:29:48.193root 11241100x8000000000000000360972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.490d1def8eb3d2982021-12-21 10:29:48.193root 11241100x8000000000000000360973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0fc87292cc090712021-12-21 10:29:48.193root 11241100x8000000000000000360974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78c0c64981255752021-12-21 10:29:48.194root 11241100x8000000000000000360975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.124aacbba829bb262021-12-21 10:29:48.194root 11241100x8000000000000000360976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa1c55b08c308f462021-12-21 10:29:48.194root 11241100x8000000000000000360977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8637a6096c482802021-12-21 10:29:48.194root 11241100x8000000000000000360978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bd09d7441d65de92021-12-21 10:29:48.194root 11241100x8000000000000000360979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.485eb098d6db34d62021-12-21 10:29:48.194root 11241100x8000000000000000360980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e5f2585c811160a2021-12-21 10:29:48.194root 11241100x8000000000000000360981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27810f4b4cff75ca2021-12-21 10:29:48.194root 11241100x8000000000000000360982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb99c809c7bb45af2021-12-21 10:29:48.194root 11241100x8000000000000000360983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40e2f060c7a98cc2021-12-21 10:29:48.194root 11241100x8000000000000000360984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b07463a28ac1fb2021-12-21 10:29:48.195root 11241100x8000000000000000360985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980cf05b9080d0dd2021-12-21 10:29:48.195root 11241100x8000000000000000360986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed3b545c4d4f90f92021-12-21 10:29:48.195root 11241100x8000000000000000360987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f95cb32f1710792021-12-21 10:29:48.195root 11241100x8000000000000000360988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7094399302c8f6822021-12-21 10:29:48.195root 11241100x8000000000000000360989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777b8a1c73e46d2d2021-12-21 10:29:48.195root 11241100x8000000000000000360990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c028d0dd875a551e2021-12-21 10:29:48.195root 11241100x8000000000000000360991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f9c2aed75d49a002021-12-21 10:29:48.195root 11241100x8000000000000000360992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6d8bfd922e08c5f2021-12-21 10:29:48.195root 11241100x8000000000000000360993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177e5abca85869d12021-12-21 10:29:48.195root 11241100x8000000000000000360994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b590dad080fff1a32021-12-21 10:29:48.196root 11241100x8000000000000000360995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e86be90e0bad4882021-12-21 10:29:48.196root 11241100x8000000000000000360996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a83033f6aa17fb2021-12-21 10:29:48.196root 11241100x8000000000000000360997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794219344f5975d82021-12-21 10:29:48.196root 11241100x8000000000000000360998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b16de73f03b25352021-12-21 10:29:48.196root 11241100x8000000000000000360999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef20aa8196055172021-12-21 10:29:48.196root 11241100x8000000000000000361000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c098d10691343f2021-12-21 10:29:48.196root 11241100x8000000000000000361001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ebe1aa1712e1812021-12-21 10:29:48.196root 11241100x8000000000000000361002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af5727085473a6d2021-12-21 10:29:48.197root 11241100x8000000000000000361003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0988ce0062b2bb32021-12-21 10:29:48.197root 11241100x8000000000000000361004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1912a4597d45c042021-12-21 10:29:48.197root 11241100x8000000000000000361005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b52c9a2a2250d632021-12-21 10:29:48.197root 11241100x8000000000000000361006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b84a3c5c832389a2021-12-21 10:29:48.197root 11241100x8000000000000000361007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8632e5675bb64ad32021-12-21 10:29:48.197root 11241100x8000000000000000361008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270876767e6533742021-12-21 10:29:48.197root 11241100x8000000000000000361009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f13f824445aa0afb2021-12-21 10:29:48.197root 11241100x8000000000000000361010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7890ab33a63065b52021-12-21 10:29:48.198root 11241100x8000000000000000361011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67dc1d4f183018f62021-12-21 10:29:48.198root 11241100x8000000000000000361012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f67fb2a83fbaca2021-12-21 10:29:48.198root 11241100x8000000000000000361013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4520f73f929bbb192021-12-21 10:29:48.693root 11241100x8000000000000000361014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04803293859cba262021-12-21 10:29:48.693root 11241100x8000000000000000361015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbf2493affc09702021-12-21 10:29:48.694root 11241100x8000000000000000361016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47cdfc1e30dc9872021-12-21 10:29:48.694root 11241100x8000000000000000361017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eab006bde3378882021-12-21 10:29:48.694root 11241100x8000000000000000361018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21156f8fc5cae2b22021-12-21 10:29:48.694root 11241100x8000000000000000361019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b417f3500e49d3bb2021-12-21 10:29:48.694root 11241100x8000000000000000361020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae0d5e1a32801c42021-12-21 10:29:48.695root 11241100x8000000000000000361021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98485d05f54dfa9e2021-12-21 10:29:48.695root 11241100x8000000000000000361022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e86de016a69aabb2021-12-21 10:29:48.695root 11241100x8000000000000000361023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.643431ce7a1a7d282021-12-21 10:29:48.695root 11241100x8000000000000000361024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b44e74394b631a62021-12-21 10:29:48.695root 11241100x8000000000000000361025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59d4c134611c65f2021-12-21 10:29:48.695root 11241100x8000000000000000361026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6607d742722c1b9f2021-12-21 10:29:48.696root 11241100x8000000000000000361027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.404eea00a7e1383b2021-12-21 10:29:48.696root 11241100x8000000000000000361028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196379af4a9c5ee22021-12-21 10:29:48.696root 11241100x8000000000000000361029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.489a0df3ecf6d3442021-12-21 10:29:48.696root 11241100x8000000000000000361030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.420d948c990c56e22021-12-21 10:29:48.696root 11241100x8000000000000000361031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39a1e0441970d552021-12-21 10:29:48.696root 11241100x8000000000000000361032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2163cf14b98a87bd2021-12-21 10:29:48.697root 11241100x8000000000000000361033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d52c4c4aa088a202021-12-21 10:29:48.697root 11241100x8000000000000000361034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590c760dadedea702021-12-21 10:29:48.697root 11241100x8000000000000000361035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae740348411c84f72021-12-21 10:29:48.698root 11241100x8000000000000000361036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc294ded5b3f7472021-12-21 10:29:48.698root 11241100x8000000000000000361037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6192e5673ff808342021-12-21 10:29:48.698root 11241100x8000000000000000361038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3717099e7309e732021-12-21 10:29:48.698root 11241100x8000000000000000361039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f2f4ebd47dd6a2b2021-12-21 10:29:48.699root 11241100x8000000000000000361040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d0f03903e521032021-12-21 10:29:48.699root 11241100x8000000000000000361041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.432745cab15839d32021-12-21 10:29:48.699root 11241100x8000000000000000361042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4f0ca6790b8a6d2021-12-21 10:29:48.700root 11241100x8000000000000000361043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c46f49d640275f72021-12-21 10:29:48.700root 11241100x8000000000000000361044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b90b20bb5706542021-12-21 10:29:48.700root 11241100x8000000000000000361045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4f555dd018ee1b2021-12-21 10:29:48.700root 11241100x8000000000000000361046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2efc5501169a94e2021-12-21 10:29:48.700root 11241100x8000000000000000361047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1b5894fec9ad352021-12-21 10:29:48.701root 11241100x8000000000000000361048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:48.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1015c9225bd05b62021-12-21 10:29:48.701root 11241100x8000000000000000361049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84a1ee06fa6769052021-12-21 10:29:49.193root 11241100x8000000000000000361050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0853cabc57dafa202021-12-21 10:29:49.194root 11241100x8000000000000000361051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2373bedc8ea1492a2021-12-21 10:29:49.194root 11241100x8000000000000000361052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2b25f847269a8c72021-12-21 10:29:49.194root 11241100x8000000000000000361053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221a12d05015c4972021-12-21 10:29:49.194root 11241100x8000000000000000361054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a17e867fff9b0b632021-12-21 10:29:49.194root 11241100x8000000000000000361055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7924b63d1f4acb022021-12-21 10:29:49.194root 11241100x8000000000000000361056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02c8c3672d0be722021-12-21 10:29:49.195root 11241100x8000000000000000361057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11b1ec13fce4ebb42021-12-21 10:29:49.195root 11241100x8000000000000000361058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d46354ada18ee42021-12-21 10:29:49.195root 11241100x8000000000000000361059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.114ebe45d245e62b2021-12-21 10:29:49.195root 11241100x8000000000000000361060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e679e7a5a0bca72021-12-21 10:29:49.195root 11241100x8000000000000000361061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.808492b0af56964d2021-12-21 10:29:49.195root 11241100x8000000000000000361062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6cec9ca394ec312021-12-21 10:29:49.195root 11241100x8000000000000000361063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ccaead1cc52c98a2021-12-21 10:29:49.195root 11241100x8000000000000000361064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54e1331b226b2a682021-12-21 10:29:49.196root 11241100x8000000000000000361065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5304f1aec1c26422021-12-21 10:29:49.196root 11241100x8000000000000000361066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecf823afd7e5f672021-12-21 10:29:49.196root 11241100x8000000000000000361067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6248a553e2a883622021-12-21 10:29:49.196root 11241100x8000000000000000361068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c2bd943bd2589432021-12-21 10:29:49.196root 11241100x8000000000000000361069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654fb30f2c7ad0bf2021-12-21 10:29:49.196root 11241100x8000000000000000361070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3448bb5fa6d087752021-12-21 10:29:49.196root 11241100x8000000000000000361071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.200b866ce5f96c052021-12-21 10:29:49.197root 11241100x8000000000000000361072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ac494917826a76f2021-12-21 10:29:49.197root 11241100x8000000000000000361073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b5f1f4fd01bcbf2021-12-21 10:29:49.197root 11241100x8000000000000000361074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd2b537efe9874f92021-12-21 10:29:49.197root 11241100x8000000000000000361075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31059c1ccdacb05f2021-12-21 10:29:49.197root 11241100x8000000000000000361076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c2c3b4c1ba453a2021-12-21 10:29:49.197root 11241100x8000000000000000361077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b544700f1c395932021-12-21 10:29:49.197root 11241100x8000000000000000361078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f47ed3ad843f4bb2021-12-21 10:29:49.197root 11241100x8000000000000000361079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca54c216026562dd2021-12-21 10:29:49.198root 11241100x8000000000000000361080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6381094fa53f69f2021-12-21 10:29:49.198root 11241100x8000000000000000361081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c9ab514f699576d2021-12-21 10:29:49.198root 11241100x8000000000000000361082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f99c40fa05b46562021-12-21 10:29:49.198root 11241100x8000000000000000361083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71b13b189e6768052021-12-21 10:29:49.199root 11241100x8000000000000000361084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da52709ba453e342021-12-21 10:29:49.200root 534500x8000000000000000361085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.253{00000000-0000-0000-0000-000000000000}5709<unknown process>ubuntu 534500x8000000000000000361086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.255{ec2b6afe-ac9d-61c1-0000-000000000000}5710-ubuntu 11241100x8000000000000000361087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.256{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash/tmp/sh-thd.UbFazj2021-12-21 10:29:49.256ubuntu 23542300x8000000000000000361088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.256{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677ubuntu/bin/bash/tmp/sh-thd.UbFazj--- 154100x8000000000000000361089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.592{ec2b6afe-ac9d-61c1-303c-7b0000000000}5712/usr/bin/python3.6-----/usr/bin/python3 /usr/lib/command-not-found -- nno/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{00000000-0000-0000-0000-000000000000}5711--- 11241100x8000000000000000361090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.595{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df57a8289a55a602021-12-21 10:29:49.595root 11241100x8000000000000000361091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.595{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5741e21c2c8f1ea2021-12-21 10:29:49.595root 11241100x8000000000000000361092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.595{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49e33c7ae34374c2021-12-21 10:29:49.595root 11241100x8000000000000000361093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.595{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da2b4c30ff13a13a2021-12-21 10:29:49.595root 11241100x8000000000000000361094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.595{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611c2b98f578715a2021-12-21 10:29:49.595root 11241100x8000000000000000361095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.595{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe38f75256b6f5332021-12-21 10:29:49.595root 11241100x8000000000000000361096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.596{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62b625d905b8004d2021-12-21 10:29:49.596root 11241100x8000000000000000361097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.596{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136cfa22bb1119262021-12-21 10:29:49.596root 11241100x8000000000000000361098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.596{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7062d2d816fa64b2021-12-21 10:29:49.596root 11241100x8000000000000000361099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.597{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2085a5de92751772021-12-21 10:29:49.597root 11241100x8000000000000000361100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.597{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12ace7246140ec232021-12-21 10:29:49.597root 11241100x8000000000000000361101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.597{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6489cef9cc760072021-12-21 10:29:49.597root 11241100x8000000000000000361102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.597{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb4aa948d0c51902021-12-21 10:29:49.597root 11241100x8000000000000000361103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.598{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee214c5e5a3b4b92021-12-21 10:29:49.598root 11241100x8000000000000000361104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.598{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e61c285e79a360d42021-12-21 10:29:49.598root 11241100x8000000000000000361105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.598{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7833ee50597e496d2021-12-21 10:29:49.598root 11241100x8000000000000000361106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.598{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2368d6d76d9b662021-12-21 10:29:49.598root 11241100x8000000000000000361107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.600{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc8b0f33a7628fb2021-12-21 10:29:49.600root 11241100x8000000000000000361108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.600{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.231405546efdfa952021-12-21 10:29:49.600root 11241100x8000000000000000361109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.600{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87a5c33b0bea7a02021-12-21 10:29:49.600root 11241100x8000000000000000361110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.601{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61ed07fe76815a432021-12-21 10:29:49.601root 11241100x8000000000000000361111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.601{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8547e199b61dc82021-12-21 10:29:49.601root 11241100x8000000000000000361112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.601{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8adc6cb2160e522021-12-21 10:29:49.601root 11241100x8000000000000000361113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.605{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac07ab8e7276c7482021-12-21 10:29:49.605root 11241100x8000000000000000361114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.605{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66735d90894c2a1f2021-12-21 10:29:49.605root 11241100x8000000000000000361115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.605{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d77cb935ba98e732021-12-21 10:29:49.605root 11241100x8000000000000000361116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.605{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b25cd64811b0e7ba2021-12-21 10:29:49.605root 11241100x8000000000000000361117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.606{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb443be6db98f982021-12-21 10:29:49.606root 11241100x8000000000000000361118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.606{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fe653d4c10256bf2021-12-21 10:29:49.606root 11241100x8000000000000000361119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.606{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.763d83b01a8818842021-12-21 10:29:49.606root 11241100x8000000000000000361120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.606{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cecf91730e1167da2021-12-21 10:29:49.606root 11241100x8000000000000000361121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.607{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4f3147b32b95ab2021-12-21 10:29:49.607root 11241100x8000000000000000361122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.607{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e5c8942f3582382021-12-21 10:29:49.607root 11241100x8000000000000000361123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.607{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98374cd6ce38113b2021-12-21 10:29:49.607root 11241100x8000000000000000361124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.607{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.510d9a9ec7c9130b2021-12-21 10:29:49.607root 11241100x8000000000000000361125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.607{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544c582d27d0d0232021-12-21 10:29:49.607root 11241100x8000000000000000361126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.607{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbbdaa3acda8e3e72021-12-21 10:29:49.607root 11241100x8000000000000000361127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.608{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f9bb9f02c1ed7362021-12-21 10:29:49.608root 11241100x8000000000000000361128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.608{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cb28bc3ea7fbeb2021-12-21 10:29:49.608root 11241100x8000000000000000361129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.608{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57dda5b655b16f852021-12-21 10:29:49.608root 11241100x8000000000000000361130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.608{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90651ffd0fad98f32021-12-21 10:29:49.608root 11241100x8000000000000000361131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.609{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5badd55bb9f18be12021-12-21 10:29:49.609root 11241100x8000000000000000361132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.609{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.384b551f15629a2f2021-12-21 10:29:49.609root 11241100x8000000000000000361133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.609{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cefb7258af7ec0f2021-12-21 10:29:49.609root 11241100x8000000000000000361134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.610{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0082da5b10980c792021-12-21 10:29:49.610root 11241100x8000000000000000361135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.610{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a0ee93f0b5337012021-12-21 10:29:49.610root 11241100x8000000000000000361136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.610{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.611eed497e330ae32021-12-21 10:29:49.610root 11241100x8000000000000000361137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.611{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a4cd4f8eb73bb4d2021-12-21 10:29:49.611root 11241100x8000000000000000361138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.611{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d934827d94e338b12021-12-21 10:29:49.611root 11241100x8000000000000000361139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.611{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9756e3a4ac19cc982021-12-21 10:29:49.611root 11241100x8000000000000000361140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.612{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5822ae83fd76362021-12-21 10:29:49.612root 11241100x8000000000000000361141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.612{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d3f335e311fd7192021-12-21 10:29:49.612root 11241100x8000000000000000361142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.612{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71bf5d3247d6c7862021-12-21 10:29:49.612root 11241100x8000000000000000361143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.612{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.901915bc1945f0692021-12-21 10:29:49.612root 11241100x8000000000000000361144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.613{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4560858fc4d4e7ef2021-12-21 10:29:49.613root 11241100x8000000000000000361145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.613{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09045d1ec5c46202021-12-21 10:29:49.613root 11241100x8000000000000000361146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.613{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f4e1dd3f088d9b2021-12-21 10:29:49.613root 11241100x8000000000000000361147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.613{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead237dfaa01f6932021-12-21 10:29:49.613root 11241100x8000000000000000361148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.614{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ca7627fc92f512a2021-12-21 10:29:49.614root 11241100x8000000000000000361149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.614{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae81f7e40ebcf4f2021-12-21 10:29:49.614root 11241100x8000000000000000361150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.614{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029d40eb6fc7da7a2021-12-21 10:29:49.614root 11241100x8000000000000000361151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.614{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e241b8637e699942021-12-21 10:29:49.614root 11241100x8000000000000000361152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.614{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ceaef69b0a97a222021-12-21 10:29:49.614root 11241100x8000000000000000361153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.615{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e69469cad2c10882021-12-21 10:29:49.615root 11241100x8000000000000000361154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.615{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28a123166f1b30182021-12-21 10:29:49.615root 11241100x8000000000000000361155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.615{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff05ec06dffb8152021-12-21 10:29:49.615root 11241100x8000000000000000361156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.615{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3185a48998b4a22021-12-21 10:29:49.615root 11241100x8000000000000000361157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.615{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df265c7a3c94efb2021-12-21 10:29:49.615root 11241100x8000000000000000361158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.616{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.446898d700a0564e2021-12-21 10:29:49.616root 11241100x8000000000000000361159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.616{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d9a45267a7b7712021-12-21 10:29:49.616root 11241100x8000000000000000361160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.616{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f04199f349a73d082021-12-21 10:29:49.616root 11241100x8000000000000000361161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.616{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb36c1b4019cef5c2021-12-21 10:29:49.616root 11241100x8000000000000000361162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.616{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a095dab984217f492021-12-21 10:29:49.616root 11241100x8000000000000000361163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.616{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2437c7edea47230d2021-12-21 10:29:49.616root 11241100x8000000000000000361164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.617{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa144649c716e3102021-12-21 10:29:49.617root 11241100x8000000000000000361165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.617{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6514b0ae73790b1c2021-12-21 10:29:49.617root 11241100x8000000000000000361166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.617{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b362a6ed6e9a3ec82021-12-21 10:29:49.617root 11241100x8000000000000000361167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.617{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aff4181ee3c66c32021-12-21 10:29:49.617root 11241100x8000000000000000361168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.618{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef222502053c7de2021-12-21 10:29:49.618root 11241100x8000000000000000361169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.618{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6981042b386244932021-12-21 10:29:49.618root 11241100x8000000000000000361170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.618{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e10690ddd9be4ac2021-12-21 10:29:49.618root 11241100x8000000000000000361171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.618{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.565629fe46ba3dd52021-12-21 10:29:49.618root 11241100x8000000000000000361172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.618{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00ecf3b6db6ac1f2021-12-21 10:29:49.618root 11241100x8000000000000000361173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.619{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd6a12d5b0b327a2021-12-21 10:29:49.619root 154100x8000000000000000361174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.747{ec2b6afe-ac9d-61c1-18a5-99dade550000}5713/usr/bin/snap-----/usr/bin/snap advise-snap --format=json --command nno/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-ac9d-61c1-303c-7b0000000000}5712/usr/bin/python3.6/usr/bin/python3ubuntu 534500x8000000000000000361175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.761{ec2b6afe-ac9d-61c1-18a5-99dade550000}5713/usr/bin/snapubuntu 534500x8000000000000000361176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.761{ec2b6afe-ac9d-61c1-18a5-99dade550000}5713/usr/bin/snapubuntu 534500x8000000000000000361177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.761{ec2b6afe-ac9d-61c1-18a5-99dade550000}5713/usr/bin/snapubuntu 534500x8000000000000000361178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.761{ec2b6afe-ac9d-61c1-18a5-99dade550000}5713/usr/bin/snapubuntu 534500x8000000000000000361179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.761{ec2b6afe-ac9d-61c1-18a5-99dade550000}5713/usr/bin/snapubuntu 154100x8000000000000000361180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.747{ec2b6afe-ac9d-61c1-a44c-cf3b56550000}5713/snap/snapd/14066/usr/bin/snap-----/usr/bin/snap advise-snap --format=json --command nno/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-ac9d-61c1-303c-7b0000000000}5712/usr/bin/python3.6/usr/bin/python3ubuntu 534500x8000000000000000361181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.776{ec2b6afe-ac9d-61c1-a44c-cf3b56550000}5713/snap/snapd/14066/usr/bin/snapubuntu 534500x8000000000000000361182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.776{ec2b6afe-ac9d-61c1-a44c-cf3b56550000}5713/snap/snapd/14066/usr/bin/snapubuntu 534500x8000000000000000361183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.776{ec2b6afe-ac9d-61c1-a44c-cf3b56550000}5713/snap/snapd/14066/usr/bin/snapubuntu 534500x8000000000000000361184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.776{ec2b6afe-ac9d-61c1-a44c-cf3b56550000}5713/snap/snapd/14066/usr/bin/snapubuntu 534500x8000000000000000361185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.776{ec2b6afe-ac9d-61c1-a44c-cf3b56550000}5713/snap/snapd/14066/usr/bin/snapubuntu 534500x8000000000000000361186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.776{ec2b6afe-ac9d-61c1-a44c-cf3b56550000}5713/snap/snapd/14066/usr/bin/snapubuntu 534500x8000000000000000361187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.776{ec2b6afe-ac9d-61c1-a44c-cf3b56550000}5713/snap/snapd/14066/usr/bin/snapubuntu 534500x8000000000000000361188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.777{ec2b6afe-ac9d-61c1-a44c-cf3b56550000}5713/snap/snapd/14066/usr/bin/snapubuntu 534500x8000000000000000361189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.887{ec2b6afe-ac9d-61c1-303c-7b0000000000}5712/usr/bin/python3.6ubuntu 534500x8000000000000000361190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.887{ec2b6afe-ac9d-61c1-0000-000000000000}5711-ubuntu 11241100x8000000000000000361191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.888{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e97dc19405b565a2021-12-21 10:29:49.888root 11241100x8000000000000000361192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.888{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354ec1aea1b047382021-12-21 10:29:49.888root 11241100x8000000000000000361193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.888{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08609967075749ad2021-12-21 10:29:49.888root 11241100x8000000000000000361194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.889{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a38c8df3730ef52021-12-21 10:29:49.889root 11241100x8000000000000000361195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.889{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b82dee3b869d8b172021-12-21 10:29:49.889root 11241100x8000000000000000361196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.889{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402cefee733577782021-12-21 10:29:49.889root 11241100x8000000000000000361197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.890{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22bfc9b462ec68e2021-12-21 10:29:49.890root 11241100x8000000000000000361198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.890{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17a71666e9e1b4ff2021-12-21 10:29:49.890root 11241100x8000000000000000361199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.890{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e217d3fa62a611b82021-12-21 10:29:49.890root 11241100x8000000000000000361200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.890{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098ec12d23ec87542021-12-21 10:29:49.890root 11241100x8000000000000000361201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.890{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da57e3e36fd545f2021-12-21 10:29:49.890root 11241100x8000000000000000361202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.890{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f7ea15f92951da2021-12-21 10:29:49.890root 11241100x8000000000000000361203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.890{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955b76ee44d989f72021-12-21 10:29:49.890root 11241100x8000000000000000361204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.891{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69bb11887bb1863a2021-12-21 10:29:49.891root 11241100x8000000000000000361205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.891{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f76625d4419ea5402021-12-21 10:29:49.891root 11241100x8000000000000000361206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.891{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b42b29c5a826fa02021-12-21 10:29:49.891root 11241100x8000000000000000361207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.891{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35e12df0ca897afb2021-12-21 10:29:49.891root 11241100x8000000000000000361208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.892{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ffaf0df350eb56d2021-12-21 10:29:49.892root 11241100x8000000000000000361209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.892{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9148b06936f423822021-12-21 10:29:49.892root 11241100x8000000000000000361210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.892{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2a8fae9a574f9c2021-12-21 10:29:49.892root 11241100x8000000000000000361211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.892{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e500eb82ba97d12021-12-21 10:29:49.892root 11241100x8000000000000000361212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.892{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.171fbfcea44291db2021-12-21 10:29:49.892root 11241100x8000000000000000361213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.892{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6d195b69cd459b2021-12-21 10:29:49.892root 11241100x8000000000000000361214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.892{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f7dda21fc90d4602021-12-21 10:29:49.892root 11241100x8000000000000000361215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.892{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d913d82fa3d0c4452021-12-21 10:29:49.892root 11241100x8000000000000000361216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.892{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ff86d52ea386e3e2021-12-21 10:29:49.892root 11241100x8000000000000000361217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.892{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19ef92ea3f08784c2021-12-21 10:29:49.892root 11241100x8000000000000000361218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.893{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbd1356724d803092021-12-21 10:29:49.893root 11241100x8000000000000000361219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.893{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec38fe93be9b2a02021-12-21 10:29:49.893root 11241100x8000000000000000361220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.893{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad2825a4ecad5fd2021-12-21 10:29:49.893root 11241100x8000000000000000361221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.893{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42e8dde4f6e94582021-12-21 10:29:49.893root 11241100x8000000000000000361222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.893{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf67a432b186d7132021-12-21 10:29:49.893root 11241100x8000000000000000361223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.893{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11ad57d9eadf685a2021-12-21 10:29:49.893root 11241100x8000000000000000361224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.893{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79456610ebe81592021-12-21 10:29:49.893root 11241100x8000000000000000361225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.893{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f6914104d1d5222021-12-21 10:29:49.893root 11241100x8000000000000000361226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.893{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f7fbafdb9041da12021-12-21 10:29:49.893root 11241100x8000000000000000361227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.893{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff989f229c6386512021-12-21 10:29:49.893root 11241100x8000000000000000361228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.893{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e1f41956f664952021-12-21 10:29:49.893root 11241100x8000000000000000361229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.894{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc40c65f7bbf63e12021-12-21 10:29:49.894root 11241100x8000000000000000361230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.894{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84b22a5e45d77b92021-12-21 10:29:49.894root 11241100x8000000000000000361231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.894{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a7ee4dc14c5d6e22021-12-21 10:29:49.894root 11241100x8000000000000000361232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.894{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59ca6c1acfa9aed32021-12-21 10:29:49.894root 11241100x8000000000000000361233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.894{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33dd570bb02030e2021-12-21 10:29:49.894root 11241100x8000000000000000361234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.894{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c1962daa65156c2021-12-21 10:29:49.894root 11241100x8000000000000000361235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.894{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ca998b61b46c6d2021-12-21 10:29:49.894root 11241100x8000000000000000361236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.894{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43327f9ffd265db2021-12-21 10:29:49.894root 11241100x8000000000000000361237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.894{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9122e0265e689af2021-12-21 10:29:49.894root 11241100x8000000000000000361238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.895{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887ea5cb56e80a5f2021-12-21 10:29:49.895root 11241100x8000000000000000361239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.895{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e631dd41dc846b9b2021-12-21 10:29:49.895root 11241100x8000000000000000361240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.895{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4352954b8d7f26242021-12-21 10:29:49.895root 11241100x8000000000000000361241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.895{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a0979390172fb5a2021-12-21 10:29:49.895root 11241100x8000000000000000361242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.895{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a30d2c04ad8ae92021-12-21 10:29:49.895root 11241100x8000000000000000361243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.895{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a941bb9c13c22f2021-12-21 10:29:49.895root 11241100x8000000000000000361244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.895{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed5df005f7037692021-12-21 10:29:49.895root 11241100x8000000000000000361245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.895{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c38962d5b2709e2021-12-21 10:29:49.895root 11241100x8000000000000000361246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.895{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8800cf8b9a21672021-12-21 10:29:49.895root 11241100x8000000000000000361247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.896{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407b82f6e98d3b2f2021-12-21 10:29:49.896root 11241100x8000000000000000361248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.896{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34d4b9d67975452f2021-12-21 10:29:49.896root 11241100x8000000000000000361249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.896{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1daf2dfdb3a9b3512021-12-21 10:29:49.896root 11241100x8000000000000000361250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.896{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10b13ea27dd2d7222021-12-21 10:29:49.896root 11241100x8000000000000000361251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.896{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e8763ce17f8e67c2021-12-21 10:29:49.896root 11241100x8000000000000000361252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.896{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3a1bbfaa979c9072021-12-21 10:29:49.896root 11241100x8000000000000000361253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.896{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feeb779588b8af3e2021-12-21 10:29:49.896root 11241100x8000000000000000361254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.896{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dfbfa06eb287efb2021-12-21 10:29:49.896root 11241100x8000000000000000361255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.896{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e02f02bc2e22b82021-12-21 10:29:49.896root 11241100x8000000000000000361256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.896{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035ff5011e0e61a82021-12-21 10:29:49.896root 11241100x8000000000000000361257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.897{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e716deef53d14352021-12-21 10:29:49.897root 11241100x8000000000000000361258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.897{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa311f610c1d31732021-12-21 10:29:49.897root 11241100x8000000000000000361259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.897{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cfe397fb73681282021-12-21 10:29:49.897root 11241100x8000000000000000361260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.897{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30311090c2f41982021-12-21 10:29:49.897root 11241100x8000000000000000361261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.897{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b52b5d676fbd54c2021-12-21 10:29:49.897root 11241100x8000000000000000361262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.897{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8696ac0bc63a0ead2021-12-21 10:29:49.897root 11241100x8000000000000000361263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.898{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27eddf09edcb42b2021-12-21 10:29:49.898root 11241100x8000000000000000361264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.898{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1f7233dae4cdd7e2021-12-21 10:29:49.898root 11241100x8000000000000000361265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.898{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52ece4fd6b6dd9342021-12-21 10:29:49.898root 11241100x8000000000000000361266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.898{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2de77b2c057dadc52021-12-21 10:29:49.898root 11241100x8000000000000000361267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.898{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6263e9c27e0c9c4f2021-12-21 10:29:49.898root 11241100x8000000000000000361268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.898{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa22dd07ddbdefd82021-12-21 10:29:49.898root 11241100x8000000000000000361269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.898{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83e16a9540d0f2a2021-12-21 10:29:49.898root 11241100x8000000000000000361270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.898{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.588313c9636b23a82021-12-21 10:29:49.898root 11241100x8000000000000000361271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.899{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d52212f3c337a722021-12-21 10:29:49.899root 11241100x8000000000000000361272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.899{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1af79cea24e4d5542021-12-21 10:29:49.899root 11241100x8000000000000000361273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.899{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008eac24eef592982021-12-21 10:29:49.899root 11241100x8000000000000000361274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.899{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df7c7bac5c6f7ce2021-12-21 10:29:49.899root 11241100x8000000000000000361275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.899{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc0e5501821d4972021-12-21 10:29:49.899root 11241100x8000000000000000361276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.899{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0362bbd1ac66352021-12-21 10:29:49.899root 11241100x8000000000000000361277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.899{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ee4b60de04230f2021-12-21 10:29:49.899root 11241100x8000000000000000361278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.899{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df55bb6f7c04a062021-12-21 10:29:49.899root 11241100x8000000000000000361279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.899{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69a5797577a09282021-12-21 10:29:49.899root 11241100x8000000000000000361280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.899{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3c970e00e858432021-12-21 10:29:49.899root 11241100x8000000000000000361281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.900{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50180e4ef5c6d9732021-12-21 10:29:49.900root 11241100x8000000000000000361282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.900{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf6cbecdb3b4ba22021-12-21 10:29:49.900root 11241100x8000000000000000361283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.900{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe57077a4e208672021-12-21 10:29:49.900root 11241100x8000000000000000361284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.900{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1d8156742257e42021-12-21 10:29:49.900root 11241100x8000000000000000361285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.900{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5370b796bd74bfa2021-12-21 10:29:49.900root 11241100x8000000000000000361286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.900{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a2f9775c2a3b5a2021-12-21 10:29:49.900root 11241100x8000000000000000361287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.900{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18649588104870d82021-12-21 10:29:49.900root 11241100x8000000000000000361288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.900{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e2f9dfd6ab0ebe52021-12-21 10:29:49.900root 11241100x8000000000000000361289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.901{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf1b34c31e9c6a8f2021-12-21 10:29:49.901root 11241100x8000000000000000361290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.901{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69889990426ed2c92021-12-21 10:29:49.901root 11241100x8000000000000000361291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:49.901{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b5c2ef7255e9f92021-12-21 10:29:49.901root 11241100x8000000000000000361292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4432847cd3f48ef52021-12-21 10:29:50.193root 11241100x8000000000000000361293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af08211bf8607e12021-12-21 10:29:50.194root 11241100x8000000000000000361294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f695668ba3868e6e2021-12-21 10:29:50.194root 11241100x8000000000000000361295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66666d7641f9f3972021-12-21 10:29:50.194root 11241100x8000000000000000361296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224ca852251409792021-12-21 10:29:50.194root 11241100x8000000000000000361297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c43145b9c47bf7dd2021-12-21 10:29:50.195root 11241100x8000000000000000361298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4204541ebf83d1d2021-12-21 10:29:50.195root 11241100x8000000000000000361299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c868b44e9567cbd2021-12-21 10:29:50.195root 11241100x8000000000000000361300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b4f3c702b465582021-12-21 10:29:50.195root 11241100x8000000000000000361301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fabc7dbf6395f74a2021-12-21 10:29:50.195root 11241100x8000000000000000361302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fda6bd987da138b2021-12-21 10:29:50.195root 11241100x8000000000000000361303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37532ec10249c8132021-12-21 10:29:50.195root 11241100x8000000000000000361304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75c204e074820d222021-12-21 10:29:50.196root 11241100x8000000000000000361305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ed0ee1f2f5b3b02021-12-21 10:29:50.196root 11241100x8000000000000000361306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c800b729c83e76732021-12-21 10:29:50.196root 11241100x8000000000000000361307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf0eb77e2fa6888b2021-12-21 10:29:50.196root 11241100x8000000000000000361308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b2156663e4c799b2021-12-21 10:29:50.196root 11241100x8000000000000000361309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1818063f3bbbb4e2021-12-21 10:29:50.196root 11241100x8000000000000000361310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1171fcac72a772e72021-12-21 10:29:50.196root 11241100x8000000000000000361311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b648993d2381c542021-12-21 10:29:50.196root 11241100x8000000000000000361312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a25cf14f189ad332021-12-21 10:29:50.196root 11241100x8000000000000000361313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7c0cfdcffa483a2021-12-21 10:29:50.197root 11241100x8000000000000000361314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e33a7677bbbd412021-12-21 10:29:50.197root 11241100x8000000000000000361315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62668fc6c8e9069f2021-12-21 10:29:50.197root 11241100x8000000000000000361316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a83777d8197dc692021-12-21 10:29:50.197root 11241100x8000000000000000361317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fa54e44bfa602e2021-12-21 10:29:50.197root 11241100x8000000000000000361318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d896146403e59f3e2021-12-21 10:29:50.197root 11241100x8000000000000000361319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139453772e0cd8722021-12-21 10:29:50.197root 11241100x8000000000000000361320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1f63de6dd010392021-12-21 10:29:50.197root 11241100x8000000000000000361321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83db64e43579b01a2021-12-21 10:29:50.197root 11241100x8000000000000000361322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a280b0ae7ce49c812021-12-21 10:29:50.198root 11241100x8000000000000000361323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90369e01ef4a2e1d2021-12-21 10:29:50.198root 11241100x8000000000000000361324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c1c5dd1322b06b2021-12-21 10:29:50.198root 11241100x8000000000000000361325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd487021929b45b32021-12-21 10:29:50.198root 11241100x8000000000000000361326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c2131e0d963f36f2021-12-21 10:29:50.198root 11241100x8000000000000000361327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9c80df334b31d62021-12-21 10:29:50.199root 11241100x8000000000000000361328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.babfdafb4d3ce2352021-12-21 10:29:50.199root 11241100x8000000000000000361329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65bd92fdb2c2c69c2021-12-21 10:29:50.199root 11241100x8000000000000000361330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b5e4ac63d9b8b022021-12-21 10:29:50.199root 11241100x8000000000000000361331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e436a0a1e07c7b2021-12-21 10:29:50.200root 11241100x8000000000000000361332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a40f6961918cd3fe2021-12-21 10:29:50.200root 11241100x8000000000000000361333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.150d6d8b00fc48042021-12-21 10:29:50.200root 11241100x8000000000000000361334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb153649a958f982021-12-21 10:29:50.201root 11241100x8000000000000000361335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9772cf7893e4752021-12-21 10:29:50.201root 11241100x8000000000000000361336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60c3dcc339a945f42021-12-21 10:29:50.201root 11241100x8000000000000000361337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b83233df942014d2021-12-21 10:29:50.201root 11241100x8000000000000000361338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167781c31b4c01092021-12-21 10:29:50.201root 11241100x8000000000000000361339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.165d37eece6528082021-12-21 10:29:50.201root 11241100x8000000000000000361340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0180a2f855f5d22021-12-21 10:29:50.202root 11241100x8000000000000000361341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3747c614e42eb3da2021-12-21 10:29:50.202root 11241100x8000000000000000361342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739b94e4b3c64f842021-12-21 10:29:50.202root 11241100x8000000000000000361343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9903b75cca21562021-12-21 10:29:50.202root 11241100x8000000000000000361344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.632ba98c473186682021-12-21 10:29:50.202root 11241100x8000000000000000361345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5af269c2500049c72021-12-21 10:29:50.202root 11241100x8000000000000000361346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9669a477c9bf9e782021-12-21 10:29:50.203root 11241100x8000000000000000361347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b680ca0bc963ffa2021-12-21 10:29:50.203root 11241100x8000000000000000361348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95867a1a39ea21a2021-12-21 10:29:50.203root 11241100x8000000000000000361349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e68d0dfac650a12021-12-21 10:29:50.203root 11241100x8000000000000000361350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a232b45b5e3448df2021-12-21 10:29:50.203root 11241100x8000000000000000361351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6376c1644423df922021-12-21 10:29:50.204root 11241100x8000000000000000361352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e34f5d2bbbf03882021-12-21 10:29:50.204root 11241100x8000000000000000361353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13566e8bcd4d0882021-12-21 10:29:50.204root 11241100x8000000000000000361354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c27f10bc9baf9d842021-12-21 10:29:50.204root 11241100x8000000000000000361355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8920693dcb9efb032021-12-21 10:29:50.204root 11241100x8000000000000000361356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d389800cfaccf22021-12-21 10:29:50.205root 11241100x8000000000000000361357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36dd4dc4d029c8242021-12-21 10:29:50.205root 11241100x8000000000000000361358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890bf9420cde36db2021-12-21 10:29:50.205root 11241100x8000000000000000361359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21dc6c893e4dc4402021-12-21 10:29:50.205root 11241100x8000000000000000361360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75313a374e5c02fa2021-12-21 10:29:50.205root 11241100x8000000000000000361361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f279357e4f7c14152021-12-21 10:29:50.206root 11241100x8000000000000000361362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b3f9f34b3f078ba2021-12-21 10:29:50.206root 11241100x8000000000000000361363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c41e2caa4e92979c2021-12-21 10:29:50.206root 11241100x8000000000000000361364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48c96187215225432021-12-21 10:29:50.206root 11241100x8000000000000000361365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c24989b475592682021-12-21 10:29:50.206root 11241100x8000000000000000361366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08e1eb4aa72f5a9e2021-12-21 10:29:50.207root 11241100x8000000000000000361367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131761f62eced7b62021-12-21 10:29:50.207root 11241100x8000000000000000361368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e6af90d04da69c52021-12-21 10:29:50.207root 11241100x8000000000000000361369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2330db1d26261c2021-12-21 10:29:50.207root 11241100x8000000000000000361370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15501c9c2dbdacf2021-12-21 10:29:50.207root 11241100x8000000000000000361371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64fb6486c1ed0d822021-12-21 10:29:50.208root 11241100x8000000000000000361372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d68e52fe581e792021-12-21 10:29:50.208root 11241100x8000000000000000361373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2fd1de9dc935e512021-12-21 10:29:50.208root 11241100x8000000000000000361374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b32b0b87d6a3c46d2021-12-21 10:29:50.208root 11241100x8000000000000000361375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0525693f5607a8222021-12-21 10:29:50.208root 11241100x8000000000000000361376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.852e6e18267ba0062021-12-21 10:29:50.208root 11241100x8000000000000000361377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d432d72a4b1bd2442021-12-21 10:29:50.208root 11241100x8000000000000000361378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9229502b6a01132021-12-21 10:29:50.208root 11241100x8000000000000000361379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33c0ca88786db6c2021-12-21 10:29:50.208root 11241100x8000000000000000361380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d556120d7a22a2122021-12-21 10:29:50.209root 11241100x8000000000000000361381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68964157eb69c7eb2021-12-21 10:29:50.209root 11241100x8000000000000000361382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983004163f8023cb2021-12-21 10:29:50.209root 11241100x8000000000000000361383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174e019e12bf6a572021-12-21 10:29:50.209root 11241100x8000000000000000361384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd1ce6d2ed11b512021-12-21 10:29:50.209root 11241100x8000000000000000361385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3156d5897c17d65e2021-12-21 10:29:50.209root 11241100x8000000000000000361386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d887effe7bf7f92021-12-21 10:29:50.210root 11241100x8000000000000000361387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0520f76da69b4daf2021-12-21 10:29:50.210root 11241100x8000000000000000361388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b612a0139beffc42021-12-21 10:29:50.210root 11241100x8000000000000000361389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585ea7b1058291cc2021-12-21 10:29:50.210root 11241100x8000000000000000361390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f992aa7b08a9e5522021-12-21 10:29:50.210root 11241100x8000000000000000361391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5556ed16791770652021-12-21 10:29:50.211root 11241100x8000000000000000361392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85c412ed947efbb2021-12-21 10:29:50.211root 11241100x8000000000000000361393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5cad6d492e2016e2021-12-21 10:29:50.211root 11241100x8000000000000000361394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d556bf4869c548af2021-12-21 10:29:50.211root 11241100x8000000000000000361395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c41a5718f228512021-12-21 10:29:50.212root 11241100x8000000000000000361396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eeb3d1aae4034be2021-12-21 10:29:50.212root 11241100x8000000000000000361397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7acb55436a7fb0be2021-12-21 10:29:50.212root 11241100x8000000000000000361398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c5f43e4cc451ae2021-12-21 10:29:50.213root 11241100x8000000000000000361399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5d386a61d92b382021-12-21 10:29:50.213root 11241100x8000000000000000361400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8a1a702f16a54e2021-12-21 10:29:50.213root 11241100x8000000000000000361401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b47d92024fd779d32021-12-21 10:29:50.213root 11241100x8000000000000000361402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b4d87cff68e94582021-12-21 10:29:50.214root 11241100x8000000000000000361403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f00daa5507e3d5e42021-12-21 10:29:50.214root 11241100x8000000000000000361404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ffbb18c1c8ef7b2021-12-21 10:29:50.214root 11241100x8000000000000000361405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ab6523aa38751d2021-12-21 10:29:50.214root 11241100x8000000000000000361406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd8dbd9c39e75d32021-12-21 10:29:50.215root 11241100x8000000000000000361407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca96006af00aadaa2021-12-21 10:29:50.215root 11241100x8000000000000000361408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334cb2525b7148e32021-12-21 10:29:50.215root 11241100x8000000000000000361409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e293223a7785cc92021-12-21 10:29:50.215root 11241100x8000000000000000361410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e288c29c62cd7a402021-12-21 10:29:50.215root 11241100x8000000000000000361411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980992ad8e5ebcc42021-12-21 10:29:50.216root 11241100x8000000000000000361412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c36c094a86f2e602021-12-21 10:29:50.216root 11241100x8000000000000000361413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.705cdcb0211cff232021-12-21 10:29:50.216root 11241100x8000000000000000361414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2ea283da7e6c6d02021-12-21 10:29:50.216root 11241100x8000000000000000361415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8412987a78b7f8762021-12-21 10:29:50.217root 11241100x8000000000000000361416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b57b36a4b55c112021-12-21 10:29:50.217root 11241100x8000000000000000361417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf673439edeb4b42021-12-21 10:29:50.217root 11241100x8000000000000000361418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c375d4a71344471e2021-12-21 10:29:50.217root 11241100x8000000000000000361419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984786633b0d93722021-12-21 10:29:50.218root 11241100x8000000000000000361420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0187a3f7fa560942021-12-21 10:29:50.218root 11241100x8000000000000000361421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c38b18acf974f5ae2021-12-21 10:29:50.218root 11241100x8000000000000000361422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5096d724a20fdeb62021-12-21 10:29:50.219root 11241100x8000000000000000361423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ee117a91543ede2021-12-21 10:29:50.219root 11241100x8000000000000000361424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd7a4c9577079d22021-12-21 10:29:50.219root 11241100x8000000000000000361425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.292c1e042b5620bd2021-12-21 10:29:50.219root 11241100x8000000000000000361426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61392a5fa474a7bc2021-12-21 10:29:50.220root 11241100x8000000000000000361427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5df9cfd3a7033da2021-12-21 10:29:50.220root 11241100x8000000000000000361428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.220{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07083e377b3a935f2021-12-21 10:29:50.220root 11241100x8000000000000000361429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde59008b606af9f2021-12-21 10:29:50.221root 11241100x8000000000000000361430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c78fbb4ea5f4fd2f2021-12-21 10:29:50.221root 11241100x8000000000000000361431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e36d224e45f851b2021-12-21 10:29:50.221root 11241100x8000000000000000361432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.221{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7e91a595812070f2021-12-21 10:29:50.221root 11241100x8000000000000000361433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f210a89df3d04e62021-12-21 10:29:50.222root 11241100x8000000000000000361434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c61da295e41d7302021-12-21 10:29:50.222root 11241100x8000000000000000361435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.563c4c083c02337c2021-12-21 10:29:50.222root 11241100x8000000000000000361436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.222{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7252d20935a637c2021-12-21 10:29:50.222root 11241100x8000000000000000361437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2b41077c6e603e2021-12-21 10:29:50.223root 11241100x8000000000000000361438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.223{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd56e5b1a8f4f6132021-12-21 10:29:50.223root 11241100x8000000000000000361439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6be4cfaee307edf2021-12-21 10:29:50.224root 11241100x8000000000000000361440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.224{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.535b72a846c9d2d32021-12-21 10:29:50.224root 11241100x8000000000000000361441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.225{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e655e1dbd7d1688b2021-12-21 10:29:50.225root 11241100x8000000000000000361442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.227{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf792787615101112021-12-21 10:29:50.227root 11241100x8000000000000000361443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a2bb11577fcc7262021-12-21 10:29:50.228root 11241100x8000000000000000361444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.228{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30aa2f67e90078182021-12-21 10:29:50.228root 11241100x8000000000000000361445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f2a7a4a12d16212021-12-21 10:29:50.229root 11241100x8000000000000000361446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.229{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b15b6e9531eca142021-12-21 10:29:50.229root 11241100x8000000000000000361447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66a5eb19e26d8ea2021-12-21 10:29:50.230root 11241100x8000000000000000361448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d3b42235713fc62021-12-21 10:29:50.230root 11241100x8000000000000000361449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.230{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf01373543b0a162021-12-21 10:29:50.230root 11241100x8000000000000000361450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0e5b82fce99fb492021-12-21 10:29:50.231root 11241100x8000000000000000361451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91721913d966d8712021-12-21 10:29:50.231root 11241100x8000000000000000361452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.231{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45a6b9b421b2a102021-12-21 10:29:50.231root 11241100x8000000000000000361453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19f1c2014a552572021-12-21 10:29:50.232root 11241100x8000000000000000361454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5467110544d05b72021-12-21 10:29:50.232root 11241100x8000000000000000361455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c56b8575b7cdc02021-12-21 10:29:50.232root 11241100x8000000000000000361456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.232{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49942c088f004a2d2021-12-21 10:29:50.232root 11241100x8000000000000000361457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd8dd9ddfae7d102021-12-21 10:29:50.233root 11241100x8000000000000000361458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f3f5275fc617fd2021-12-21 10:29:50.233root 11241100x8000000000000000361459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9dc19b92bfa0d522021-12-21 10:29:50.233root 11241100x8000000000000000361460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47ec8da1689da112021-12-21 10:29:50.233root 11241100x8000000000000000361461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.233{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c28cdd7458324de12021-12-21 10:29:50.233root 11241100x8000000000000000361462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b6830bdd1688ec2021-12-21 10:29:50.234root 11241100x8000000000000000361463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a5faadad1bb7a32021-12-21 10:29:50.234root 11241100x8000000000000000361464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.234{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b062e286fb76f9812021-12-21 10:29:50.234root 11241100x8000000000000000361465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fae76aafe16354e52021-12-21 10:29:50.235root 11241100x8000000000000000361466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.644fe4b62541996b2021-12-21 10:29:50.235root 11241100x8000000000000000361467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e2db1cb5bfae152021-12-21 10:29:50.235root 11241100x8000000000000000361468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.862ee424baf5885e2021-12-21 10:29:50.235root 11241100x8000000000000000361469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff309c684c4addf92021-12-21 10:29:50.235root 11241100x8000000000000000361470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40672f7498aa94322021-12-21 10:29:50.235root 11241100x8000000000000000361471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.235{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39474a64b929258b2021-12-21 10:29:50.235root 11241100x8000000000000000361472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58edec5c37f508832021-12-21 10:29:50.236root 11241100x8000000000000000361473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8dfa8730a5fbf2e2021-12-21 10:29:50.236root 11241100x8000000000000000361474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bacd98a1ccead0282021-12-21 10:29:50.236root 11241100x8000000000000000361475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bd6c90fdaadad4b2021-12-21 10:29:50.236root 11241100x8000000000000000361476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8311ccc64b69f32021-12-21 10:29:50.236root 11241100x8000000000000000361477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecb09226a4fa59a2021-12-21 10:29:50.236root 11241100x8000000000000000361478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1117e5535896f57c2021-12-21 10:29:50.236root 11241100x8000000000000000361479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55154c13b54dacac2021-12-21 10:29:50.236root 11241100x8000000000000000361480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9bb2f4e794b87da2021-12-21 10:29:50.236root 11241100x8000000000000000361481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84da9de777f3ff7a2021-12-21 10:29:50.236root 11241100x8000000000000000361482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b0a4e24129b1c572021-12-21 10:29:50.236root 11241100x8000000000000000361483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.628809a22ebc21ca2021-12-21 10:29:50.236root 11241100x8000000000000000361484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.236{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.937362538ccc0a7a2021-12-21 10:29:50.236root 11241100x8000000000000000361485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e832fc12a94670c82021-12-21 10:29:50.237root 11241100x8000000000000000361486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2aa9d7ff60ef20a2021-12-21 10:29:50.237root 11241100x8000000000000000361487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1625e09e36feb1b2021-12-21 10:29:50.237root 11241100x8000000000000000361488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f738902f87a70a2021-12-21 10:29:50.237root 11241100x8000000000000000361489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50ac259720845ade2021-12-21 10:29:50.237root 11241100x8000000000000000361490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79360a7e7ae8ca772021-12-21 10:29:50.237root 11241100x8000000000000000361491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d4d66fa0e9830202021-12-21 10:29:50.237root 11241100x8000000000000000361492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96f8d1db704462332021-12-21 10:29:50.237root 11241100x8000000000000000361493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1e0606ce074aa12021-12-21 10:29:50.237root 11241100x8000000000000000361494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.237{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8d28144ebb85582021-12-21 10:29:50.237root 11241100x8000000000000000361495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22de6e2f1eeea24c2021-12-21 10:29:50.238root 11241100x8000000000000000361496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46d55a12b7e383cc2021-12-21 10:29:50.238root 11241100x8000000000000000361497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb87eb24c13e6c82021-12-21 10:29:50.238root 11241100x8000000000000000361498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a0d1aba951652752021-12-21 10:29:50.238root 11241100x8000000000000000361499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687568f8490334a92021-12-21 10:29:50.238root 11241100x8000000000000000361500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.238{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff58859ceb00f8242021-12-21 10:29:50.238root 11241100x8000000000000000361501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34687e177d0e11212021-12-21 10:29:50.239root 11241100x8000000000000000361502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9cb6c57786a7dd12021-12-21 10:29:50.239root 11241100x8000000000000000361503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4f63e1887e9bfbd2021-12-21 10:29:50.239root 11241100x8000000000000000361504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d716dfd5d1a3253e2021-12-21 10:29:50.239root 11241100x8000000000000000361505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1ae768d11eaeb32021-12-21 10:29:50.239root 11241100x8000000000000000361506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a1a3c15b7d50c0c2021-12-21 10:29:50.239root 11241100x8000000000000000361507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.130a095c227545362021-12-21 10:29:50.239root 11241100x8000000000000000361508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64102a684ff62f9a2021-12-21 10:29:50.239root 11241100x8000000000000000361509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52b13f95ab2a9ad02021-12-21 10:29:50.239root 11241100x8000000000000000361510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daff6bbc2bb340062021-12-21 10:29:50.239root 11241100x8000000000000000361511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.239{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75b89326c00f574b2021-12-21 10:29:50.239root 11241100x8000000000000000361512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd83d98753b9e392021-12-21 10:29:50.240root 11241100x8000000000000000361513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8443a16d43d5cbd42021-12-21 10:29:50.240root 11241100x8000000000000000361514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c027f61975e5bce92021-12-21 10:29:50.240root 11241100x8000000000000000361515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dc84cc8853539d62021-12-21 10:29:50.240root 11241100x8000000000000000361516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab1ee4bf93b5a89b2021-12-21 10:29:50.240root 11241100x8000000000000000361517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b14aa5cd4106eaf2021-12-21 10:29:50.240root 11241100x8000000000000000361518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.240{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d870a458e0f727f2021-12-21 10:29:50.240root 11241100x8000000000000000361519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2518f1c319e7dfa92021-12-21 10:29:50.241root 11241100x8000000000000000361520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3c843185d8c28042021-12-21 10:29:50.241root 11241100x8000000000000000361521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9932e4bb9e2603162021-12-21 10:29:50.241root 11241100x8000000000000000361522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80d8b55dc6663bb32021-12-21 10:29:50.241root 11241100x8000000000000000361523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8fa937a720c54bf2021-12-21 10:29:50.241root 11241100x8000000000000000361524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17bab555845c56db2021-12-21 10:29:50.241root 11241100x8000000000000000361525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.241{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79f93037301ab4902021-12-21 10:29:50.241root 11241100x8000000000000000361526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa8557a7d045e1182021-12-21 10:29:50.242root 11241100x8000000000000000361527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195f8717cf659b4d2021-12-21 10:29:50.242root 11241100x8000000000000000361528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908e16f7615b3f3d2021-12-21 10:29:50.242root 11241100x8000000000000000361529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c0a957e28cbad392021-12-21 10:29:50.242root 11241100x8000000000000000361530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daede10b5bf507af2021-12-21 10:29:50.242root 11241100x8000000000000000361531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.242{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831b5830bf90ffde2021-12-21 10:29:50.242root 11241100x8000000000000000361532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1a12f96ea8da4d2021-12-21 10:29:50.243root 11241100x8000000000000000361533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52028b82dbea1272021-12-21 10:29:50.243root 11241100x8000000000000000361534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3151c00a61e1f2432021-12-21 10:29:50.243root 11241100x8000000000000000361535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa2740bd643848e2021-12-21 10:29:50.243root 11241100x8000000000000000361536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e861087615d414772021-12-21 10:29:50.243root 11241100x8000000000000000361537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94fec114ff54c3962021-12-21 10:29:50.243root 11241100x8000000000000000361538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b66f3f2b0fb6c5ed2021-12-21 10:29:50.243root 11241100x8000000000000000361539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.243{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898f714e159c4f972021-12-21 10:29:50.243root 11241100x8000000000000000361540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388fb3dfa2d3476f2021-12-21 10:29:50.244root 11241100x8000000000000000361541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.000a60a4f8b181772021-12-21 10:29:50.244root 11241100x8000000000000000361542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97b5a246ee4422d2021-12-21 10:29:50.244root 11241100x8000000000000000361543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261aee1e29331c1d2021-12-21 10:29:50.244root 11241100x8000000000000000361544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aabcd723bdb1255c2021-12-21 10:29:50.244root 11241100x8000000000000000361545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.504ffb4d6d9abb252021-12-21 10:29:50.244root 11241100x8000000000000000361546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4264615580a9b2f82021-12-21 10:29:50.244root 11241100x8000000000000000361547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d322df4923e097892021-12-21 10:29:50.244root 11241100x8000000000000000361548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1d0a9523d56745c2021-12-21 10:29:50.244root 11241100x8000000000000000361549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e49f1e2fed3085c92021-12-21 10:29:50.244root 11241100x8000000000000000361550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.221284270301893b2021-12-21 10:29:50.244root 11241100x8000000000000000361551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f4d59414e37bcb22021-12-21 10:29:50.244root 11241100x8000000000000000361552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c806578db645e02c2021-12-21 10:29:50.244root 11241100x8000000000000000361553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.244{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d31ed6928638513b2021-12-21 10:29:50.244root 11241100x8000000000000000361554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9257c70132047d72021-12-21 10:29:50.245root 11241100x8000000000000000361555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e4045479acdb5d2021-12-21 10:29:50.245root 11241100x8000000000000000361556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed0afd478232b262021-12-21 10:29:50.245root 11241100x8000000000000000361557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4e969894c353a92021-12-21 10:29:50.245root 11241100x8000000000000000361558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf52f6558d8bcc772021-12-21 10:29:50.245root 11241100x8000000000000000361559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cc3f2a1beaa87482021-12-21 10:29:50.245root 11241100x8000000000000000361560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10ef9fa4380401a12021-12-21 10:29:50.245root 11241100x8000000000000000361561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fbd5f5fea5f55df2021-12-21 10:29:50.245root 11241100x8000000000000000361562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4806c566c67fd2b2021-12-21 10:29:50.245root 11241100x8000000000000000361563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7dd250021b038752021-12-21 10:29:50.245root 11241100x8000000000000000361564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4d888f9f138c4b2021-12-21 10:29:50.245root 11241100x8000000000000000361565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042e52c327caa59a2021-12-21 10:29:50.245root 11241100x8000000000000000361566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1c0666398d4b2632021-12-21 10:29:50.245root 11241100x8000000000000000361567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c9097c41f701db32021-12-21 10:29:50.245root 11241100x8000000000000000361568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.245{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0180b646c320233c2021-12-21 10:29:50.245root 11241100x8000000000000000361569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155b6a886555b0a92021-12-21 10:29:50.246root 11241100x8000000000000000361570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd1df49e987dccc2021-12-21 10:29:50.246root 11241100x8000000000000000361571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797e4acb2fb6e5a82021-12-21 10:29:50.246root 11241100x8000000000000000361572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d960d425a1f99a82021-12-21 10:29:50.246root 11241100x8000000000000000361573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9151f7b3f8f198c82021-12-21 10:29:50.246root 11241100x8000000000000000361574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66d255f9030274202021-12-21 10:29:50.246root 11241100x8000000000000000361575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db158b22d831f87d2021-12-21 10:29:50.246root 11241100x8000000000000000361576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4637d5bb806c6b492021-12-21 10:29:50.246root 11241100x8000000000000000361577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc117e0f548bf8222021-12-21 10:29:50.246root 11241100x8000000000000000361578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a36447f34d61c52021-12-21 10:29:50.246root 11241100x8000000000000000361579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.978de0587209e1e42021-12-21 10:29:50.246root 11241100x8000000000000000361580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.077578306e43dc812021-12-21 10:29:50.246root 11241100x8000000000000000361581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70fa738465b0dff22021-12-21 10:29:50.246root 11241100x8000000000000000361582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.246{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59d828822d41ffcd2021-12-21 10:29:50.246root 11241100x8000000000000000361583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2c83584cbd1c882021-12-21 10:29:50.247root 11241100x8000000000000000361584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11dd0a5fe59d093a2021-12-21 10:29:50.247root 11241100x8000000000000000361585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac351b9d61cdd5c2021-12-21 10:29:50.247root 11241100x8000000000000000361586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a34d6b612147f3d22021-12-21 10:29:50.247root 11241100x8000000000000000361587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b482df6e4eea7d6b2021-12-21 10:29:50.247root 11241100x8000000000000000361588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b78db33ee404ba2021-12-21 10:29:50.247root 11241100x8000000000000000361589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b767d9142b6b79e82021-12-21 10:29:50.247root 11241100x8000000000000000361590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd23a83bb4aea2a62021-12-21 10:29:50.247root 11241100x8000000000000000361591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.effc3907673f260f2021-12-21 10:29:50.247root 11241100x8000000000000000361592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b305fdecddaa5b7a2021-12-21 10:29:50.247root 11241100x8000000000000000361593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832a478af200e3e52021-12-21 10:29:50.247root 11241100x8000000000000000361594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43357b0e4758065e2021-12-21 10:29:50.247root 11241100x8000000000000000361595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.247{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e00c4891a84ca5382021-12-21 10:29:50.247root 11241100x8000000000000000361596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b65741f6e8927a42021-12-21 10:29:50.248root 11241100x8000000000000000361597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d95f146e4d30e72021-12-21 10:29:50.248root 11241100x8000000000000000361598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5f44ea3b7bc1b12021-12-21 10:29:50.248root 11241100x8000000000000000361599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b720df3cbf67ace02021-12-21 10:29:50.248root 11241100x8000000000000000361600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e6f01106c64e962021-12-21 10:29:50.248root 11241100x8000000000000000361601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01e465f4f690b94a2021-12-21 10:29:50.248root 11241100x8000000000000000361602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1c46b61963c1ce2021-12-21 10:29:50.248root 11241100x8000000000000000361603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117a611c9d8c082e2021-12-21 10:29:50.248root 11241100x8000000000000000361604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37bb92f8113c3c452021-12-21 10:29:50.248root 11241100x8000000000000000361605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.248{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7097ca89bec19642021-12-21 10:29:50.248root 11241100x8000000000000000361606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f82a16fbe60ec42021-12-21 10:29:50.249root 11241100x8000000000000000361607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a036fe40fd3fb072021-12-21 10:29:50.249root 11241100x8000000000000000361608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96496b678b05fb0c2021-12-21 10:29:50.249root 11241100x8000000000000000361609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235cd66d0deb45f72021-12-21 10:29:50.249root 11241100x8000000000000000361610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74292f9c439da4fb2021-12-21 10:29:50.249root 11241100x8000000000000000361611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efe4e6acca6294e72021-12-21 10:29:50.249root 11241100x8000000000000000361612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac5cd4d6b2dfadf82021-12-21 10:29:50.249root 11241100x8000000000000000361613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff2e433f206046ee2021-12-21 10:29:50.249root 11241100x8000000000000000361614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cc79a7dd420f9922021-12-21 10:29:50.249root 11241100x8000000000000000361615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2cb80cd81445b7d2021-12-21 10:29:50.249root 11241100x8000000000000000361616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e6071e7aeda0142021-12-21 10:29:50.249root 11241100x8000000000000000361617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02cb12455f052d7d2021-12-21 10:29:50.249root 11241100x8000000000000000361618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923ae40f03330b202021-12-21 10:29:50.249root 11241100x8000000000000000361619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1415750a37359b2021-12-21 10:29:50.249root 11241100x8000000000000000361620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.249{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded7a7cd1fa5c4a02021-12-21 10:29:50.249root 11241100x8000000000000000361621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7274f4ad60cc252021-12-21 10:29:50.250root 11241100x8000000000000000361622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f659d12ba4df861e2021-12-21 10:29:50.250root 11241100x8000000000000000361623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.152b6f7c823495d72021-12-21 10:29:50.250root 11241100x8000000000000000361624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590d9ce217f20d902021-12-21 10:29:50.250root 11241100x8000000000000000361625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bc7f50e2f66418b2021-12-21 10:29:50.250root 11241100x8000000000000000361626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91173f4c160e60d52021-12-21 10:29:50.250root 11241100x8000000000000000361627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d2fd86427e28ea72021-12-21 10:29:50.250root 11241100x8000000000000000361628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d894cf034611382021-12-21 10:29:50.250root 11241100x8000000000000000361629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea606c1af1d906d02021-12-21 10:29:50.250root 11241100x8000000000000000361630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.250{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8205f878f550e8c22021-12-21 10:29:50.250root 11241100x8000000000000000361631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d38fb8f2ca6b63672021-12-21 10:29:50.251root 11241100x8000000000000000361632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.251{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c273fb9ffbe57f342021-12-21 10:29:50.251root 11241100x8000000000000000361633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18391d046355cfc2021-12-21 10:29:50.253root 11241100x8000000000000000361634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d898742a835828152021-12-21 10:29:50.253root 11241100x8000000000000000361635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.253{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5e6c54eb89e0f022021-12-21 10:29:50.253root 11241100x8000000000000000361636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f95ad4a7e7ace632021-12-21 10:29:50.693root 11241100x8000000000000000361637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7e5a111cee00bd2021-12-21 10:29:50.693root 11241100x8000000000000000361638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.447fc73e364eb2d32021-12-21 10:29:50.693root 11241100x8000000000000000361639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d27c8c05d9f1aef2021-12-21 10:29:50.694root 11241100x8000000000000000361640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f8d548627f5ef252021-12-21 10:29:50.694root 11241100x8000000000000000361641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.066719c7987de13f2021-12-21 10:29:50.695root 11241100x8000000000000000361642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e46327066034b62021-12-21 10:29:50.695root 11241100x8000000000000000361643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c4a7c66b40c0d12021-12-21 10:29:50.695root 11241100x8000000000000000361644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51728e1721fe1c82021-12-21 10:29:50.695root 11241100x8000000000000000361645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f96b8c11071fe72021-12-21 10:29:50.695root 11241100x8000000000000000361646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46fe73e11670490c2021-12-21 10:29:50.695root 11241100x8000000000000000361647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64219b41026cb4dc2021-12-21 10:29:50.696root 11241100x8000000000000000361648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b00f7564c0297c702021-12-21 10:29:50.696root 11241100x8000000000000000361649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df0c783d12f6f092021-12-21 10:29:50.696root 11241100x8000000000000000361650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2517df89fea9d92021-12-21 10:29:50.697root 11241100x8000000000000000361651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae65dc381d4bf2f2021-12-21 10:29:50.697root 11241100x8000000000000000361652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fac645e3cb28dfab2021-12-21 10:29:50.697root 11241100x8000000000000000361653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f975e9caf45831fa2021-12-21 10:29:50.698root 11241100x8000000000000000361654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f24a6f27f497952021-12-21 10:29:50.698root 11241100x8000000000000000361655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7178d1ec2000a7532021-12-21 10:29:50.698root 11241100x8000000000000000361656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.776ca1203e47f5932021-12-21 10:29:50.699root 11241100x8000000000000000361657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024b2cc867adb1352021-12-21 10:29:50.699root 11241100x8000000000000000361658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd3b9f922175e102021-12-21 10:29:50.699root 11241100x8000000000000000361659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ec366711460fbbd2021-12-21 10:29:50.700root 11241100x8000000000000000361660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9b8d2cee153cf02021-12-21 10:29:50.700root 11241100x8000000000000000361661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ce4fbb7914e8932021-12-21 10:29:50.700root 11241100x8000000000000000361662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a9e6a3beef3a062021-12-21 10:29:50.700root 11241100x8000000000000000361663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c3fd06426c20d52021-12-21 10:29:50.700root 11241100x8000000000000000361664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358e5a675250ff3e2021-12-21 10:29:50.700root 11241100x8000000000000000361665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400e5942ce08a0da2021-12-21 10:29:50.700root 11241100x8000000000000000361666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e99b94a8b6a19a2021-12-21 10:29:50.700root 11241100x8000000000000000361667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a2823a5f7fedc42021-12-21 10:29:50.700root 11241100x8000000000000000361668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94474cba14f48bf2021-12-21 10:29:50.700root 11241100x8000000000000000361669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3b186de60fda7532021-12-21 10:29:50.700root 11241100x8000000000000000361670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc01f4abb7cf8c2d2021-12-21 10:29:50.701root 11241100x8000000000000000361671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09e2f584dec689732021-12-21 10:29:50.701root 11241100x8000000000000000361672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3796c8bcffbecdb52021-12-21 10:29:50.701root 11241100x8000000000000000361673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b75666e7bad20f32021-12-21 10:29:50.701root 11241100x8000000000000000361674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e1cca873c4a3d22021-12-21 10:29:50.701root 11241100x8000000000000000361675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d284f9d10a0c9972021-12-21 10:29:50.701root 11241100x8000000000000000361676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9505ef739a94dcfb2021-12-21 10:29:50.701root 11241100x8000000000000000361677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06259dafd8de21bd2021-12-21 10:29:50.701root 11241100x8000000000000000361678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29b34c97e35e7abb2021-12-21 10:29:50.701root 11241100x8000000000000000361679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.820f4e43ec0290e32021-12-21 10:29:50.701root 11241100x8000000000000000361680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3c90455a2fc9802021-12-21 10:29:50.701root 11241100x8000000000000000361681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2fd507be9268ce2021-12-21 10:29:50.701root 11241100x8000000000000000361682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cbf474db1a41c6a2021-12-21 10:29:50.701root 11241100x8000000000000000361683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfb9658a8158794f2021-12-21 10:29:50.701root 11241100x8000000000000000361684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d891bcf19258a532021-12-21 10:29:50.701root 11241100x8000000000000000361685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b453fdda08c940c22021-12-21 10:29:50.701root 11241100x8000000000000000361686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07ebd6726ccbc8072021-12-21 10:29:50.701root 11241100x8000000000000000361687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.454e7374374320fc2021-12-21 10:29:50.702root 11241100x8000000000000000361688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31c394683f3eca62021-12-21 10:29:50.702root 11241100x8000000000000000361689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1208eafb926d4c32021-12-21 10:29:50.702root 11241100x8000000000000000361690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195791b208c883a92021-12-21 10:29:50.702root 11241100x8000000000000000361691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8d74438967c5a892021-12-21 10:29:50.702root 11241100x8000000000000000361692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753cc7b2874db1fa2021-12-21 10:29:50.702root 11241100x8000000000000000361693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8328cd5398ee9fae2021-12-21 10:29:50.702root 11241100x8000000000000000361694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.882f5013711655182021-12-21 10:29:50.702root 11241100x8000000000000000361695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb6b261bddd0bfd2021-12-21 10:29:50.702root 11241100x8000000000000000361696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8906fee1e67445e72021-12-21 10:29:50.702root 11241100x8000000000000000361697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c71aca00f10474912021-12-21 10:29:50.702root 11241100x8000000000000000361698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963d55495b154d672021-12-21 10:29:50.702root 11241100x8000000000000000361699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b9070d969f0f622021-12-21 10:29:50.702root 11241100x8000000000000000361700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5690ef6112908e9c2021-12-21 10:29:50.703root 11241100x8000000000000000361701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5febb380931968602021-12-21 10:29:50.703root 11241100x8000000000000000361702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19c1d27fb565bb52021-12-21 10:29:50.703root 11241100x8000000000000000361703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ceb56abe00ab6e2021-12-21 10:29:50.703root 11241100x8000000000000000361704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55aefa978c2ca9dc2021-12-21 10:29:50.703root 11241100x8000000000000000361705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5592966c29e247912021-12-21 10:29:50.703root 11241100x8000000000000000361706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57fde30b769048be2021-12-21 10:29:50.703root 11241100x8000000000000000361707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1245570d1b1369562021-12-21 10:29:50.703root 11241100x8000000000000000361708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.407f5348a23aeb6a2021-12-21 10:29:50.703root 11241100x8000000000000000361709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b97b9e55a26678d2021-12-21 10:29:50.703root 11241100x8000000000000000361710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11c902083dc77b7d2021-12-21 10:29:50.704root 11241100x8000000000000000361711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ae899543eba0b462021-12-21 10:29:50.704root 11241100x8000000000000000361712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9242a305be498ea92021-12-21 10:29:50.704root 11241100x8000000000000000361713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e4904452ca93752021-12-21 10:29:50.704root 11241100x8000000000000000361714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d9eb0a9fd25a47f2021-12-21 10:29:50.704root 11241100x8000000000000000361715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70f37ba04deb6ab92021-12-21 10:29:50.704root 11241100x8000000000000000361716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4be3e9a1a54f01472021-12-21 10:29:50.704root 11241100x8000000000000000361717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a6dac511d67da852021-12-21 10:29:50.704root 11241100x8000000000000000361718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4573d4195b75732021-12-21 10:29:50.704root 11241100x8000000000000000361719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c599a4d308f429d2021-12-21 10:29:50.704root 11241100x8000000000000000361720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60311f7cab570c8a2021-12-21 10:29:50.704root 11241100x8000000000000000361721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b164eef84ce98472021-12-21 10:29:50.704root 11241100x8000000000000000361722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fcd696ee96347662021-12-21 10:29:50.704root 11241100x8000000000000000361723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c09b60387427e82021-12-21 10:29:50.704root 11241100x8000000000000000361724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec82ee8c3d0a3222021-12-21 10:29:50.704root 11241100x8000000000000000361725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0cf37a22ee88b32021-12-21 10:29:50.704root 11241100x8000000000000000361726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f1cc8fa7e8c6732021-12-21 10:29:50.707root 11241100x8000000000000000361727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37e07140cb7845a2021-12-21 10:29:50.707root 11241100x8000000000000000361728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0dc81366f526e1b2021-12-21 10:29:50.707root 11241100x8000000000000000361729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d7de921af3227db2021-12-21 10:29:50.707root 11241100x8000000000000000361730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd40af6f30aaa9572021-12-21 10:29:50.708root 11241100x8000000000000000361731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3b23542c0aae9e2021-12-21 10:29:50.708root 11241100x8000000000000000361732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7f96e230e7e722c2021-12-21 10:29:50.708root 11241100x8000000000000000361733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6e63e82c0364002021-12-21 10:29:50.708root 11241100x8000000000000000361734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9644cf2d1ad45ab32021-12-21 10:29:50.708root 11241100x8000000000000000361735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5beebcadbcffcafc2021-12-21 10:29:50.708root 11241100x8000000000000000361736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7337386ce8987d7b2021-12-21 10:29:50.708root 11241100x8000000000000000361737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323955b4f124778a2021-12-21 10:29:50.708root 11241100x8000000000000000361738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0981d77038184cc72021-12-21 10:29:50.708root 11241100x8000000000000000361739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4614add0080f98002021-12-21 10:29:50.708root 11241100x8000000000000000361740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d6abbd5c0b88de2021-12-21 10:29:50.708root 11241100x8000000000000000361741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5721ae2179d058862021-12-21 10:29:50.708root 11241100x8000000000000000361742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4370da4deaacf3da2021-12-21 10:29:50.708root 11241100x8000000000000000361743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d52c03980283c0c2021-12-21 10:29:50.708root 11241100x8000000000000000361744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81689df77ff7088f2021-12-21 10:29:50.708root 11241100x8000000000000000361745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e250031030054b32021-12-21 10:29:50.709root 11241100x8000000000000000361746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.999c93ce0afb7b6a2021-12-21 10:29:50.709root 11241100x8000000000000000361747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0f13402ddc493682021-12-21 10:29:50.709root 11241100x8000000000000000361748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04cc705cc2f219c82021-12-21 10:29:50.709root 11241100x8000000000000000361749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3224d8094f24545c2021-12-21 10:29:50.709root 11241100x8000000000000000361750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e12c95c5498bd22021-12-21 10:29:50.709root 11241100x8000000000000000361751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973f166a27e255412021-12-21 10:29:50.709root 11241100x8000000000000000361752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b55625b4f32b35c2021-12-21 10:29:50.709root 11241100x8000000000000000361753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93dd31dbac2e41b72021-12-21 10:29:50.709root 11241100x8000000000000000361754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fdedf3d5a289842021-12-21 10:29:50.709root 11241100x8000000000000000361755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23fec265150c4eb2021-12-21 10:29:50.709root 11241100x8000000000000000361756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2185ff11cecb4c872021-12-21 10:29:50.709root 11241100x8000000000000000361757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55229ee760c3bed2021-12-21 10:29:50.709root 11241100x8000000000000000361758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b203e49e3689ad2021-12-21 10:29:50.709root 11241100x8000000000000000361759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4f53c7ff5ada322021-12-21 10:29:50.709root 11241100x8000000000000000361760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63a5a655c6d2d6f02021-12-21 10:29:50.709root 11241100x8000000000000000361761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ce2d404d3815362021-12-21 10:29:50.710root 11241100x8000000000000000361762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:50.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb71c45cfd7fd32c2021-12-21 10:29:50.710root 11241100x8000000000000000361763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46e43a306d2cb8c2021-12-21 10:29:51.193root 11241100x8000000000000000361764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11222f615e42d1082021-12-21 10:29:51.194root 11241100x8000000000000000361765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8761048a3cc9d2e12021-12-21 10:29:51.194root 11241100x8000000000000000361766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b3c6183bad83ab2021-12-21 10:29:51.194root 11241100x8000000000000000361767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0e55f6487567db82021-12-21 10:29:51.194root 11241100x8000000000000000361768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.239f4f263f876d8e2021-12-21 10:29:51.194root 11241100x8000000000000000361769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.427e1f03602167b12021-12-21 10:29:51.194root 11241100x8000000000000000361770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66503d79612dfeaa2021-12-21 10:29:51.194root 11241100x8000000000000000361771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0deb5741748f39e2021-12-21 10:29:51.194root 11241100x8000000000000000361772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17761466559f97302021-12-21 10:29:51.194root 11241100x8000000000000000361773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd3c8f83797666422021-12-21 10:29:51.195root 11241100x8000000000000000361774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6366d8378917c6f32021-12-21 10:29:51.195root 11241100x8000000000000000361775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2fa4f16bb9419672021-12-21 10:29:51.195root 11241100x8000000000000000361776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8679f9da0846a582021-12-21 10:29:51.195root 11241100x8000000000000000361777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.908654f20d63c48d2021-12-21 10:29:51.195root 11241100x8000000000000000361778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783b21632caa63952021-12-21 10:29:51.195root 11241100x8000000000000000361779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4cd7b5fbfdc8732021-12-21 10:29:51.195root 11241100x8000000000000000361780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.370ae84c487ae4c32021-12-21 10:29:51.195root 11241100x8000000000000000361781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b85e34de7999ad2021-12-21 10:29:51.195root 11241100x8000000000000000361782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98580fc847cb17dc2021-12-21 10:29:51.195root 11241100x8000000000000000361783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b51a11c33ff2662021-12-21 10:29:51.195root 11241100x8000000000000000361784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31d42812d0234bbb2021-12-21 10:29:51.195root 11241100x8000000000000000361785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55196a88e465d23f2021-12-21 10:29:51.195root 11241100x8000000000000000361786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bffc735b29f7cd62021-12-21 10:29:51.196root 11241100x8000000000000000361787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8707c5a1b205c78a2021-12-21 10:29:51.196root 11241100x8000000000000000361788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90190dea92987422021-12-21 10:29:51.196root 11241100x8000000000000000361789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df4539b7cee80b9c2021-12-21 10:29:51.196root 11241100x8000000000000000361790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ef1487c5122eb22021-12-21 10:29:51.196root 11241100x8000000000000000361791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13507ad027c087a2021-12-21 10:29:51.196root 11241100x8000000000000000361792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a81b2a16f406f42021-12-21 10:29:51.196root 11241100x8000000000000000361793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a906bae40682542021-12-21 10:29:51.196root 11241100x8000000000000000361794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b461ca911d17822021-12-21 10:29:51.196root 11241100x8000000000000000361795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c3eeacbb7d4b9c2021-12-21 10:29:51.196root 11241100x8000000000000000361796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.304735e176541cf82021-12-21 10:29:51.196root 11241100x8000000000000000361797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf857c73fe90d132021-12-21 10:29:51.197root 11241100x8000000000000000361798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bef7fa12ca1400e2021-12-21 10:29:51.197root 11241100x8000000000000000361799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58347f3e7bd831db2021-12-21 10:29:51.197root 11241100x8000000000000000361800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.435857a73063045e2021-12-21 10:29:51.197root 11241100x8000000000000000361801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5328c838fe34786a2021-12-21 10:29:51.198root 11241100x8000000000000000361802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f47cfd45b4312792021-12-21 10:29:51.198root 11241100x8000000000000000361803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b3a2656172b6b752021-12-21 10:29:51.198root 11241100x8000000000000000361804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24b0d977baf529702021-12-21 10:29:51.199root 11241100x8000000000000000361805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95b1de339fcab942021-12-21 10:29:51.199root 11241100x8000000000000000361806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bbdc581f0946ff2021-12-21 10:29:51.199root 11241100x8000000000000000361807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09fc8889021903b92021-12-21 10:29:51.199root 11241100x8000000000000000361808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.676456b7c8d3c7802021-12-21 10:29:51.199root 11241100x8000000000000000361809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e46b0dbc474f56b2021-12-21 10:29:51.199root 11241100x8000000000000000361810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c7aa81f7d005962021-12-21 10:29:51.200root 11241100x8000000000000000361811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1902341ea911d68d2021-12-21 10:29:51.200root 11241100x8000000000000000361812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53c36cb23b140f6f2021-12-21 10:29:51.200root 11241100x8000000000000000361813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.109082c8b4adb66c2021-12-21 10:29:51.201root 11241100x8000000000000000361814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd71330d54a0684d2021-12-21 10:29:51.201root 11241100x8000000000000000361815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b78a371690593b6f2021-12-21 10:29:51.201root 11241100x8000000000000000361816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334398db3a83ded72021-12-21 10:29:51.201root 11241100x8000000000000000361817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cc8514d8206e6102021-12-21 10:29:51.202root 11241100x8000000000000000361818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd241d594f4e54a2021-12-21 10:29:51.202root 11241100x8000000000000000361819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a82bf9565a3873712021-12-21 10:29:51.202root 11241100x8000000000000000361820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c299bc2a9d1be62021-12-21 10:29:51.692root 11241100x8000000000000000361821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14fe2844e1f639f22021-12-21 10:29:51.693root 11241100x8000000000000000361822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02a9615253a007c12021-12-21 10:29:51.693root 11241100x8000000000000000361823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a301a4450be4c972021-12-21 10:29:51.693root 11241100x8000000000000000361824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.706882fed3b8d9e22021-12-21 10:29:51.693root 11241100x8000000000000000361825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df584df9342319002021-12-21 10:29:51.693root 11241100x8000000000000000361826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7f8ba38cadb3d62021-12-21 10:29:51.693root 11241100x8000000000000000361827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7740b9162d09dfe2021-12-21 10:29:51.693root 11241100x8000000000000000361828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.727f4d724a9567a22021-12-21 10:29:51.693root 11241100x8000000000000000361829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5424b4c4921f21a2021-12-21 10:29:51.694root 11241100x8000000000000000361830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f04382a55ce40a2021-12-21 10:29:51.694root 11241100x8000000000000000361831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea766455eef819652021-12-21 10:29:51.694root 11241100x8000000000000000361832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04d8eed0175cd282021-12-21 10:29:51.694root 11241100x8000000000000000361833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c0f61a7558f0672021-12-21 10:29:51.694root 11241100x8000000000000000361834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ab378d1f3c24b0b2021-12-21 10:29:51.694root 11241100x8000000000000000361835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9111871e14584ed62021-12-21 10:29:51.694root 11241100x8000000000000000361836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a2dc564fc265cf02021-12-21 10:29:51.694root 11241100x8000000000000000361837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bba72928871ff3dc2021-12-21 10:29:51.695root 11241100x8000000000000000361838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f0f3b8e535208e2021-12-21 10:29:51.695root 11241100x8000000000000000361839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.537c5d647be778dd2021-12-21 10:29:51.695root 11241100x8000000000000000361840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f69748f2b44e6d52021-12-21 10:29:51.695root 11241100x8000000000000000361841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f61ef45ce93e9d92021-12-21 10:29:51.695root 11241100x8000000000000000361842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b10f9723b8752a4b2021-12-21 10:29:51.695root 11241100x8000000000000000361843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1a51a94acaef962021-12-21 10:29:51.695root 11241100x8000000000000000361844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6020344dfed72c272021-12-21 10:29:51.695root 11241100x8000000000000000361845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0782701fc086e3d02021-12-21 10:29:51.695root 11241100x8000000000000000361846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd8e6f9036b0bf092021-12-21 10:29:51.696root 11241100x8000000000000000361847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d160966ac1a35c0d2021-12-21 10:29:51.696root 11241100x8000000000000000361848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9790b2ac19c35b172021-12-21 10:29:51.696root 11241100x8000000000000000361849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05fec5a21d10e0ae2021-12-21 10:29:51.696root 11241100x8000000000000000361850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.541e1877180116ec2021-12-21 10:29:51.696root 11241100x8000000000000000361851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9a41414dda589322021-12-21 10:29:51.696root 11241100x8000000000000000361852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6eef7cd9b1c4cf282021-12-21 10:29:51.696root 11241100x8000000000000000361853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a268a9eb8ae78ace2021-12-21 10:29:51.696root 11241100x8000000000000000361854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c300e8c4e1d24e1b2021-12-21 10:29:51.696root 11241100x8000000000000000361855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a8f554e2b73c4d2021-12-21 10:29:51.697root 11241100x8000000000000000361856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c196987085e5ae4a2021-12-21 10:29:51.697root 11241100x8000000000000000361857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da49cdd232bd6ed2021-12-21 10:29:51.697root 11241100x8000000000000000361858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5aa14c403ae50f2021-12-21 10:29:51.697root 11241100x8000000000000000361859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc9d2e3b55e102f52021-12-21 10:29:51.697root 11241100x8000000000000000361860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbc25b0829d7abca2021-12-21 10:29:51.697root 11241100x8000000000000000361861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f693240357cbdd02021-12-21 10:29:51.697root 11241100x8000000000000000361862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b67b4b66d51046a2021-12-21 10:29:51.697root 11241100x8000000000000000361863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e783b0821bafee62021-12-21 10:29:51.697root 11241100x8000000000000000361864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35b4cc59d3fae3802021-12-21 10:29:51.698root 11241100x8000000000000000361865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00a784a14ada81242021-12-21 10:29:51.698root 11241100x8000000000000000361866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56b36b8fa8d632e42021-12-21 10:29:51.698root 11241100x8000000000000000361867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bedea65f36384caf2021-12-21 10:29:51.698root 11241100x8000000000000000361868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a9d2a682f010e762021-12-21 10:29:51.698root 11241100x8000000000000000361869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4bdea51c4499c72021-12-21 10:29:51.698root 11241100x8000000000000000361870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6f60d5427b89712021-12-21 10:29:51.698root 11241100x8000000000000000361871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae592193a86c4faa2021-12-21 10:29:51.698root 11241100x8000000000000000361872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7db49b1928ff3702021-12-21 10:29:51.698root 11241100x8000000000000000361873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2bb98abe66823592021-12-21 10:29:51.699root 11241100x8000000000000000361874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d825684ac445562021-12-21 10:29:51.699root 11241100x8000000000000000361875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef4b05f7309997972021-12-21 10:29:51.699root 11241100x8000000000000000361876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3cadebd13e739e62021-12-21 10:29:51.699root 11241100x8000000000000000361877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6d76449307efe2f2021-12-21 10:29:51.699root 11241100x8000000000000000361878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c38a287660a52052021-12-21 10:29:51.699root 11241100x8000000000000000361879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3174e431a318fc972021-12-21 10:29:51.699root 11241100x8000000000000000361880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc28d155de1263792021-12-21 10:29:51.699root 11241100x8000000000000000361881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1254ae902493092021-12-21 10:29:51.699root 11241100x8000000000000000361882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf0f1bb3d3302802021-12-21 10:29:51.699root 11241100x8000000000000000361883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77eb1c7f1fb87c7f2021-12-21 10:29:51.700root 11241100x8000000000000000361884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ef713325f09f3272021-12-21 10:29:51.700root 11241100x8000000000000000361885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39f2955a182a3b362021-12-21 10:29:51.700root 11241100x8000000000000000361886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39da7cb6daf2d0462021-12-21 10:29:51.700root 11241100x8000000000000000361887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:51.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daadd679681204bf2021-12-21 10:29:51.700root 354300x8000000000000000361888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.177{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47182-false10.0.1.12-8000- 11241100x8000000000000000361889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.179{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205486885a4785902021-12-21 10:29:52.179root 11241100x8000000000000000361890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.179{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea7532cf3e5ed0c42021-12-21 10:29:52.179root 11241100x8000000000000000361891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.179{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c808d324d70f03782021-12-21 10:29:52.179root 11241100x8000000000000000361892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.179{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10bdf87f405bd242021-12-21 10:29:52.179root 11241100x8000000000000000361893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.179{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d7e58e3db01d622021-12-21 10:29:52.179root 11241100x8000000000000000361894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.180{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19f4ab7c529ac08a2021-12-21 10:29:52.180root 11241100x8000000000000000361895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.180{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7764fa1ae363d5ca2021-12-21 10:29:52.180root 11241100x8000000000000000361896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.180{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8acb9d3e235021df2021-12-21 10:29:52.180root 11241100x8000000000000000361897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.180{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de8de383c3fa1d832021-12-21 10:29:52.180root 11241100x8000000000000000361898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.180{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9057e582e4c2262021-12-21 10:29:52.180root 11241100x8000000000000000361899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.180{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e47f23eeced41f2021-12-21 10:29:52.180root 11241100x8000000000000000361900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.180{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d4771eb05656c3d2021-12-21 10:29:52.180root 11241100x8000000000000000361901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.180{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50fd27cde44a5f32021-12-21 10:29:52.180root 11241100x8000000000000000361902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.180{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32231dd657f7f5652021-12-21 10:29:52.180root 11241100x8000000000000000361903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.181{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2995a5ed99cd08f62021-12-21 10:29:52.181root 11241100x8000000000000000361904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.181{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6adf10ceb99fb4882021-12-21 10:29:52.181root 11241100x8000000000000000361905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.181{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74cb4d5e0f60e682021-12-21 10:29:52.181root 11241100x8000000000000000361906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.181{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe2a1a918971f6d2021-12-21 10:29:52.181root 11241100x8000000000000000361907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.181{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6f510dbf8dfe2b2021-12-21 10:29:52.181root 11241100x8000000000000000361908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.181{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d35114663439c352021-12-21 10:29:52.181root 11241100x8000000000000000361909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.181{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1fcea2c27139b432021-12-21 10:29:52.181root 11241100x8000000000000000361910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.181{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b13408efea32c5c2021-12-21 10:29:52.181root 11241100x8000000000000000361911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.181{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7adb380c15c99562021-12-21 10:29:52.181root 11241100x8000000000000000361912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.182{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f14898034246f82021-12-21 10:29:52.182root 11241100x8000000000000000361913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.182{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b1bc1da8d7d13f2021-12-21 10:29:52.182root 11241100x8000000000000000361914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.182{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79191fa2949e52642021-12-21 10:29:52.182root 11241100x8000000000000000361915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.182{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12122f7a06f7ec0b2021-12-21 10:29:52.182root 11241100x8000000000000000361916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.182{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dcf5c3306b1ec872021-12-21 10:29:52.182root 11241100x8000000000000000361917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.182{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a02e46e24e38fa2021-12-21 10:29:52.182root 11241100x8000000000000000361918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.182{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7659f8d79304deda2021-12-21 10:29:52.182root 11241100x8000000000000000361919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c73cc533777e1502021-12-21 10:29:52.183root 11241100x8000000000000000361920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb9727c81aaf60d2021-12-21 10:29:52.183root 11241100x8000000000000000361921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff729b9cc4fa77662021-12-21 10:29:52.183root 11241100x8000000000000000361922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8d2fc178896dd022021-12-21 10:29:52.183root 11241100x8000000000000000361923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425b264050fb79992021-12-21 10:29:52.183root 11241100x8000000000000000361924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.183{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb801a8a561429182021-12-21 10:29:52.183root 11241100x8000000000000000361925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9e3f800e6faf492021-12-21 10:29:52.184root 11241100x8000000000000000361926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13966c3309fb6cd22021-12-21 10:29:52.184root 11241100x8000000000000000361927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80610b83b32dc23d2021-12-21 10:29:52.184root 11241100x8000000000000000361928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.184{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f34d09d013d135aa2021-12-21 10:29:52.184root 11241100x8000000000000000361929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e6d4020f6f7de22021-12-21 10:29:52.185root 11241100x8000000000000000361930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e417c92d83ebbc8d2021-12-21 10:29:52.185root 11241100x8000000000000000361931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4b97e827abe55772021-12-21 10:29:52.185root 11241100x8000000000000000361932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1f61cc2cdbe6c42021-12-21 10:29:52.185root 11241100x8000000000000000361933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77c815c91c88fdc92021-12-21 10:29:52.185root 11241100x8000000000000000361934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.185{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd498e27109282d42021-12-21 10:29:52.185root 11241100x8000000000000000361935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e308e0bede907d952021-12-21 10:29:52.187root 11241100x8000000000000000361936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205f0d2c0c645afb2021-12-21 10:29:52.187root 11241100x8000000000000000361937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.621b1e717d93205d2021-12-21 10:29:52.187root 11241100x8000000000000000361938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.187{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a859c42bb79d33832021-12-21 10:29:52.187root 11241100x8000000000000000361939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32487883bbf5c892021-12-21 10:29:52.188root 11241100x8000000000000000361940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3321607b0ffa2e2021-12-21 10:29:52.188root 11241100x8000000000000000361941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667f5d57135bc0492021-12-21 10:29:52.188root 11241100x8000000000000000361942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a3a32a66dddf0e2021-12-21 10:29:52.188root 11241100x8000000000000000361943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71bb3de2e6565fad2021-12-21 10:29:52.188root 11241100x8000000000000000361944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce3cf0525ad4c2f02021-12-21 10:29:52.188root 11241100x8000000000000000361945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16942caee4ae901f2021-12-21 10:29:52.188root 11241100x8000000000000000361946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b843fa1ec294e9782021-12-21 10:29:52.188root 11241100x8000000000000000361947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.188{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6b5cc8bc3a75bb2021-12-21 10:29:52.188root 11241100x8000000000000000361948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.909ca755c591d5862021-12-21 10:29:52.189root 11241100x8000000000000000361949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95753552c45bbbc2021-12-21 10:29:52.189root 11241100x8000000000000000361950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b38935e5c876d0d2021-12-21 10:29:52.189root 11241100x8000000000000000361951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ba0d7db3c54dcc2021-12-21 10:29:52.189root 11241100x8000000000000000361952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec9be645d17d36ce2021-12-21 10:29:52.189root 11241100x8000000000000000361953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6551cca5c0467d552021-12-21 10:29:52.189root 11241100x8000000000000000361954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8add6140af7be7582021-12-21 10:29:52.189root 11241100x8000000000000000361955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e52feab3ad80152021-12-21 10:29:52.189root 11241100x8000000000000000361956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.189{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de6cfc87e00b63f2021-12-21 10:29:52.189root 11241100x8000000000000000361957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bac7a776fe39e9f32021-12-21 10:29:52.190root 11241100x8000000000000000361958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a520104e2a586d6d2021-12-21 10:29:52.190root 11241100x8000000000000000361959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a484297bed27c38d2021-12-21 10:29:52.190root 11241100x8000000000000000361960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca47aee3770548972021-12-21 10:29:52.190root 11241100x8000000000000000361961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7c4d658e2fdf012021-12-21 10:29:52.190root 11241100x8000000000000000361962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac86b7947f048522021-12-21 10:29:52.190root 11241100x8000000000000000361963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f172fd3e335700d2021-12-21 10:29:52.190root 11241100x8000000000000000361964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a30904949b79d7302021-12-21 10:29:52.190root 11241100x8000000000000000361965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.190{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd65ab0c358fa4f2021-12-21 10:29:52.190root 11241100x8000000000000000361966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de3e7e4d3e2383702021-12-21 10:29:52.191root 11241100x8000000000000000361967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba347f104ac90df72021-12-21 10:29:52.191root 11241100x8000000000000000361968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d458193bc002c96c2021-12-21 10:29:52.191root 11241100x8000000000000000361969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6951bc9ab8090dab2021-12-21 10:29:52.191root 11241100x8000000000000000361970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ab8476ca1880282021-12-21 10:29:52.191root 11241100x8000000000000000361971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f47cc7df82eda42c2021-12-21 10:29:52.191root 11241100x8000000000000000361972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c5318a17ec3ac182021-12-21 10:29:52.191root 11241100x8000000000000000361973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff3ad3f9cba232f2021-12-21 10:29:52.191root 11241100x8000000000000000361974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.191{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e0b56ffda134f72021-12-21 10:29:52.191root 11241100x8000000000000000361975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f1bb6ff0a02abd2021-12-21 10:29:52.192root 11241100x8000000000000000361976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a459d3a92316f32021-12-21 10:29:52.192root 11241100x8000000000000000361977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49a818ba6198b72c2021-12-21 10:29:52.192root 11241100x8000000000000000361978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdd4e88ea3d018c22021-12-21 10:29:52.192root 11241100x8000000000000000361979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fb6919c48498ba92021-12-21 10:29:52.192root 11241100x8000000000000000361980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22499845e8a0aff2021-12-21 10:29:52.192root 11241100x8000000000000000361981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020933847bec5eec2021-12-21 10:29:52.192root 11241100x8000000000000000361982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f60d9ec9f0a17bc72021-12-21 10:29:52.192root 11241100x8000000000000000361983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27ba62b030635a4c2021-12-21 10:29:52.192root 11241100x8000000000000000361984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f04abbee7a4598b2021-12-21 10:29:52.192root 11241100x8000000000000000361985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d35d7a4fbe527b2021-12-21 10:29:52.193root 11241100x8000000000000000361986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15c5b018daec49612021-12-21 10:29:52.193root 11241100x8000000000000000361987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf88d1e9506aa742021-12-21 10:29:52.193root 11241100x8000000000000000361988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7271403bf5d8d12021-12-21 10:29:52.193root 11241100x8000000000000000361989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c3a56f9a73f1472021-12-21 10:29:52.193root 11241100x8000000000000000361990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd77038a6bff1462021-12-21 10:29:52.193root 11241100x8000000000000000361991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e26b96d3ffbb40f2021-12-21 10:29:52.193root 11241100x8000000000000000361992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3c7ef68f60ba2792021-12-21 10:29:52.443root 11241100x8000000000000000361993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b582d49090e5262021-12-21 10:29:52.443root 11241100x8000000000000000361994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174a6789959a9d122021-12-21 10:29:52.444root 11241100x8000000000000000361995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c39084d0f6bbaf2021-12-21 10:29:52.444root 11241100x8000000000000000361996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d232456d5a4051292021-12-21 10:29:52.444root 11241100x8000000000000000361997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f732cf31369caed22021-12-21 10:29:52.444root 11241100x8000000000000000361998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b29693d9f73220bb2021-12-21 10:29:52.444root 11241100x8000000000000000361999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3bc9a5595605d92021-12-21 10:29:52.444root 11241100x8000000000000000362000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec7ff70c20a9069a2021-12-21 10:29:52.444root 11241100x8000000000000000362001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e4a550d553ce1c02021-12-21 10:29:52.444root 11241100x8000000000000000362002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b99502703ef01a42021-12-21 10:29:52.445root 11241100x8000000000000000362003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d91d4c48d5848c122021-12-21 10:29:52.445root 11241100x8000000000000000362004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5a2f58b2abd82ce2021-12-21 10:29:52.445root 11241100x8000000000000000362005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7845be36c3a1d2fd2021-12-21 10:29:52.445root 11241100x8000000000000000362006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fb15655d12888492021-12-21 10:29:52.445root 11241100x8000000000000000362007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990446ab29c8f3bf2021-12-21 10:29:52.445root 11241100x8000000000000000362008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98437923b1f49abf2021-12-21 10:29:52.445root 11241100x8000000000000000362009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f73f055241d0d72021-12-21 10:29:52.445root 11241100x8000000000000000362010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b595687273d150382021-12-21 10:29:52.446root 11241100x8000000000000000362011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23284cae0b5fe8eb2021-12-21 10:29:52.446root 11241100x8000000000000000362012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db7ccdba8dfc04ef2021-12-21 10:29:52.446root 11241100x8000000000000000362013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2f96bda836d3282021-12-21 10:29:52.446root 11241100x8000000000000000362014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf980d9c43f0e8c12021-12-21 10:29:52.446root 11241100x8000000000000000362015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34c0e800e19397a42021-12-21 10:29:52.446root 11241100x8000000000000000362016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee7d4abd62ef7f0e2021-12-21 10:29:52.447root 11241100x8000000000000000362017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fb45dd9d497a6fc2021-12-21 10:29:52.447root 11241100x8000000000000000362018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad32b2157987c522021-12-21 10:29:52.447root 11241100x8000000000000000362019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c668b5ab1131e32021-12-21 10:29:52.447root 11241100x8000000000000000362020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a877460e13e7f8012021-12-21 10:29:52.448root 11241100x8000000000000000362021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fd4acbc9b33bf02021-12-21 10:29:52.448root 11241100x8000000000000000362022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c040483a3621da6f2021-12-21 10:29:52.448root 11241100x8000000000000000362023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec14815183074afa2021-12-21 10:29:52.448root 11241100x8000000000000000362024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98f789236ea46dd72021-12-21 10:29:52.448root 11241100x8000000000000000362025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c479393e78ddf6162021-12-21 10:29:52.449root 11241100x8000000000000000362026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc9666938287a852021-12-21 10:29:52.449root 11241100x8000000000000000362027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e63746b05241b3f12021-12-21 10:29:52.449root 11241100x8000000000000000362028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e07a26dd8c7e202021-12-21 10:29:52.449root 11241100x8000000000000000362029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1c6d2d706181d62021-12-21 10:29:52.450root 11241100x8000000000000000362030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aefef88eefc6317a2021-12-21 10:29:52.450root 11241100x8000000000000000362031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d800ffe7996e2032021-12-21 10:29:52.450root 11241100x8000000000000000362032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ecfe3c90a784a52021-12-21 10:29:52.450root 11241100x8000000000000000362033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d040efd1d964082021-12-21 10:29:52.450root 11241100x8000000000000000362034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8431d354eeca642021-12-21 10:29:52.450root 11241100x8000000000000000362035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc19644c4a555ad2021-12-21 10:29:52.450root 11241100x8000000000000000362036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fd5020add7438e32021-12-21 10:29:52.450root 11241100x8000000000000000362037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a935f85be943c702021-12-21 10:29:52.450root 11241100x8000000000000000362038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f657d6af2331b6b2021-12-21 10:29:52.451root 11241100x8000000000000000362039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60b770fd3b7a845d2021-12-21 10:29:52.451root 11241100x8000000000000000362040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e322f1116f0da00b2021-12-21 10:29:52.451root 11241100x8000000000000000362041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ba223cd57bda5c2021-12-21 10:29:52.451root 11241100x8000000000000000362042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.959f07bd3fdfdf132021-12-21 10:29:52.451root 11241100x8000000000000000362043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcafcbb2f7977bfa2021-12-21 10:29:52.452root 11241100x8000000000000000362044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65efe2d85429dad82021-12-21 10:29:52.452root 11241100x8000000000000000362045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72190dda69b865062021-12-21 10:29:52.452root 11241100x8000000000000000362046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9b92ecf0cc8925b2021-12-21 10:29:52.452root 11241100x8000000000000000362047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b505ee65a051d6912021-12-21 10:29:52.452root 11241100x8000000000000000362048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ac798ca4b0fad62021-12-21 10:29:52.452root 11241100x8000000000000000362049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6bd3fbb39530ddb2021-12-21 10:29:52.452root 11241100x8000000000000000362050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.699c9c5d9b291a792021-12-21 10:29:52.452root 11241100x8000000000000000362051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bc27917d9ca20d2021-12-21 10:29:52.453root 11241100x8000000000000000362052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8c96dc3849ec1c52021-12-21 10:29:52.453root 11241100x8000000000000000362053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e865ea900a6964542021-12-21 10:29:52.453root 11241100x8000000000000000362054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af112eea0f2af4662021-12-21 10:29:52.453root 11241100x8000000000000000362055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6398cdd6fe586b512021-12-21 10:29:52.453root 11241100x8000000000000000362056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc8ed60dce842cc52021-12-21 10:29:52.453root 11241100x8000000000000000362057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530867e1b285c5912021-12-21 10:29:52.453root 11241100x8000000000000000362058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209e440f4c7fb08c2021-12-21 10:29:52.453root 11241100x8000000000000000362059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57669db48663b5eb2021-12-21 10:29:52.454root 11241100x8000000000000000362060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e43f278709b3aa82021-12-21 10:29:52.454root 11241100x8000000000000000362061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39cb8412c1c82aab2021-12-21 10:29:52.454root 11241100x8000000000000000362062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e37d2ed76887c3cf2021-12-21 10:29:52.454root 11241100x8000000000000000362063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f513c591f950942c2021-12-21 10:29:52.454root 11241100x8000000000000000362064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e95ce19172b0cd3b2021-12-21 10:29:52.454root 11241100x8000000000000000362065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cade8bf7a7845142021-12-21 10:29:52.454root 11241100x8000000000000000362066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52d833c361f4d3502021-12-21 10:29:52.455root 11241100x8000000000000000362067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecfee6d25899e7802021-12-21 10:29:52.455root 11241100x8000000000000000362068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958508ace2ec88ba2021-12-21 10:29:52.455root 11241100x8000000000000000362069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ef737ed246fba292021-12-21 10:29:52.455root 11241100x8000000000000000362070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f1debce1984e5f2021-12-21 10:29:52.456root 11241100x8000000000000000362071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe594e54d116f6dc2021-12-21 10:29:52.456root 11241100x8000000000000000362072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9623babaf63cbec72021-12-21 10:29:52.456root 11241100x8000000000000000362073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8359784f2f9600092021-12-21 10:29:52.456root 11241100x8000000000000000362074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2fbab2a68a20ad52021-12-21 10:29:52.456root 11241100x8000000000000000362075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577a6a510aa312302021-12-21 10:29:52.456root 11241100x8000000000000000362076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e10ca61376e07d72021-12-21 10:29:52.456root 11241100x8000000000000000362077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18e9e53ef3824f672021-12-21 10:29:52.456root 11241100x8000000000000000362078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b7562bdb3da7252021-12-21 10:29:52.456root 11241100x8000000000000000362079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cf8e921c4898e402021-12-21 10:29:52.456root 11241100x8000000000000000362080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7b99b42d971011f2021-12-21 10:29:52.456root 11241100x8000000000000000362081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0de70217d5a3820b2021-12-21 10:29:52.456root 11241100x8000000000000000362082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e26f7465951773f2021-12-21 10:29:52.456root 11241100x8000000000000000362083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcdcf469dde6dc452021-12-21 10:29:52.457root 11241100x8000000000000000362084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50bfc31b4f0b91d12021-12-21 10:29:52.457root 11241100x8000000000000000362085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fd5ddcf954346792021-12-21 10:29:52.457root 11241100x8000000000000000362086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833bdfcd55101e5b2021-12-21 10:29:52.457root 11241100x8000000000000000362087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61680bc1f50b082e2021-12-21 10:29:52.457root 11241100x8000000000000000362088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1603af3e8964dbe02021-12-21 10:29:52.457root 11241100x8000000000000000362089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5012ae8ee818cdcd2021-12-21 10:29:52.457root 11241100x8000000000000000362090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21aa74abe4fd96822021-12-21 10:29:52.457root 11241100x8000000000000000362091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c59fcff4ddc06352021-12-21 10:29:52.458root 11241100x8000000000000000362092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17bb3e652504e6362021-12-21 10:29:52.458root 11241100x8000000000000000362093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18f56575d3dacc6d2021-12-21 10:29:52.458root 11241100x8000000000000000362094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54195bc1758c7afc2021-12-21 10:29:52.458root 11241100x8000000000000000362095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b1932f2cbc66aa2021-12-21 10:29:52.458root 11241100x8000000000000000362096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a81a29f8f69c3b02021-12-21 10:29:52.458root 11241100x8000000000000000362097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d43ecc50dbe37bc2021-12-21 10:29:52.458root 11241100x8000000000000000362098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb18f27a2c9fe0eb2021-12-21 10:29:52.458root 11241100x8000000000000000362099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.728df6ff02c4169d2021-12-21 10:29:52.458root 11241100x8000000000000000362100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0475689709b15ef82021-12-21 10:29:52.459root 11241100x8000000000000000362101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c420b8fb42961db12021-12-21 10:29:52.459root 11241100x8000000000000000362102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b0d35dee09a7632021-12-21 10:29:52.459root 11241100x8000000000000000362103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ab3cf0084f297f2021-12-21 10:29:52.459root 11241100x8000000000000000362104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad8e123429a1502e2021-12-21 10:29:52.459root 11241100x8000000000000000362105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1a9df2825077322021-12-21 10:29:52.459root 11241100x8000000000000000362106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45421c51769f6372021-12-21 10:29:52.459root 11241100x8000000000000000362107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7110ac74ce7b2d722021-12-21 10:29:52.459root 11241100x8000000000000000362108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.459{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f20902f6bdcfdde22021-12-21 10:29:52.459root 11241100x8000000000000000362109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e51edf2473674a072021-12-21 10:29:52.943root 11241100x8000000000000000362110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc954bbb1988af772021-12-21 10:29:52.943root 11241100x8000000000000000362111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbb277bff1139e52021-12-21 10:29:52.943root 11241100x8000000000000000362112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14b24f6af2f34c2b2021-12-21 10:29:52.943root 11241100x8000000000000000362113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47347d95db45c7772021-12-21 10:29:52.944root 11241100x8000000000000000362114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0486de7f294048a2021-12-21 10:29:52.944root 11241100x8000000000000000362115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f06b47030ef21d12021-12-21 10:29:52.944root 11241100x8000000000000000362116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c85620d4a30e4392021-12-21 10:29:52.944root 11241100x8000000000000000362117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bd008d2e3afab752021-12-21 10:29:52.944root 11241100x8000000000000000362118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76a1a60bc400c54a2021-12-21 10:29:52.944root 11241100x8000000000000000362119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8439ad810885771a2021-12-21 10:29:52.945root 11241100x8000000000000000362120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e57dd97f2dc78492021-12-21 10:29:52.945root 11241100x8000000000000000362121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e77e40bc285ccf7f2021-12-21 10:29:52.945root 11241100x8000000000000000362122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2005171eec75402021-12-21 10:29:52.945root 11241100x8000000000000000362123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9fd831f626978192021-12-21 10:29:52.945root 11241100x8000000000000000362124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68c729049d8d2c3b2021-12-21 10:29:52.945root 11241100x8000000000000000362125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2981ec5e1e6d8bc2021-12-21 10:29:52.945root 11241100x8000000000000000362126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4176d76373c7d3112021-12-21 10:29:52.946root 11241100x8000000000000000362127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042d6ca93319cc712021-12-21 10:29:52.946root 11241100x8000000000000000362128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f0476ef799a669a2021-12-21 10:29:52.946root 11241100x8000000000000000362129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec13a78af3d4a44a2021-12-21 10:29:52.947root 11241100x8000000000000000362130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.775230c33b274d2f2021-12-21 10:29:52.947root 11241100x8000000000000000362131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7f5a51280c3f0de2021-12-21 10:29:52.947root 11241100x8000000000000000362132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f583f4c8b4030322021-12-21 10:29:52.948root 11241100x8000000000000000362133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e35a27b31210fcbb2021-12-21 10:29:52.949root 11241100x8000000000000000362134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41d8b97516fb9e82021-12-21 10:29:52.949root 11241100x8000000000000000362135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7adee479b7ca32d62021-12-21 10:29:52.949root 11241100x8000000000000000362136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbb425d6e4753e342021-12-21 10:29:52.949root 11241100x8000000000000000362137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790aa2d9ec2fd8752021-12-21 10:29:52.949root 11241100x8000000000000000362138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a952b17f59ba062021-12-21 10:29:52.949root 11241100x8000000000000000362139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d7d3d73a7b00392021-12-21 10:29:52.949root 11241100x8000000000000000362140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e1347beede518ac2021-12-21 10:29:52.950root 11241100x8000000000000000362141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.549736a338c9d6512021-12-21 10:29:52.951root 11241100x8000000000000000362142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1b6bf2ab71a8b02021-12-21 10:29:52.951root 11241100x8000000000000000362143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303c1276eac145412021-12-21 10:29:52.951root 11241100x8000000000000000362144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c35847eb5f3cddf72021-12-21 10:29:52.951root 11241100x8000000000000000362145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ac6a41991b23d962021-12-21 10:29:52.951root 11241100x8000000000000000362146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9a0f16be638d782021-12-21 10:29:52.951root 11241100x8000000000000000362147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9e7fdc07c66981e2021-12-21 10:29:52.953root 11241100x8000000000000000362148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfdf29ed39b41c6b2021-12-21 10:29:52.953root 11241100x8000000000000000362149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ceb9c5fc2a2e02e2021-12-21 10:29:52.953root 11241100x8000000000000000362150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dcb4c25cc8520522021-12-21 10:29:52.953root 11241100x8000000000000000362151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0ec854045fc38b2021-12-21 10:29:52.953root 11241100x8000000000000000362152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99db9c1b31b4cab92021-12-21 10:29:52.953root 11241100x8000000000000000362153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c050da3da12be32021-12-21 10:29:52.953root 11241100x8000000000000000362154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6df658e697b5688e2021-12-21 10:29:52.953root 11241100x8000000000000000362155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c01dcc2269734872021-12-21 10:29:52.954root 11241100x8000000000000000362156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c7c00c5c5e465d2021-12-21 10:29:52.954root 11241100x8000000000000000362157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d788fd86032e722021-12-21 10:29:52.956root 11241100x8000000000000000362158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.957{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4df56683db621ccd2021-12-21 10:29:52.957root 11241100x8000000000000000362159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.958{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b629791a9ebaf1d82021-12-21 10:29:52.958root 11241100x8000000000000000362160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d23274444b847d932021-12-21 10:29:52.959root 11241100x8000000000000000362161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1071dfda190912fb2021-12-21 10:29:52.959root 11241100x8000000000000000362162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8709c56b0305323f2021-12-21 10:29:52.959root 11241100x8000000000000000362163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.742d3c7bc517ebb22021-12-21 10:29:52.960root 11241100x8000000000000000362164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0338087fd50a950e2021-12-21 10:29:52.960root 11241100x8000000000000000362165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0379612c391c232021-12-21 10:29:52.960root 11241100x8000000000000000362166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30dd440add0cf562021-12-21 10:29:52.960root 11241100x8000000000000000362167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f4efc944b8c3032021-12-21 10:29:52.960root 11241100x8000000000000000362168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93153c9f9ca564d62021-12-21 10:29:52.960root 11241100x8000000000000000362169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f96bbd3139da502021-12-21 10:29:52.960root 11241100x8000000000000000362170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e26ebf537183b7e2021-12-21 10:29:52.961root 11241100x8000000000000000362171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9a5a376af58d8c2021-12-21 10:29:52.961root 11241100x8000000000000000362172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fe166a96908cb1d2021-12-21 10:29:52.961root 11241100x8000000000000000362173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a32dc5b136f8b3d32021-12-21 10:29:52.961root 11241100x8000000000000000362174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da59061fabd8bd5a2021-12-21 10:29:52.961root 11241100x8000000000000000362175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ddb78ebf30b99252021-12-21 10:29:52.961root 11241100x8000000000000000362176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.961{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0c55f329b29c3e2021-12-21 10:29:52.961root 11241100x8000000000000000362177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f1f3a60cf324272021-12-21 10:29:52.962root 11241100x8000000000000000362178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4a63bc7589ae9e72021-12-21 10:29:52.962root 11241100x8000000000000000362179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff02c494762788ab2021-12-21 10:29:52.962root 11241100x8000000000000000362180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7739153e2e995ae82021-12-21 10:29:52.962root 11241100x8000000000000000362181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.962{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b347bfcfbe1f67ed2021-12-21 10:29:52.962root 11241100x8000000000000000362182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774794423fcd67ab2021-12-21 10:29:52.963root 11241100x8000000000000000362183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0704b2dbcc7771c2021-12-21 10:29:52.963root 11241100x8000000000000000362184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3bd73c8409970032021-12-21 10:29:52.963root 11241100x8000000000000000362185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f92b19214652b22021-12-21 10:29:52.963root 11241100x8000000000000000362186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ba6402371ab4732021-12-21 10:29:52.963root 11241100x8000000000000000362187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.963{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc154bb7e9671e62021-12-21 10:29:52.963root 11241100x8000000000000000362188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc507051a5351f162021-12-21 10:29:52.964root 11241100x8000000000000000362189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a5c62e044b23592021-12-21 10:29:52.964root 11241100x8000000000000000362190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859d18f43983bad22021-12-21 10:29:52.964root 11241100x8000000000000000362191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0050f41bf6a7d02021-12-21 10:29:52.964root 11241100x8000000000000000362192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4127d57219f5de2021-12-21 10:29:52.964root 11241100x8000000000000000362193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6602fefa1e55dcb82021-12-21 10:29:52.964root 11241100x8000000000000000362194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f05f74a7b164767d2021-12-21 10:29:52.965root 11241100x8000000000000000362195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51fb23bcd05bfcc42021-12-21 10:29:52.965root 11241100x8000000000000000362196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.837af2f0d17f82192021-12-21 10:29:52.965root 11241100x8000000000000000362197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfb602ad98ddbc52021-12-21 10:29:52.965root 11241100x8000000000000000362198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a8eb713d927ba02021-12-21 10:29:52.965root 11241100x8000000000000000362199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd67d3f8f9d2d9b32021-12-21 10:29:52.965root 11241100x8000000000000000362200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8211e59dbb164e602021-12-21 10:29:52.965root 11241100x8000000000000000362201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.533624535adf9a402021-12-21 10:29:52.965root 11241100x8000000000000000362202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca0228dc2463b472021-12-21 10:29:52.967root 11241100x8000000000000000362203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c186cf3a7a6a442021-12-21 10:29:52.967root 11241100x8000000000000000362204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8795dbfedf40c09e2021-12-21 10:29:52.967root 11241100x8000000000000000362205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c929a467ad04492021-12-21 10:29:52.967root 11241100x8000000000000000362206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d1b3706ca6f545f2021-12-21 10:29:52.967root 11241100x8000000000000000362207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b0d3bfb6d8446b2021-12-21 10:29:52.967root 11241100x8000000000000000362208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0183430e9ee92b2021-12-21 10:29:52.967root 11241100x8000000000000000362209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c290df520a1f3ae22021-12-21 10:29:52.968root 11241100x8000000000000000362210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0aec97baf5ae0b52021-12-21 10:29:52.968root 11241100x8000000000000000362211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddca15cf63af3f762021-12-21 10:29:52.968root 11241100x8000000000000000362212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a20b9cd440bca332021-12-21 10:29:52.968root 11241100x8000000000000000362213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e183a3e0504f21ac2021-12-21 10:29:52.968root 11241100x8000000000000000362214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae8c9fefa9a9b362021-12-21 10:29:52.968root 11241100x8000000000000000362215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7dc2cf397d60372021-12-21 10:29:52.968root 11241100x8000000000000000362216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa47354b0bef1272021-12-21 10:29:52.969root 11241100x8000000000000000362217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6f333396494100b2021-12-21 10:29:52.970root 11241100x8000000000000000362218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dfa28d43af3611b2021-12-21 10:29:52.971root 11241100x8000000000000000362219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.358c51470ff7edd02021-12-21 10:29:52.971root 11241100x8000000000000000362220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615761258fcc79c72021-12-21 10:29:52.971root 11241100x8000000000000000362221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06e0e8b2d2fa3ae72021-12-21 10:29:52.971root 11241100x8000000000000000362222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.089cf797828a6a3d2021-12-21 10:29:52.971root 11241100x8000000000000000362223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7795e95f680c06202021-12-21 10:29:52.972root 11241100x8000000000000000362224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1875e24a2dff44bb2021-12-21 10:29:52.972root 11241100x8000000000000000362225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a3448a9a5f9ba02021-12-21 10:29:52.972root 11241100x8000000000000000362226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468aa8cec59bd1d82021-12-21 10:29:52.972root 11241100x8000000000000000362227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c000c72935bb1dd2021-12-21 10:29:52.972root 11241100x8000000000000000362228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.692a8cff4d6a986c2021-12-21 10:29:52.972root 11241100x8000000000000000362229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51825e3e313a39212021-12-21 10:29:52.972root 11241100x8000000000000000362230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8270fe8700248b922021-12-21 10:29:52.972root 11241100x8000000000000000362231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73390eda881a02ea2021-12-21 10:29:52.972root 11241100x8000000000000000362232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5ef71681aae32a12021-12-21 10:29:52.972root 11241100x8000000000000000362233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db938a4f63dd5cf2021-12-21 10:29:52.972root 11241100x8000000000000000362234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.972{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d36a4b16a72b3a72021-12-21 10:29:52.972root 11241100x8000000000000000362235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833bf562154526972021-12-21 10:29:52.973root 11241100x8000000000000000362236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d6baca8e6e9851b2021-12-21 10:29:52.973root 11241100x8000000000000000362237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b5028ca2d09ab32021-12-21 10:29:52.973root 11241100x8000000000000000362238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4235ca57d96b104d2021-12-21 10:29:52.973root 11241100x8000000000000000362239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.647d7ffdf74ccf632021-12-21 10:29:52.973root 11241100x8000000000000000362240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69924c2cddd497872021-12-21 10:29:52.973root 11241100x8000000000000000362241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9bd2801ba7db2fd2021-12-21 10:29:52.973root 11241100x8000000000000000362242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eee6f29ff8cd4ea92021-12-21 10:29:52.973root 11241100x8000000000000000362243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb99fc68a42fbe662021-12-21 10:29:52.973root 11241100x8000000000000000362244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94d7b36605c4fa12021-12-21 10:29:52.973root 11241100x8000000000000000362245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea6b05349621e4ed2021-12-21 10:29:52.973root 11241100x8000000000000000362246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfcf5add499eddd52021-12-21 10:29:52.973root 11241100x8000000000000000362247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1870a7be666b9d02021-12-21 10:29:52.973root 11241100x8000000000000000362248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c933866e6287ae512021-12-21 10:29:52.973root 11241100x8000000000000000362249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c11067c17fe8c92021-12-21 10:29:52.974root 11241100x8000000000000000362250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24acc153c4f08be2021-12-21 10:29:52.974root 11241100x8000000000000000362251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.990d6dc14df3160b2021-12-21 10:29:52.974root 11241100x8000000000000000362252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779b981c9dd760c02021-12-21 10:29:52.974root 11241100x8000000000000000362253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b1b14935babcec2021-12-21 10:29:52.974root 11241100x8000000000000000362254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcca9526579fcb852021-12-21 10:29:52.974root 11241100x8000000000000000362255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1631c31c6144fe0c2021-12-21 10:29:52.974root 11241100x8000000000000000362256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.917d1756035977a82021-12-21 10:29:52.974root 11241100x8000000000000000362257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7623f27e337cf92021-12-21 10:29:52.974root 11241100x8000000000000000362258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4421d437e5e3aca2021-12-21 10:29:52.974root 11241100x8000000000000000362259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8167c008438deb2021-12-21 10:29:52.974root 11241100x8000000000000000362260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3e0d16ed7b7bb72021-12-21 10:29:52.974root 11241100x8000000000000000362261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9bff3a37c166fd22021-12-21 10:29:52.974root 11241100x8000000000000000362262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.975{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a52078114e392c9a2021-12-21 10:29:52.975root 11241100x8000000000000000362263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.975{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fde53992a37686b72021-12-21 10:29:52.975root 11241100x8000000000000000362264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.976{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8139120e921d1bb12021-12-21 10:29:52.976root 11241100x8000000000000000362265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.976{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c33e83fd2876c85d2021-12-21 10:29:52.976root 11241100x8000000000000000362266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.976{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9636dc5f79e99c2021-12-21 10:29:52.976root 11241100x8000000000000000362267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.976{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12bf8278c7ed27882021-12-21 10:29:52.976root 11241100x8000000000000000362268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.976{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae0c97b3c9b6af22021-12-21 10:29:52.976root 11241100x8000000000000000362269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.976{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e0e4de45dd4eb82021-12-21 10:29:52.976root 11241100x8000000000000000362270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.976{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b75ffffd5973ae2021-12-21 10:29:52.976root 11241100x8000000000000000362271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.976{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf7c639ffb0a1672021-12-21 10:29:52.976root 11241100x8000000000000000362272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.977{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e4e19756a3cb842021-12-21 10:29:52.977root 11241100x8000000000000000362273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.977{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0ecf3a9e7f559062021-12-21 10:29:52.977root 11241100x8000000000000000362274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:52.977{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e44078dadacd6402021-12-21 10:29:52.977root 11241100x8000000000000000362275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011b9d0fbfd64e4d2021-12-21 10:29:53.443root 11241100x8000000000000000362276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce73554561ff9bb2021-12-21 10:29:53.443root 11241100x8000000000000000362277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea379cfa90ee3c262021-12-21 10:29:53.443root 11241100x8000000000000000362278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739b4d7da39c30f32021-12-21 10:29:53.443root 11241100x8000000000000000362279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b7039eb93dd12402021-12-21 10:29:53.444root 11241100x8000000000000000362280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cabfde6501b62952021-12-21 10:29:53.444root 11241100x8000000000000000362281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a93845d1c144a62021-12-21 10:29:53.444root 11241100x8000000000000000362282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.345990a50c18cc142021-12-21 10:29:53.444root 11241100x8000000000000000362283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b16f412d1f2b0472021-12-21 10:29:53.444root 11241100x8000000000000000362284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233833aa6efb99e02021-12-21 10:29:53.444root 11241100x8000000000000000362285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fae56d572f1c9ec2021-12-21 10:29:53.444root 11241100x8000000000000000362286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11bc88c10e33bd472021-12-21 10:29:53.444root 11241100x8000000000000000362287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d88ce1bcb4e1492021-12-21 10:29:53.444root 11241100x8000000000000000362288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfe638a2ec33e7b2021-12-21 10:29:53.444root 11241100x8000000000000000362289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b471e34eb363d2a72021-12-21 10:29:53.444root 11241100x8000000000000000362290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a2fc038515956082021-12-21 10:29:53.444root 11241100x8000000000000000362291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a5cf4465184ba42021-12-21 10:29:53.444root 11241100x8000000000000000362292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b53b2ccd05498512021-12-21 10:29:53.444root 11241100x8000000000000000362293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4507144cc3d5f52021-12-21 10:29:53.444root 11241100x8000000000000000362294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28a61a893075ed42021-12-21 10:29:53.445root 11241100x8000000000000000362295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394757683f3172f62021-12-21 10:29:53.445root 11241100x8000000000000000362296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f0a5d99d381ffe2021-12-21 10:29:53.445root 11241100x8000000000000000362297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8602359a95c14192021-12-21 10:29:53.445root 11241100x8000000000000000362298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9acf977fe32a91262021-12-21 10:29:53.445root 11241100x8000000000000000362299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c4d0fe4a8ff79362021-12-21 10:29:53.445root 11241100x8000000000000000362300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ade15bd117d6b432021-12-21 10:29:53.445root 11241100x8000000000000000362301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7924fa118fc7d9df2021-12-21 10:29:53.445root 11241100x8000000000000000362302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e748e0e251575e2021-12-21 10:29:53.445root 11241100x8000000000000000362303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08381300cc7b9792021-12-21 10:29:53.445root 11241100x8000000000000000362304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aba01f5d9429bdaa2021-12-21 10:29:53.445root 11241100x8000000000000000362305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d407926dfff308f72021-12-21 10:29:53.446root 11241100x8000000000000000362306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13ade4cfd33e94b2021-12-21 10:29:53.446root 11241100x8000000000000000362307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365a3a0f086b1fe32021-12-21 10:29:53.446root 11241100x8000000000000000362308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f7d5f5a69116ff2021-12-21 10:29:53.446root 11241100x8000000000000000362309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ef9970a3459de32021-12-21 10:29:53.446root 11241100x8000000000000000362310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69cb1352831b74e72021-12-21 10:29:53.446root 11241100x8000000000000000362311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eef4e41d9ddf1bb72021-12-21 10:29:53.446root 11241100x8000000000000000362312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c62afc674aecca9a2021-12-21 10:29:53.446root 11241100x8000000000000000362313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65ba03158d7abb342021-12-21 10:29:53.446root 11241100x8000000000000000362314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b9cc2bc4277dc832021-12-21 10:29:53.446root 11241100x8000000000000000362315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c5c8a5e990ef9c2021-12-21 10:29:53.447root 11241100x8000000000000000362316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1217c4934d9ba6c2021-12-21 10:29:53.447root 11241100x8000000000000000362317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2e9d8014e25ab712021-12-21 10:29:53.447root 11241100x8000000000000000362318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6632dc24a582f97a2021-12-21 10:29:53.447root 11241100x8000000000000000362319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c992c3394faf716f2021-12-21 10:29:53.447root 11241100x8000000000000000362320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1735b4ddc75993792021-12-21 10:29:53.447root 11241100x8000000000000000362321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f43ba4a3dce9eaa2021-12-21 10:29:53.447root 11241100x8000000000000000362322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c470e2f803cbb82021-12-21 10:29:53.447root 11241100x8000000000000000362323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5efbd5e2b763652021-12-21 10:29:53.447root 11241100x8000000000000000362324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36a869decda91c022021-12-21 10:29:53.447root 11241100x8000000000000000362325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba91c52e3550880f2021-12-21 10:29:53.447root 11241100x8000000000000000362326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54adbeb06fd6dbdf2021-12-21 10:29:53.448root 11241100x8000000000000000362327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef39e9b14daf46042021-12-21 10:29:53.448root 11241100x8000000000000000362328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26044e61f5a8e7552021-12-21 10:29:53.448root 11241100x8000000000000000362329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2896239666bd0e5b2021-12-21 10:29:53.448root 11241100x8000000000000000362330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.180f745b4f4e1d142021-12-21 10:29:53.448root 11241100x8000000000000000362331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06987f029ec4f1b72021-12-21 10:29:53.448root 11241100x8000000000000000362332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5ff10e9c3c17cf2021-12-21 10:29:53.448root 11241100x8000000000000000362333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0da3edde0a69662021-12-21 10:29:53.448root 11241100x8000000000000000362334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6c8d5c65cffec42021-12-21 10:29:53.448root 11241100x8000000000000000362335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567294416bc0d2d12021-12-21 10:29:53.448root 11241100x8000000000000000362336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41003742e21a1dfd2021-12-21 10:29:53.448root 11241100x8000000000000000362337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a899441d0c5b3c032021-12-21 10:29:53.448root 11241100x8000000000000000362338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e7055ee08e35a492021-12-21 10:29:53.449root 11241100x8000000000000000362339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.687973112ac6c64e2021-12-21 10:29:53.449root 11241100x8000000000000000362340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea3d9779797966272021-12-21 10:29:53.449root 11241100x8000000000000000362341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8748624ddbd0fe2021-12-21 10:29:53.449root 11241100x8000000000000000362342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514eba0d70d38cc42021-12-21 10:29:53.449root 11241100x8000000000000000362343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261879c17a5e521f2021-12-21 10:29:53.449root 11241100x8000000000000000362344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9de2357fb02d9de62021-12-21 10:29:53.449root 11241100x8000000000000000362345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bd2e32c808e3f132021-12-21 10:29:53.449root 11241100x8000000000000000362346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4dc0fff5277e1212021-12-21 10:29:53.449root 11241100x8000000000000000362347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c8fe5c0e17636662021-12-21 10:29:53.449root 11241100x8000000000000000362348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.201465f6878516612021-12-21 10:29:53.449root 11241100x8000000000000000362349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf921592f5811fd2021-12-21 10:29:53.449root 11241100x8000000000000000362350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de3676682b88f982021-12-21 10:29:53.450root 11241100x8000000000000000362351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25de6692d2ac83a32021-12-21 10:29:53.450root 11241100x8000000000000000362352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1769ed422b17f162021-12-21 10:29:53.450root 11241100x8000000000000000362353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34392797682b8c172021-12-21 10:29:53.450root 11241100x8000000000000000362354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34a3acef5e2b9d962021-12-21 10:29:53.450root 11241100x8000000000000000362355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e134ab0026e72c2021-12-21 10:29:53.450root 11241100x8000000000000000362356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0aab9efdb6a4ff682021-12-21 10:29:53.450root 11241100x8000000000000000362357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2ae1ada8838b7c52021-12-21 10:29:53.450root 11241100x8000000000000000362358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c99110dd841dea02021-12-21 10:29:53.450root 11241100x8000000000000000362359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394cb940782c9e892021-12-21 10:29:53.450root 11241100x8000000000000000362360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8737cda59a6f90a42021-12-21 10:29:53.450root 11241100x8000000000000000362361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2fe4be9506e89672021-12-21 10:29:53.450root 11241100x8000000000000000362362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cd23f94e21da0d62021-12-21 10:29:53.451root 11241100x8000000000000000362363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00203485ab1db8e52021-12-21 10:29:53.451root 11241100x8000000000000000362364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36cf43112f58be982021-12-21 10:29:53.451root 11241100x8000000000000000362365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.461f392fd142a9632021-12-21 10:29:53.451root 11241100x8000000000000000362366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ebc9c66435c8092021-12-21 10:29:53.451root 11241100x8000000000000000362367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3a0c01edc6c1d32021-12-21 10:29:53.451root 11241100x8000000000000000362368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c09c0ff3d9f1472021-12-21 10:29:53.451root 11241100x8000000000000000362369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4830f1f2cdf438a2021-12-21 10:29:53.451root 11241100x8000000000000000362370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b5bba127a4b95b2021-12-21 10:29:53.451root 11241100x8000000000000000362371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37ae8ad4664794f2021-12-21 10:29:53.451root 11241100x8000000000000000362372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09d722a9b3f0ea952021-12-21 10:29:53.451root 11241100x8000000000000000362373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40847e2ef2f542352021-12-21 10:29:53.451root 11241100x8000000000000000362374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d789b2bf4816be0e2021-12-21 10:29:53.452root 11241100x8000000000000000362375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c14440cc695fb162021-12-21 10:29:53.452root 11241100x8000000000000000362376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a599cf2a2639ae42021-12-21 10:29:53.452root 11241100x8000000000000000362377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724277fe298ad0f92021-12-21 10:29:53.452root 11241100x8000000000000000362378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04ce15ba86580eb2021-12-21 10:29:53.452root 11241100x8000000000000000362379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c058e7177b2457642021-12-21 10:29:53.452root 11241100x8000000000000000362380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe27dfd865ccdd42021-12-21 10:29:53.452root 11241100x8000000000000000362381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.054fa48cb71b20d32021-12-21 10:29:53.453root 11241100x8000000000000000362382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6de8658c19a15f82021-12-21 10:29:53.453root 11241100x8000000000000000362383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0612889b47edfcb62021-12-21 10:29:53.453root 11241100x8000000000000000362384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3437290505581cbe2021-12-21 10:29:53.453root 11241100x8000000000000000362385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15670629271b098d2021-12-21 10:29:53.453root 11241100x8000000000000000362386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e32a872cf47e0a2f2021-12-21 10:29:53.453root 11241100x8000000000000000362387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4cf37131776136a2021-12-21 10:29:53.453root 11241100x8000000000000000362388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72d0a2a45895fddf2021-12-21 10:29:53.454root 11241100x8000000000000000362389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6ba6883ecf7a67e2021-12-21 10:29:53.454root 11241100x8000000000000000362390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd39e35390a097a12021-12-21 10:29:53.454root 11241100x8000000000000000362391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9dc0165533bd532021-12-21 10:29:53.454root 11241100x8000000000000000362392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb44b910ce8f3cf82021-12-21 10:29:53.454root 11241100x8000000000000000362393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b669a36050cab9492021-12-21 10:29:53.454root 11241100x8000000000000000362394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c33517f174931b2021-12-21 10:29:53.454root 11241100x8000000000000000362395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad918363df542602021-12-21 10:29:53.454root 11241100x8000000000000000362396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a2e48c7dc5ef8fe2021-12-21 10:29:53.454root 11241100x8000000000000000362397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46968f7222901f592021-12-21 10:29:53.454root 11241100x8000000000000000362398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.604be1aad174c7a52021-12-21 10:29:53.454root 11241100x8000000000000000362399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea4276f87803220a2021-12-21 10:29:53.455root 11241100x8000000000000000362400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b84433f1ec8e824d2021-12-21 10:29:53.455root 11241100x8000000000000000362401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37cd2c68fa785f62021-12-21 10:29:53.455root 11241100x8000000000000000362402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea246ece6eebf10c2021-12-21 10:29:53.455root 11241100x8000000000000000362403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb7a28ac4dc71fb2021-12-21 10:29:53.455root 11241100x8000000000000000362404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0890d867067e366a2021-12-21 10:29:53.455root 11241100x8000000000000000362405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5b502840f1772552021-12-21 10:29:53.455root 11241100x8000000000000000362406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333497bddd36a8d52021-12-21 10:29:53.455root 11241100x8000000000000000362407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edaee78df319b8982021-12-21 10:29:53.455root 11241100x8000000000000000362408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed89198a2a995dd92021-12-21 10:29:53.455root 11241100x8000000000000000362409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.455{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97d9061df51ddf8d2021-12-21 10:29:53.455root 11241100x8000000000000000362410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.666e0a9cae9680c92021-12-21 10:29:53.456root 11241100x8000000000000000362411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6f467857f7424212021-12-21 10:29:53.456root 11241100x8000000000000000362412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4991e89d158a502021-12-21 10:29:53.456root 11241100x8000000000000000362413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271ba3dfe7d392462021-12-21 10:29:53.456root 11241100x8000000000000000362414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9293a21aecdbdf32021-12-21 10:29:53.456root 11241100x8000000000000000362415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46a4791cd774d3ba2021-12-21 10:29:53.456root 11241100x8000000000000000362416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8b809dd52d39fd2021-12-21 10:29:53.456root 11241100x8000000000000000362417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b0f6f39fa3ad772021-12-21 10:29:53.456root 11241100x8000000000000000362418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.456{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f0027f46461bc0e2021-12-21 10:29:53.456root 11241100x8000000000000000362419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29378ccd40301fa12021-12-21 10:29:53.457root 11241100x8000000000000000362420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77e62aa135a9c56b2021-12-21 10:29:53.457root 11241100x8000000000000000362421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94be53a7e9cf1a1b2021-12-21 10:29:53.457root 11241100x8000000000000000362422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fd1998ab5b6a03d2021-12-21 10:29:53.457root 11241100x8000000000000000362423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b71171737125f2f2021-12-21 10:29:53.457root 11241100x8000000000000000362424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffecadae45105f692021-12-21 10:29:53.457root 11241100x8000000000000000362425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91aaafd1b75c5fa82021-12-21 10:29:53.457root 11241100x8000000000000000362426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9507b8424d96d6af2021-12-21 10:29:53.457root 11241100x8000000000000000362427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50a6191d9a128842021-12-21 10:29:53.457root 11241100x8000000000000000362428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16cd9c5ebbaa5b9b2021-12-21 10:29:53.457root 11241100x8000000000000000362429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bcc68cfd2021b92021-12-21 10:29:53.457root 11241100x8000000000000000362430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.457{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b126b608aa9e908e2021-12-21 10:29:53.457root 11241100x8000000000000000362431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee0bc3bc2e616162021-12-21 10:29:53.458root 11241100x8000000000000000362432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b4d7a4f2136d22f2021-12-21 10:29:53.458root 11241100x8000000000000000362433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06285bff84b3a2c82021-12-21 10:29:53.458root 11241100x8000000000000000362434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8117d23156c6ae2021-12-21 10:29:53.458root 11241100x8000000000000000362435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.458{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.029ec5fd38c8e2f82021-12-21 10:29:53.458root 11241100x8000000000000000362436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26f6d8b0efca7b42021-12-21 10:29:53.943root 11241100x8000000000000000362437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ae34266584155452021-12-21 10:29:53.943root 11241100x8000000000000000362438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cd3177aa9ee4fba2021-12-21 10:29:53.943root 11241100x8000000000000000362439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb29ee2defb3a9d2021-12-21 10:29:53.944root 11241100x8000000000000000362440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83b2ad50fe8048c72021-12-21 10:29:53.944root 11241100x8000000000000000362441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c66212b06c807132021-12-21 10:29:53.944root 11241100x8000000000000000362442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b573223d8adbab232021-12-21 10:29:53.944root 11241100x8000000000000000362443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a61eca68449d232021-12-21 10:29:53.944root 11241100x8000000000000000362444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee39e242e78dada2021-12-21 10:29:53.944root 11241100x8000000000000000362445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be206e56aaab54402021-12-21 10:29:53.944root 11241100x8000000000000000362446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205f9ce399d5e0092021-12-21 10:29:53.944root 11241100x8000000000000000362447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63c4e9340d74be662021-12-21 10:29:53.944root 11241100x8000000000000000362448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec4b82063c544e62021-12-21 10:29:53.944root 11241100x8000000000000000362449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c000555c0aafdd5a2021-12-21 10:29:53.944root 11241100x8000000000000000362450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3c4b4fc2f046b3f2021-12-21 10:29:53.945root 11241100x8000000000000000362451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa5ee08c63b99062021-12-21 10:29:53.945root 11241100x8000000000000000362452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9866fa1f1537a8ce2021-12-21 10:29:53.945root 11241100x8000000000000000362453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6895309f4d0862db2021-12-21 10:29:53.945root 11241100x8000000000000000362454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd2f6f7e3f1e6d82021-12-21 10:29:53.945root 11241100x8000000000000000362455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1666892fc31d332f2021-12-21 10:29:53.945root 11241100x8000000000000000362456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e7f8aec4fda332f2021-12-21 10:29:53.945root 11241100x8000000000000000362457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ced8e6a9c7264512021-12-21 10:29:53.945root 11241100x8000000000000000362458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75e66d6edde2c52d2021-12-21 10:29:53.945root 11241100x8000000000000000362459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6fb5e2808d80682021-12-21 10:29:53.946root 11241100x8000000000000000362460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7841f58904a69a3b2021-12-21 10:29:53.946root 11241100x8000000000000000362461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bbdd5060e5f1f142021-12-21 10:29:53.947root 11241100x8000000000000000362462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811caafc27fd80292021-12-21 10:29:53.947root 11241100x8000000000000000362463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a67bed294257b32021-12-21 10:29:53.947root 11241100x8000000000000000362464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fe0195793d31112021-12-21 10:29:53.947root 11241100x8000000000000000362465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32489003d74121d12021-12-21 10:29:53.947root 11241100x8000000000000000362466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68062eff5775810e2021-12-21 10:29:53.947root 11241100x8000000000000000362467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c75e5bcdfc25b1342021-12-21 10:29:53.948root 11241100x8000000000000000362468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.992ea473837f7f2b2021-12-21 10:29:53.948root 11241100x8000000000000000362469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c584d6f14b2e4cd2021-12-21 10:29:53.948root 11241100x8000000000000000362470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae50a24c27a97b72021-12-21 10:29:53.948root 11241100x8000000000000000362471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b3604ef35a6bda2021-12-21 10:29:53.948root 11241100x8000000000000000362472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40b1d8ec18aae83e2021-12-21 10:29:53.948root 11241100x8000000000000000362473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ffc66f393933362021-12-21 10:29:53.948root 11241100x8000000000000000362474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d6b82fc3a829502021-12-21 10:29:53.948root 11241100x8000000000000000362475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfea88214ddf11fe2021-12-21 10:29:53.949root 11241100x8000000000000000362476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd8b611248e2aaa02021-12-21 10:29:53.949root 11241100x8000000000000000362477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdfb41a9623f559b2021-12-21 10:29:53.949root 11241100x8000000000000000362478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0373b58afe6358252021-12-21 10:29:53.949root 11241100x8000000000000000362479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12cfb8aed30122ce2021-12-21 10:29:53.949root 11241100x8000000000000000362480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3c2f6c8b5091c62021-12-21 10:29:53.949root 11241100x8000000000000000362481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11e43fc5e544ce292021-12-21 10:29:53.949root 11241100x8000000000000000362482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.879722a54d8b600a2021-12-21 10:29:53.950root 11241100x8000000000000000362483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26e49eb060289c4d2021-12-21 10:29:53.950root 11241100x8000000000000000362484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d215979863f1f092021-12-21 10:29:53.950root 11241100x8000000000000000362485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66c76f3801b7a2292021-12-21 10:29:53.950root 11241100x8000000000000000362486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17374e384a4487842021-12-21 10:29:53.950root 11241100x8000000000000000362487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04068fab4ed5d612021-12-21 10:29:53.950root 11241100x8000000000000000362488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.931ceb681c4810982021-12-21 10:29:53.950root 11241100x8000000000000000362489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06f2d6f31c64c6272021-12-21 10:29:53.951root 11241100x8000000000000000362490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ff39a033720e31b2021-12-21 10:29:53.951root 11241100x8000000000000000362491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f54b571feb66222021-12-21 10:29:53.951root 11241100x8000000000000000362492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1788a285aeeb2ae2021-12-21 10:29:53.951root 11241100x8000000000000000362493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed6b32edbca631842021-12-21 10:29:53.951root 11241100x8000000000000000362494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3de1361c6be0ea342021-12-21 10:29:53.951root 11241100x8000000000000000362495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7404ceb8d4350e02021-12-21 10:29:53.951root 11241100x8000000000000000362496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c999c3ed2cc7c27c2021-12-21 10:29:53.951root 11241100x8000000000000000362497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0f16109deb1d6e2021-12-21 10:29:53.952root 11241100x8000000000000000362498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f95c32a4545cf0eb2021-12-21 10:29:53.952root 11241100x8000000000000000362499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea68935aa886f9d92021-12-21 10:29:53.952root 11241100x8000000000000000362500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d73dc12902494f832021-12-21 10:29:53.952root 11241100x8000000000000000362501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1edef7d12d746f2021-12-21 10:29:53.952root 11241100x8000000000000000362502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbf899742d561bd92021-12-21 10:29:53.952root 11241100x8000000000000000362503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac57511f4ab21f3e2021-12-21 10:29:53.952root 11241100x8000000000000000362504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cfc7cbea9d395c72021-12-21 10:29:53.952root 11241100x8000000000000000362505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1aaf96ddb48fb9d2021-12-21 10:29:53.953root 11241100x8000000000000000362506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e6778315f7013762021-12-21 10:29:53.953root 11241100x8000000000000000362507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b4077729fae0c632021-12-21 10:29:53.953root 11241100x8000000000000000362508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e48c49f86fd2e82021-12-21 10:29:53.953root 11241100x8000000000000000362509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f9a722b843ad0622021-12-21 10:29:53.953root 534500x8000000000000000362510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.976{00000000-0000-0000-0000-000000000000}5727<unknown process>ubuntu 534500x8000000000000000362511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.978{ec2b6afe-ac9d-61c1-0000-000000000000}5728-ubuntu 11241100x8000000000000000362512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.978{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash/tmp/sh-thd.VocieF2021-12-21 10:29:53.978ubuntu 23542300x8000000000000000362513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:53.978{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677ubuntu/bin/bash/tmp/sh-thd.VocieF--- 154100x8000000000000000362514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.295{ec2b6afe-aca2-61c1-80c2-d778b8550000}5729/bin/nano-----nano run_mod.sh/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash-bashubuntu 11241100x8000000000000000362515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.298{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6581327a35c527f22021-12-21 10:29:54.298root 11241100x8000000000000000362516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.298{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d36f68d58e4ec382021-12-21 10:29:54.298root 11241100x8000000000000000362517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1162e2fcea85d212021-12-21 10:29:54.299root 11241100x8000000000000000362518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157eec173a1cd7b32021-12-21 10:29:54.299root 11241100x8000000000000000362519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7716e29e73d040312021-12-21 10:29:54.299root 11241100x8000000000000000362520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.299{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7150437ae05d1dc32021-12-21 10:29:54.299root 11241100x8000000000000000362521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c73122383bdf94e2021-12-21 10:29:54.300root 11241100x8000000000000000362522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c3c890e2aeedda32021-12-21 10:29:54.300root 11241100x8000000000000000362523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c66e08e162c6f682021-12-21 10:29:54.300root 11241100x8000000000000000362524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.300{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffa9c87e1cf959d12021-12-21 10:29:54.300root 11241100x8000000000000000362525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5145d0cd4aa705da2021-12-21 10:29:54.301root 11241100x8000000000000000362526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a1e6091e08a6a72021-12-21 10:29:54.301root 11241100x8000000000000000362527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ac0ce5c48e513ad2021-12-21 10:29:54.301root 11241100x8000000000000000362528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.218a56dc407c51d82021-12-21 10:29:54.301root 11241100x8000000000000000362529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.301{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc85f0b5089a8b9d2021-12-21 10:29:54.301root 11241100x8000000000000000362530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9f8785deb30d4182021-12-21 10:29:54.302root 11241100x8000000000000000362531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1affa456b16bd2b92021-12-21 10:29:54.302root 11241100x8000000000000000362532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.302{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187cfb9d870f606d2021-12-21 10:29:54.302root 11241100x8000000000000000362533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88b9a63e708cdd02021-12-21 10:29:54.303root 11241100x8000000000000000362534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3f457d169ff04a2021-12-21 10:29:54.303root 11241100x8000000000000000362535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fba1e48af3bf74372021-12-21 10:29:54.303root 11241100x8000000000000000362536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66266c65cf4699162021-12-21 10:29:54.303root 11241100x8000000000000000362537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.303{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b0b6b31aedf59d2021-12-21 10:29:54.303root 11241100x8000000000000000362538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.304{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eaa51af3df75ed52021-12-21 10:29:54.304root 11241100x8000000000000000362539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.304{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b50901553b0e67dd2021-12-21 10:29:54.304root 11241100x8000000000000000362540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.304{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c70db97dbad0a422021-12-21 10:29:54.304root 11241100x8000000000000000362541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.304{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87fad35945d7d47b2021-12-21 10:29:54.304root 11241100x8000000000000000362542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.305{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b4f7cf4aab5a0f22021-12-21 10:29:54.305root 11241100x8000000000000000362543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.305{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1484c1f0d5718ee72021-12-21 10:29:54.305root 11241100x8000000000000000362544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.305{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d461bcee2317792021-12-21 10:29:54.305root 11241100x8000000000000000362545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.305{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14049ba856940b7a2021-12-21 10:29:54.305root 11241100x8000000000000000362546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.306{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b945306cb2632452021-12-21 10:29:54.306root 11241100x8000000000000000362547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.306{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e49aaca313e7d242021-12-21 10:29:54.306root 11241100x8000000000000000362548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.306{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aad9dd70c7f523b2021-12-21 10:29:54.306root 11241100x8000000000000000362549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.306{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4388be9ce77a52b2021-12-21 10:29:54.306root 11241100x8000000000000000362550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.306{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a8f87ae517e0a12021-12-21 10:29:54.306root 11241100x8000000000000000362551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.307{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9739ec06f229cf52021-12-21 10:29:54.307root 11241100x8000000000000000362552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.307{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da1c308ed207d9d12021-12-21 10:29:54.307root 11241100x8000000000000000362553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.307{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd1ccdb9d346dea2021-12-21 10:29:54.307root 11241100x8000000000000000362554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.307{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255ea78414f294782021-12-21 10:29:54.307root 11241100x8000000000000000362555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.307{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b0cd6ca010023112021-12-21 10:29:54.307root 11241100x8000000000000000362556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.307{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e0fbe0f4b72d8622021-12-21 10:29:54.307root 11241100x8000000000000000362557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.308{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ee247c3d4cbf692021-12-21 10:29:54.308root 11241100x8000000000000000362558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.308{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ee35298925f10292021-12-21 10:29:54.308root 11241100x8000000000000000362559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.308{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d504fe081f1cae52021-12-21 10:29:54.308root 11241100x8000000000000000362560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.308{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1efb9576f54378b2021-12-21 10:29:54.308root 11241100x8000000000000000362561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.308{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73dd5dc1e22324472021-12-21 10:29:54.308root 11241100x8000000000000000362562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.309{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96fd1d1aa9e4ecf2021-12-21 10:29:54.309root 11241100x8000000000000000362563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.309{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430c488c3a22fc012021-12-21 10:29:54.309root 11241100x8000000000000000362564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.309{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe28f24de2ae72472021-12-21 10:29:54.309root 11241100x8000000000000000362565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.309{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279013f97de310902021-12-21 10:29:54.309root 11241100x8000000000000000362566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.309{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f8491d914c103ef2021-12-21 10:29:54.309root 11241100x8000000000000000362567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.310{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98c7491f28592c022021-12-21 10:29:54.310root 11241100x8000000000000000362568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.310{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8673b07af73915fc2021-12-21 10:29:54.310root 11241100x8000000000000000362569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.310{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2afba0e040ff9a2021-12-21 10:29:54.310root 11241100x8000000000000000362570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.310{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e17b58373097932021-12-21 10:29:54.310root 11241100x8000000000000000362571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.310{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0be9eb762085952021-12-21 10:29:54.310root 11241100x8000000000000000362572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.310{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.865d245ab3ae9bfc2021-12-21 10:29:54.310root 11241100x8000000000000000362573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.310{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c374cbe88ed771582021-12-21 10:29:54.310root 11241100x8000000000000000362574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.311{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.684c00a2a99564312021-12-21 10:29:54.311root 11241100x8000000000000000362575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.311{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.672f52f791fcb16b2021-12-21 10:29:54.311root 11241100x8000000000000000362576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.311{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f126714cf118e3dd2021-12-21 10:29:54.311root 11241100x8000000000000000362577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.311{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9c02cefaf6873702021-12-21 10:29:54.311root 11241100x8000000000000000362578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.311{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d60b4ce55364ac242021-12-21 10:29:54.311root 11241100x8000000000000000362579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.311{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a31d6bd5193fa62021-12-21 10:29:54.311root 11241100x8000000000000000362580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.311{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8e9df2beaedae2b2021-12-21 10:29:54.311root 11241100x8000000000000000362581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.311{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e4f8ff87a70461b2021-12-21 10:29:54.311root 11241100x8000000000000000362582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.312{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d20b201d8a3e19fa2021-12-21 10:29:54.312root 11241100x8000000000000000362583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.312{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69b810a3665f7df2021-12-21 10:29:54.312root 11241100x8000000000000000362584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.312{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.115946a8f5a6376a2021-12-21 10:29:54.312root 11241100x8000000000000000362585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.312{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e0037e0dd3dc0b2021-12-21 10:29:54.312root 11241100x8000000000000000362586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.312{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e9edd3e60603bd2021-12-21 10:29:54.312root 11241100x8000000000000000362587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.312{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48399411b29109132021-12-21 10:29:54.312root 11241100x8000000000000000362588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.312{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b980ed8b4fdb9a922021-12-21 10:29:54.312root 11241100x8000000000000000362589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.312{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af8dd1fcde350fb2021-12-21 10:29:54.312root 11241100x8000000000000000362590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.312{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ef87451baf766e2021-12-21 10:29:54.312root 11241100x8000000000000000362591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.312{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6137ea8ed882f5792021-12-21 10:29:54.312root 11241100x8000000000000000362592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.312{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.383607c1cb56bb8b2021-12-21 10:29:54.312root 11241100x8000000000000000362593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.313{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2be781a5f6b2d922021-12-21 10:29:54.313root 11241100x8000000000000000362594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.313{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea76d11aee48f5a2021-12-21 10:29:54.313root 11241100x8000000000000000362595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.313{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb1f29171696a642021-12-21 10:29:54.313root 11241100x8000000000000000362596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.313{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19ea697c83fa4212021-12-21 10:29:54.313root 11241100x8000000000000000362597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.313{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa8f65c229880b2d2021-12-21 10:29:54.313root 11241100x8000000000000000362598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.313{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.321c3a87c8eb2aee2021-12-21 10:29:54.313root 11241100x8000000000000000362599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.314{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4d69e0d4090885e2021-12-21 10:29:54.314root 11241100x8000000000000000362600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.314{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c789043a0cd19942021-12-21 10:29:54.314root 11241100x8000000000000000362601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.314{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77461d0fa002b6c2021-12-21 10:29:54.314root 11241100x8000000000000000362602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.314{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc33bdaab7999f5b2021-12-21 10:29:54.314root 11241100x8000000000000000362603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.314{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98fb5b1dbd20907f2021-12-21 10:29:54.314root 11241100x8000000000000000362604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.314{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1c94640b86e8042021-12-21 10:29:54.314root 11241100x8000000000000000362605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.314{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b5294dcb5222fb12021-12-21 10:29:54.314root 11241100x8000000000000000362606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.314{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac33147bd206b1332021-12-21 10:29:54.314root 11241100x8000000000000000362607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.315{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1759dcc8e35bd18f2021-12-21 10:29:54.315root 11241100x8000000000000000362608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.315{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a48a2931e692975f2021-12-21 10:29:54.315root 11241100x8000000000000000362609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.315{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e11e5e888b9f7a2021-12-21 10:29:54.315root 11241100x8000000000000000362610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.315{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.833f4c6c257cfee32021-12-21 10:29:54.315root 11241100x8000000000000000362611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.315{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08260b7a14585a52021-12-21 10:29:54.315root 11241100x8000000000000000362612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.315{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9cf1939c0a2acb2021-12-21 10:29:54.315root 11241100x8000000000000000362613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.315{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f3cf17f0dd035d82021-12-21 10:29:54.315root 11241100x8000000000000000362614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.315{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d5fed545d59df02021-12-21 10:29:54.315root 11241100x8000000000000000362615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.315{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3240d05b8fee0be12021-12-21 10:29:54.315root 11241100x8000000000000000362616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.316{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c4321248650a7182021-12-21 10:29:54.316root 11241100x8000000000000000362617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.316{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19641f00134540e62021-12-21 10:29:54.316root 11241100x8000000000000000362618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.316{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c39639865768d862021-12-21 10:29:54.316root 11241100x8000000000000000362619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.316{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c63274d13b4c9b22021-12-21 10:29:54.316root 11241100x8000000000000000362620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.316{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4465ff017cbe2a522021-12-21 10:29:54.316root 11241100x8000000000000000362621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.316{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2c8cdb7ed52c032021-12-21 10:29:54.316root 11241100x8000000000000000362622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.326{ec2b6afe-aca2-61c1-80c2-d778b8550000}5729/bin/nano/home/ubuntu/.run_mod.sh.swp2021-12-21 10:29:54.326ubuntu 11241100x8000000000000000362623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebe2e3c3e7504ec2021-12-21 10:29:54.693root 11241100x8000000000000000362624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8571d1018e2e760c2021-12-21 10:29:54.693root 11241100x8000000000000000362625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7583a72fca25c542021-12-21 10:29:54.694root 11241100x8000000000000000362626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ec68226efae9f82021-12-21 10:29:54.694root 11241100x8000000000000000362627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d20c1e0281d206d2021-12-21 10:29:54.694root 11241100x8000000000000000362628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6292a34d29b08eea2021-12-21 10:29:54.694root 11241100x8000000000000000362629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b7380f1fe8b31432021-12-21 10:29:54.694root 11241100x8000000000000000362630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2dcc7c6be95f432021-12-21 10:29:54.694root 11241100x8000000000000000362631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.969a7e39cbe1d7962021-12-21 10:29:54.695root 11241100x8000000000000000362632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.585e646699d1d1e52021-12-21 10:29:54.695root 11241100x8000000000000000362633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93a332d275327742021-12-21 10:29:54.695root 11241100x8000000000000000362634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4611a0dbb9f08d32021-12-21 10:29:54.695root 11241100x8000000000000000362635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd080aef9fd325b92021-12-21 10:29:54.695root 11241100x8000000000000000362636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e54f4d348089d3e2021-12-21 10:29:54.696root 11241100x8000000000000000362637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86ebca95fdd44562021-12-21 10:29:54.696root 11241100x8000000000000000362638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93714abfc3b59f6d2021-12-21 10:29:54.696root 11241100x8000000000000000362639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9200f41f7067e0472021-12-21 10:29:54.696root 11241100x8000000000000000362640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.157e3092af0e956f2021-12-21 10:29:54.696root 11241100x8000000000000000362641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a55f573a65c12c542021-12-21 10:29:54.696root 11241100x8000000000000000362642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095a5f76d1f33d312021-12-21 10:29:54.696root 11241100x8000000000000000362643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f4ed72f8d22f092021-12-21 10:29:54.697root 11241100x8000000000000000362644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b993d1236f67202021-12-21 10:29:54.697root 11241100x8000000000000000362645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac3667e2b8c6a9912021-12-21 10:29:54.697root 11241100x8000000000000000362646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5552d620bb89966a2021-12-21 10:29:54.697root 11241100x8000000000000000362647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6f732c0c1955a12021-12-21 10:29:54.697root 11241100x8000000000000000362648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e470ceb50bd3a2cd2021-12-21 10:29:54.697root 11241100x8000000000000000362649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.163796e3ff67a6182021-12-21 10:29:54.697root 11241100x8000000000000000362650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.700e7d3770e58a652021-12-21 10:29:54.698root 11241100x8000000000000000362651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99ecd52cfa6382692021-12-21 10:29:54.698root 11241100x8000000000000000362652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfcb0be644925dd02021-12-21 10:29:54.698root 11241100x8000000000000000362653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c758fd111cd056952021-12-21 10:29:54.698root 11241100x8000000000000000362654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0cad1c5a889e4592021-12-21 10:29:54.698root 11241100x8000000000000000362655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831aff7eb89ab1dd2021-12-21 10:29:54.698root 11241100x8000000000000000362656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27827900e78a672a2021-12-21 10:29:54.699root 11241100x8000000000000000362657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc0f84eb28eae402021-12-21 10:29:54.699root 11241100x8000000000000000362658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f68ceeb98378c1ff2021-12-21 10:29:54.699root 11241100x8000000000000000362659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c932d91bdcfe8fd32021-12-21 10:29:54.699root 11241100x8000000000000000362660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7880ecf1d76c78d42021-12-21 10:29:54.699root 11241100x8000000000000000362661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d780b2fad4f07d8f2021-12-21 10:29:54.700root 11241100x8000000000000000362662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abc406e0ef539ba2021-12-21 10:29:54.700root 11241100x8000000000000000362663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b6ad767276b531b2021-12-21 10:29:54.700root 11241100x8000000000000000362664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c39831f988dde4c32021-12-21 10:29:54.700root 11241100x8000000000000000362665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9062e80624d5bbca2021-12-21 10:29:54.700root 11241100x8000000000000000362666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217715f2c78582ab2021-12-21 10:29:54.701root 11241100x8000000000000000362667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc3dde4f15a0c3bc2021-12-21 10:29:54.701root 11241100x8000000000000000362668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2848966f73efa3f42021-12-21 10:29:54.701root 11241100x8000000000000000362669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9903aea262c4627c2021-12-21 10:29:54.701root 11241100x8000000000000000362670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c8462447c12f3e2021-12-21 10:29:54.701root 11241100x8000000000000000362671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcc8c9dd0ad16b9f2021-12-21 10:29:54.702root 11241100x8000000000000000362672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42932a57f6b133552021-12-21 10:29:54.702root 11241100x8000000000000000362673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9da574e0f9896e2021-12-21 10:29:54.702root 11241100x8000000000000000362674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feee7af3175dc9a02021-12-21 10:29:54.702root 11241100x8000000000000000362675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd323907d61b77472021-12-21 10:29:54.702root 11241100x8000000000000000362676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b55be625c63c4b582021-12-21 10:29:54.702root 11241100x8000000000000000362677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b815f8f5e0891c252021-12-21 10:29:54.703root 11241100x8000000000000000362678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d096c6650422df492021-12-21 10:29:54.703root 11241100x8000000000000000362679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1751a113198f922021-12-21 10:29:54.703root 11241100x8000000000000000362680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0024a3d261e6452021-12-21 10:29:54.703root 11241100x8000000000000000362681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26c6972f5981d3102021-12-21 10:29:54.704root 11241100x8000000000000000362682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d477faf1d4c7422021-12-21 10:29:54.704root 11241100x8000000000000000362683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3d9cc4edbd7000b2021-12-21 10:29:54.704root 11241100x8000000000000000362684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfb4838983bf99852021-12-21 10:29:54.704root 11241100x8000000000000000362685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.159fef1ef320aba62021-12-21 10:29:54.704root 11241100x8000000000000000362686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86dbdb574cb021d32021-12-21 10:29:54.704root 11241100x8000000000000000362687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5608e7c53f1ae9d2021-12-21 10:29:54.705root 11241100x8000000000000000362688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ba5eb93389e0032021-12-21 10:29:54.705root 11241100x8000000000000000362689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.633b4882984ab5ee2021-12-21 10:29:54.705root 11241100x8000000000000000362690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3200d90e741ef3552021-12-21 10:29:54.705root 11241100x8000000000000000362691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c313c5432897cb92021-12-21 10:29:54.706root 11241100x8000000000000000362692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43f40d0dbb7fd1b22021-12-21 10:29:54.706root 11241100x8000000000000000362693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9755d79bff4ec68e2021-12-21 10:29:54.706root 11241100x8000000000000000362694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41b771365aec9dd2021-12-21 10:29:54.706root 11241100x8000000000000000362695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.790eb92163709ac32021-12-21 10:29:54.706root 11241100x8000000000000000362696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c1a966988f59172021-12-21 10:29:54.707root 11241100x8000000000000000362697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5503077a24f702c2021-12-21 10:29:54.707root 11241100x8000000000000000362698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f51754549e0c7f2021-12-21 10:29:54.707root 11241100x8000000000000000362699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7aec17d20cbc22b2021-12-21 10:29:54.708root 11241100x8000000000000000362700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.445a1b9ae51fcea82021-12-21 10:29:54.708root 11241100x8000000000000000362701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0999cf670c028f912021-12-21 10:29:54.708root 11241100x8000000000000000362702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c0f286316609b22021-12-21 10:29:54.708root 11241100x8000000000000000362703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae7178de10b152642021-12-21 10:29:54.708root 11241100x8000000000000000362704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df99fc435ce00d4c2021-12-21 10:29:54.709root 11241100x8000000000000000362705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aed2ef21ba5ab4802021-12-21 10:29:54.709root 11241100x8000000000000000362706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e9da951d62ef4d2021-12-21 10:29:54.709root 11241100x8000000000000000362707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39aed9ba48af6a862021-12-21 10:29:54.709root 11241100x8000000000000000362708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38cadee498383fa32021-12-21 10:29:54.709root 11241100x8000000000000000362709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cde105fd013939a2021-12-21 10:29:54.709root 11241100x8000000000000000362710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8c41c6dd6464fb02021-12-21 10:29:54.710root 11241100x8000000000000000362711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.101edf88ebfe81e92021-12-21 10:29:54.710root 11241100x8000000000000000362712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c7e8e9060e33eb32021-12-21 10:29:54.710root 11241100x8000000000000000362713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e13487f85d73d672021-12-21 10:29:54.710root 11241100x8000000000000000362714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85d34d9f9e93ad252021-12-21 10:29:54.710root 11241100x8000000000000000362715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393c8f94dacc1a312021-12-21 10:29:54.711root 11241100x8000000000000000362716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b78d7d921aad3ff2021-12-21 10:29:54.711root 11241100x8000000000000000362717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.119edb8b85996a5a2021-12-21 10:29:54.711root 11241100x8000000000000000362718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36bb3410ce02ce52021-12-21 10:29:54.711root 11241100x8000000000000000362719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ba5b2fac33919392021-12-21 10:29:54.711root 11241100x8000000000000000362720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cde10b1305e16932021-12-21 10:29:54.712root 11241100x8000000000000000362721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecb6b625719d61b62021-12-21 10:29:54.712root 11241100x8000000000000000362722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79cdc002f139ae42021-12-21 10:29:54.712root 11241100x8000000000000000362723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c7027eb46663e22021-12-21 10:29:54.712root 11241100x8000000000000000362724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675620e20acffc472021-12-21 10:29:54.712root 11241100x8000000000000000362725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.543e16c8f12206212021-12-21 10:29:54.713root 11241100x8000000000000000362726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e14e4aa4ff2ed902021-12-21 10:29:54.713root 11241100x8000000000000000362727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d10e806c968b8802021-12-21 10:29:54.713root 11241100x8000000000000000362728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee87dc100bd18522021-12-21 10:29:54.713root 11241100x8000000000000000362729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82a5db2fb47c4df32021-12-21 10:29:54.713root 11241100x8000000000000000362730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4c38acaa5ebfa52021-12-21 10:29:54.713root 11241100x8000000000000000362731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09ff330175ac80f2021-12-21 10:29:54.713root 11241100x8000000000000000362732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af35c45ee1739cc72021-12-21 10:29:54.713root 11241100x8000000000000000362733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2420c9ac1671236b2021-12-21 10:29:54.714root 11241100x8000000000000000362734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4888fa4304853392021-12-21 10:29:54.714root 11241100x8000000000000000362735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78bb4fb03bb224d02021-12-21 10:29:54.714root 11241100x8000000000000000362736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7fc50a64a22afb52021-12-21 10:29:54.714root 11241100x8000000000000000362737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3dc53424da105ea2021-12-21 10:29:54.714root 11241100x8000000000000000362738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a1d64ccb9c10772021-12-21 10:29:54.714root 11241100x8000000000000000362739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e84befcd74b39412021-12-21 10:29:54.714root 11241100x8000000000000000362740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ae4535622e1fa792021-12-21 10:29:54.715root 11241100x8000000000000000362741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc14478c1b3450362021-12-21 10:29:54.715root 11241100x8000000000000000362742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dad1cab196e74d0a2021-12-21 10:29:54.715root 11241100x8000000000000000362743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b824ae9d2858952021-12-21 10:29:54.715root 11241100x8000000000000000362744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3acaf3189d5f4a52021-12-21 10:29:54.715root 11241100x8000000000000000362745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e62f2a584741b182021-12-21 10:29:54.715root 11241100x8000000000000000362746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8cf612f54ca07352021-12-21 10:29:54.716root 11241100x8000000000000000362747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccdcf121986c55092021-12-21 10:29:54.716root 11241100x8000000000000000362748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d47a32f0a866d42021-12-21 10:29:54.716root 11241100x8000000000000000362749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d051166d7d4a6e82021-12-21 10:29:54.716root 11241100x8000000000000000362750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0355d73768f9a1182021-12-21 10:29:54.716root 11241100x8000000000000000362751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e6d43e447074432021-12-21 10:29:54.716root 11241100x8000000000000000362752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3a6ffde9d7565002021-12-21 10:29:54.716root 11241100x8000000000000000362753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6723ce3f128fad822021-12-21 10:29:54.716root 11241100x8000000000000000362754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c74b4be9111d6ec92021-12-21 10:29:54.716root 11241100x8000000000000000362755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8e8f615124beb12021-12-21 10:29:54.717root 11241100x8000000000000000362756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695e872727dbbea02021-12-21 10:29:54.717root 11241100x8000000000000000362757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d529770302785792021-12-21 10:29:54.717root 11241100x8000000000000000362758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cee8ef08bf2d74c82021-12-21 10:29:54.718root 11241100x8000000000000000362759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b96a1c25be96a2e62021-12-21 10:29:54.718root 11241100x8000000000000000362760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cd8388f01f7def2021-12-21 10:29:54.718root 11241100x8000000000000000362761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c57a82d24829cc62021-12-21 10:29:54.718root 11241100x8000000000000000362762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7529625530bd3c092021-12-21 10:29:54.718root 11241100x8000000000000000362763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4066c3f5824cfaf2021-12-21 10:29:54.718root 11241100x8000000000000000362764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64bd48d86589e9232021-12-21 10:29:54.719root 11241100x8000000000000000362765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa0d02b4c6a575b2021-12-21 10:29:54.719root 11241100x8000000000000000362766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aeda4e72352d88d2021-12-21 10:29:54.719root 11241100x8000000000000000362767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11d11ad174d67622021-12-21 10:29:54.719root 11241100x8000000000000000362768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e3dc00e835d4662021-12-21 10:29:54.719root 11241100x8000000000000000362769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9ee085c0001c2c2021-12-21 10:29:54.720root 11241100x8000000000000000362770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.132dd579276f08272021-12-21 10:29:54.720root 11241100x8000000000000000362771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4762b2569942bd2021-12-21 10:29:54.720root 11241100x8000000000000000362772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0fdb4b83b002912021-12-21 10:29:54.720root 11241100x8000000000000000362773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d9649e49a00cdc2021-12-21 10:29:54.720root 11241100x8000000000000000362774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21f73219ffc98dd32021-12-21 10:29:54.720root 11241100x8000000000000000362775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b526bdf25c1480b62021-12-21 10:29:54.720root 11241100x8000000000000000362776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c86b18ddf6d684122021-12-21 10:29:54.721root 11241100x8000000000000000362777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7ea643a918dfe342021-12-21 10:29:54.721root 11241100x8000000000000000362778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44221266966cb1fa2021-12-21 10:29:54.721root 11241100x8000000000000000362779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3da1124360ba6652021-12-21 10:29:54.721root 11241100x8000000000000000362780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.216a610e60deaca62021-12-21 10:29:54.721root 11241100x8000000000000000362781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bfa1b3e90f40d5f2021-12-21 10:29:54.721root 11241100x8000000000000000362782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290d364bafbe07302021-12-21 10:29:54.721root 11241100x8000000000000000362783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c40629f35037c02021-12-21 10:29:54.721root 11241100x8000000000000000362784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3542a7ba76ff3c482021-12-21 10:29:54.721root 11241100x8000000000000000362785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.721{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75254467166229a2021-12-21 10:29:54.721root 11241100x8000000000000000362786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3366100745952e2021-12-21 10:29:54.722root 11241100x8000000000000000362787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b00ccdec272b8312021-12-21 10:29:54.722root 11241100x8000000000000000362788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b6b9e08f6c65b222021-12-21 10:29:54.722root 11241100x8000000000000000362789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bf4c181f9ca7192021-12-21 10:29:54.722root 11241100x8000000000000000362790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed1d50a88b4fae02021-12-21 10:29:54.722root 11241100x8000000000000000362791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2d58747e6797142021-12-21 10:29:54.722root 11241100x8000000000000000362792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e73efa63dbd05252021-12-21 10:29:54.722root 11241100x8000000000000000362793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.722{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8392a9e4777c20562021-12-21 10:29:54.722root 11241100x8000000000000000362794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1af05c0dce102512021-12-21 10:29:54.723root 11241100x8000000000000000362795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc0b124c894d687a2021-12-21 10:29:54.723root 11241100x8000000000000000362796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d44678a369eb642021-12-21 10:29:54.723root 11241100x8000000000000000362797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3287d3dea5159fad2021-12-21 10:29:54.723root 11241100x8000000000000000362798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34bc0ce17c7d1a202021-12-21 10:29:54.723root 11241100x8000000000000000362799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217e8baeb5a6baba2021-12-21 10:29:54.724root 11241100x8000000000000000362800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103387009c7cb0432021-12-21 10:29:54.724root 11241100x8000000000000000362801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c9103147a5e92ad2021-12-21 10:29:54.724root 11241100x8000000000000000362802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b90d45a0a232766e2021-12-21 10:29:54.724root 11241100x8000000000000000362803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77eb5d668493a0822021-12-21 10:29:54.724root 11241100x8000000000000000362804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f67374e1c6a273272021-12-21 10:29:54.725root 11241100x8000000000000000362805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5873e3c3af0f522021-12-21 10:29:54.725root 11241100x8000000000000000362806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0923f481e09936102021-12-21 10:29:54.725root 11241100x8000000000000000362807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ce4ac225dca06b2021-12-21 10:29:54.726root 11241100x8000000000000000362808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23701a266d5ed5c2021-12-21 10:29:54.726root 11241100x8000000000000000362809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e14279cfcb1db652021-12-21 10:29:54.726root 11241100x8000000000000000362810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc72108c63c9e7ab2021-12-21 10:29:54.726root 11241100x8000000000000000362811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3764b79f4952df2021-12-21 10:29:54.726root 11241100x8000000000000000362812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b798bf8cfb9a84062021-12-21 10:29:54.727root 11241100x8000000000000000362813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41252e1709c188102021-12-21 10:29:54.727root 11241100x8000000000000000362814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c31166d96317622021-12-21 10:29:54.727root 11241100x8000000000000000362815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb9d4adda386ddff2021-12-21 10:29:54.727root 11241100x8000000000000000362816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.727{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f99b46cdf2802212021-12-21 10:29:54.727root 11241100x8000000000000000362817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:29:54.728{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f585d914258757f2021-12-21 10:29:54.728root 354300x8000000000000000362886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:08.245{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47188-false10.0.1.12-8000- 11241100x8000000000000000362887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:08.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66762069f3a027c32021-12-21 10:30:08.692root 11241100x8000000000000000362888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:09.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b5e17ac566dc0412021-12-21 10:30:09.192root 23542300x8000000000000000362889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:09.234{ec2b6afe-aca2-61c1-80c2-d778b8550000}5729ubuntu/bin/nano/home/ubuntu/./.run_mod.sh.swp--- 534500x8000000000000000362890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:09.235{ec2b6afe-aca2-61c1-80c2-d778b8550000}5729/bin/nanoubuntu 23542300x8000000000000000362891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:09.350{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000362892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6f364e7e837f32b2021-12-21 10:30:09.694root 11241100x8000000000000000362893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7887da1b25127ae52021-12-21 10:30:09.694root 11241100x8000000000000000362894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58293e99a1ed28ce2021-12-21 10:30:09.695root 11241100x8000000000000000362895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:09.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6334c0b12c74bb12021-12-21 10:30:09.695root 11241100x8000000000000000362896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:10.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc7a3881de97f89c2021-12-21 10:30:10.192root 11241100x8000000000000000362897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96699d7b859812192021-12-21 10:30:10.193root 11241100x8000000000000000362898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0888f80f0be574702021-12-21 10:30:10.193root 11241100x8000000000000000362899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.accbbb41f69935232021-12-21 10:30:10.193root 11241100x8000000000000000362900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:10.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd91d1e5229466142021-12-21 10:30:10.692root 11241100x8000000000000000362901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d959d80943491a1e2021-12-21 10:30:10.693root 11241100x8000000000000000362902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33ac42496993f20c2021-12-21 10:30:10.693root 11241100x8000000000000000362903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70bcea0c5cdb03d2021-12-21 10:30:10.693root 11241100x8000000000000000362904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:11.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8ebf206033d64042021-12-21 10:30:11.192root 11241100x8000000000000000362905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ce509e44a35b18b2021-12-21 10:30:11.193root 11241100x8000000000000000362906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f877ffe5303ecc8b2021-12-21 10:30:11.193root 11241100x8000000000000000362907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1e4dbd6190fff1a2021-12-21 10:30:11.193root 154100x8000000000000000362908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:11.490{ec2b6afe-acb3-61c1-e846-bef52a560000}5730/bin/ls-----ls --color=auto -l/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash-bashubuntu 11241100x8000000000000000362909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:11.491{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3926c8d098245c412021-12-21 10:30:11.491root 11241100x8000000000000000362910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:11.491{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bc8532a6d948132021-12-21 10:30:11.491root 11241100x8000000000000000362911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:11.491{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa567cb6901c67552021-12-21 10:30:11.491root 11241100x8000000000000000362912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:11.492{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.566f8604f0b4df8f2021-12-21 10:30:11.492root 11241100x8000000000000000362913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:11.492{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2aba2bb73f6c79872021-12-21 10:30:11.492root 534500x8000000000000000362914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:11.493{ec2b6afe-acb3-61c1-e846-bef52a560000}5730/bin/lsubuntu 11241100x8000000000000000362915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.466f78d07945b1442021-12-21 10:30:11.943root 11241100x8000000000000000362916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58fc1c0d09e533b82021-12-21 10:30:11.943root 11241100x8000000000000000362917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e0c9ed9d4536a62021-12-21 10:30:11.943root 11241100x8000000000000000362918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794bcc07c956b2d42021-12-21 10:30:11.943root 11241100x8000000000000000362919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0da7a14b0b11ee8e2021-12-21 10:30:11.943root 11241100x8000000000000000362920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:11.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ffca019c61b73512021-12-21 10:30:11.943root 11241100x8000000000000000362921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.187a0a330985d6862021-12-21 10:30:12.443root 11241100x8000000000000000362922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3acec7b4fec44a2021-12-21 10:30:12.443root 11241100x8000000000000000362923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.843014e054cd60002021-12-21 10:30:12.443root 11241100x8000000000000000362924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26fb7efa508c00b2021-12-21 10:30:12.443root 11241100x8000000000000000362925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d385ad43ffd745212021-12-21 10:30:12.443root 11241100x8000000000000000362926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:12.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923abac302d6f8422021-12-21 10:30:12.443root 11241100x8000000000000000362927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02f54b8d67be7e132021-12-21 10:30:12.943root 11241100x8000000000000000362928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9747db119c8deac92021-12-21 10:30:12.943root 11241100x8000000000000000362929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9864823254386be2021-12-21 10:30:12.943root 11241100x8000000000000000362930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1332051a202f22572021-12-21 10:30:12.943root 11241100x8000000000000000362931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75f2329d3f904cbc2021-12-21 10:30:12.943root 11241100x8000000000000000362932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:12.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2cc33b9fdb052a92021-12-21 10:30:12.943root 11241100x8000000000000000362933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1d562cca2d7d45d2021-12-21 10:30:13.443root 11241100x8000000000000000362934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939ff601598458c22021-12-21 10:30:13.443root 11241100x8000000000000000362935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59978885c9c78c702021-12-21 10:30:13.443root 11241100x8000000000000000362936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f5776824b5499a72021-12-21 10:30:13.443root 11241100x8000000000000000362937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b0fa737dcaabd42021-12-21 10:30:13.443root 11241100x8000000000000000362938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:13.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3439133a16038da62021-12-21 10:30:13.443root 11241100x8000000000000000362939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.678b6104433c08fd2021-12-21 10:30:13.943root 11241100x8000000000000000362940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c089cb12dc1e8f12021-12-21 10:30:13.943root 11241100x8000000000000000362941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.285240827ad52b7f2021-12-21 10:30:13.943root 11241100x8000000000000000362942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11f02a87e8578d22021-12-21 10:30:13.943root 11241100x8000000000000000362943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128aa75b1616d0ce2021-12-21 10:30:13.943root 11241100x8000000000000000362944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:13.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3e99bacd401eccb2021-12-21 10:30:13.943root 354300x8000000000000000362945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:14.203{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47190-false10.0.1.12-8000- 11241100x8000000000000000362946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:14.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f355f3ea4d0753b2021-12-21 10:30:14.204root 11241100x8000000000000000362947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:14.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7cfdb6770d4cd792021-12-21 10:30:14.204root 11241100x8000000000000000362948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:14.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d526292a1182282021-12-21 10:30:14.204root 11241100x8000000000000000362949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:14.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c4c61d3a167b7cc2021-12-21 10:30:14.204root 11241100x8000000000000000362950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:14.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7c7b7a750adb4a2021-12-21 10:30:14.204root 11241100x8000000000000000362951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:14.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3599c8a9318fc0f82021-12-21 10:30:14.205root 11241100x8000000000000000362952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:14.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3a75fbae4dc7efe2021-12-21 10:30:14.205root 11241100x8000000000000000362953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57678df7be1c12ec2021-12-21 10:30:14.693root 11241100x8000000000000000362954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33a666f6cf4e3fc82021-12-21 10:30:14.693root 11241100x8000000000000000362955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b21bda018d0d1d292021-12-21 10:30:14.693root 11241100x8000000000000000362956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:14.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558574f6e047ecad2021-12-21 10:30:14.693root 11241100x8000000000000000362957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.045ed23ab7354efa2021-12-21 10:30:14.694root 11241100x8000000000000000362958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7078ef97a4b2bfdd2021-12-21 10:30:14.694root 11241100x8000000000000000362959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:14.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d04636b1f0674aef2021-12-21 10:30:14.694root 534500x8000000000000000362960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:14.902{00000000-0000-0000-0000-000000000000}5731<unknown process>ubuntu 534500x8000000000000000362961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:14.903{00000000-0000-0000-0000-000000000000}5732<unknown process>ubuntu 11241100x8000000000000000362962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:14.904{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash/tmp/sh-thd.OBPKZV2021-12-21 10:30:14.904ubuntu 23542300x8000000000000000362963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:14.904{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677ubuntu/bin/bash/tmp/sh-thd.OBPKZV--- 11241100x8000000000000000362964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d668a2bed198e772021-12-21 10:30:15.193root 11241100x8000000000000000362965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1101570fcd9420222021-12-21 10:30:15.193root 11241100x8000000000000000362966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1363788ec8d83a12021-12-21 10:30:15.193root 11241100x8000000000000000362967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:15.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e125498295fcb642021-12-21 10:30:15.193root 11241100x8000000000000000362968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba4d4a77e07ca8862021-12-21 10:30:15.194root 11241100x8000000000000000362969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.857465b113192dcf2021-12-21 10:30:15.194root 11241100x8000000000000000362970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b9cf393c1771802021-12-21 10:30:15.194root 11241100x8000000000000000362971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:15.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd61dd08be291f182021-12-21 10:30:15.194root 11241100x8000000000000000362972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4c2f2b709beb132021-12-21 10:30:15.195root 11241100x8000000000000000362973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77fdcc7ecdc98c562021-12-21 10:30:15.195root 11241100x8000000000000000362974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:15.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad30fabb5bbf3202021-12-21 10:30:15.195root 154100x8000000000000000362975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:15.219{ec2b6afe-acb7-61c1-d039-6aac5e550000}5733/bin/cat-----cat run_mod.sh/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash-bashubuntu 534500x8000000000000000362976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:15.220{ec2b6afe-acb7-61c1-d039-6aac5e550000}5733/bin/catubuntu 11241100x8000000000000000362977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3317f28ce36934712021-12-21 10:30:15.693root 11241100x8000000000000000362978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c74abffa62e4bc2021-12-21 10:30:15.693root 11241100x8000000000000000362979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:15.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da72ab4309a4bd72021-12-21 10:30:15.693root 11241100x8000000000000000362980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0038ffb86c3c417f2021-12-21 10:30:15.694root 11241100x8000000000000000362981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37459ab27deaeba42021-12-21 10:30:15.694root 11241100x8000000000000000362982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f46440be746a25af2021-12-21 10:30:15.694root 11241100x8000000000000000362983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b53805a623c914e22021-12-21 10:30:15.694root 11241100x8000000000000000362984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:15.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486e1cf46ffb67852021-12-21 10:30:15.694root 11241100x8000000000000000362985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c27477e256d751b2021-12-21 10:30:15.695root 11241100x8000000000000000362986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62e8e5c48452c18a2021-12-21 10:30:15.695root 11241100x8000000000000000362987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a7ff4ef273361042021-12-21 10:30:15.695root 11241100x8000000000000000362988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb47c3e9cfd3fef62021-12-21 10:30:15.695root 11241100x8000000000000000362989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:15.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2e1b0135289f3f2021-12-21 10:30:15.695root 11241100x8000000000000000362990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10c3133ae0e8b7c2021-12-21 10:30:16.193root 11241100x8000000000000000362991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af296a8c95e776ac2021-12-21 10:30:16.193root 11241100x8000000000000000362992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:16.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93924e90f34b3672021-12-21 10:30:16.193root 11241100x8000000000000000362993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.058126b640206d592021-12-21 10:30:16.194root 11241100x8000000000000000362994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae5058ef3ea802ef2021-12-21 10:30:16.194root 11241100x8000000000000000362995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f244046023960a9b2021-12-21 10:30:16.194root 11241100x8000000000000000362996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a800a32d6743ca0c2021-12-21 10:30:16.194root 11241100x8000000000000000362997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:16.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ea701d55d205c62021-12-21 10:30:16.194root 11241100x8000000000000000362998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45571182b75e7ec12021-12-21 10:30:16.195root 11241100x8000000000000000362999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd26361346ec3682021-12-21 10:30:16.195root 11241100x8000000000000000363000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec264b3d3643d8442021-12-21 10:30:16.195root 11241100x8000000000000000363001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:16.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3bafbcf24d7b5402021-12-21 10:30:16.195root 11241100x8000000000000000363002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:16.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf2eb6e347c9a4f2021-12-21 10:30:16.196root 11241100x8000000000000000363003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36398d90205c7cb92021-12-21 10:30:16.693root 11241100x8000000000000000363004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:16.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8dfc972b7b27592021-12-21 10:30:16.693root 11241100x8000000000000000363005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3058ca49ca5b65b2021-12-21 10:30:16.694root 11241100x8000000000000000363006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:16.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5fa4a2096169bd2021-12-21 10:30:16.694root 11241100x8000000000000000363007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.349de430d547ceaf2021-12-21 10:30:16.695root 11241100x8000000000000000363008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3730edd364b282302021-12-21 10:30:16.695root 11241100x8000000000000000363009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed08c70c0072e7552021-12-21 10:30:16.695root 11241100x8000000000000000363010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff9f810d5d3d6472021-12-21 10:30:16.695root 11241100x8000000000000000363011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.280487a5b04a3f122021-12-21 10:30:16.695root 11241100x8000000000000000363012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cf0e93b29f24a212021-12-21 10:30:16.695root 11241100x8000000000000000363013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:16.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91fd8ca6c3d91bdc2021-12-21 10:30:16.695root 11241100x8000000000000000363014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:16.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5723f14207aa19b02021-12-21 10:30:16.696root 11241100x8000000000000000363015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:16.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc46f44fae6e97d2021-12-21 10:30:16.696root 11241100x8000000000000000363016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c021444432baad222021-12-21 10:30:17.193root 11241100x8000000000000000363017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1394077897ecb752021-12-21 10:30:17.193root 11241100x8000000000000000363018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5df7120eee10a9ec2021-12-21 10:30:17.193root 11241100x8000000000000000363019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e243a101acfc33b2021-12-21 10:30:17.193root 11241100x8000000000000000363020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b9a01b4e743cac2021-12-21 10:30:17.193root 11241100x8000000000000000363021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:17.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94ac41f371b8b2f12021-12-21 10:30:17.193root 11241100x8000000000000000363022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbda5b48b3f672592021-12-21 10:30:17.194root 11241100x8000000000000000363023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23dc4791606afa8c2021-12-21 10:30:17.194root 11241100x8000000000000000363024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8cdb0ad17598002021-12-21 10:30:17.194root 11241100x8000000000000000363025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48a158fd2a0f5122021-12-21 10:30:17.194root 11241100x8000000000000000363026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4924e63a84b17c2021-12-21 10:30:17.194root 11241100x8000000000000000363027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a37d9b4bb1f556d92021-12-21 10:30:17.194root 11241100x8000000000000000363028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:17.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4abea6149272ec0b2021-12-21 10:30:17.194root 11241100x8000000000000000363029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ad230a91f8e037b2021-12-21 10:30:17.693root 11241100x8000000000000000363030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f48d3e03aef046412021-12-21 10:30:17.693root 11241100x8000000000000000363031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56c135092c4660512021-12-21 10:30:17.693root 11241100x8000000000000000363032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:17.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5da282034b2ceeee2021-12-21 10:30:17.693root 11241100x8000000000000000363033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ca5195b7e9a1a42021-12-21 10:30:17.694root 11241100x8000000000000000363034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.898fe876ab1640562021-12-21 10:30:17.694root 11241100x8000000000000000363035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8325860df2ad85d82021-12-21 10:30:17.694root 11241100x8000000000000000363036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bc8c888c87428fa2021-12-21 10:30:17.694root 11241100x8000000000000000363037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:17.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c4551d2c94261702021-12-21 10:30:17.694root 11241100x8000000000000000363038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d43541b25180bccf2021-12-21 10:30:17.695root 11241100x8000000000000000363039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.463891c3a37722692021-12-21 10:30:17.695root 11241100x8000000000000000363040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.674c273d9bf2bda42021-12-21 10:30:17.695root 11241100x8000000000000000363041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:17.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d8cd96c2e8f96b2021-12-21 10:30:17.695root 11241100x8000000000000000363042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c95296d693ed562021-12-21 10:30:18.193root 11241100x8000000000000000363043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c04c6bfd2a92c192021-12-21 10:30:18.193root 11241100x8000000000000000363044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6222e5674ffe4b4d2021-12-21 10:30:18.193root 11241100x8000000000000000363045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30774f340f2590832021-12-21 10:30:18.193root 11241100x8000000000000000363046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7023af854800ba92021-12-21 10:30:18.193root 11241100x8000000000000000363047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:18.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf991959b15dae72021-12-21 10:30:18.193root 11241100x8000000000000000363048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa37b4e4bb25a2d2021-12-21 10:30:18.194root 11241100x8000000000000000363049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5935fe9c68326f012021-12-21 10:30:18.194root 11241100x8000000000000000363050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95e2359f804f13a22021-12-21 10:30:18.194root 11241100x8000000000000000363051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.701798f9f3cc7ed12021-12-21 10:30:18.194root 11241100x8000000000000000363052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3daee18deceffffd2021-12-21 10:30:18.194root 11241100x8000000000000000363053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f7623859a52e24e2021-12-21 10:30:18.194root 11241100x8000000000000000363054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:18.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3ebfed1ac07e5d12021-12-21 10:30:18.194root 11241100x8000000000000000363055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3454959546f0cfc42021-12-21 10:30:18.693root 11241100x8000000000000000363056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2225b56578ef0b252021-12-21 10:30:18.693root 11241100x8000000000000000363057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04b25ec29ebc02ce2021-12-21 10:30:18.693root 11241100x8000000000000000363058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6d7f22fdb860712021-12-21 10:30:18.693root 11241100x8000000000000000363059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f8c35ac72abb8f2021-12-21 10:30:18.693root 11241100x8000000000000000363060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1d3891c83975ab2021-12-21 10:30:18.693root 11241100x8000000000000000363061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a00b638dc568081f2021-12-21 10:30:18.693root 11241100x8000000000000000363062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1297a4ce2eccd3872021-12-21 10:30:18.693root 11241100x8000000000000000363063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:18.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47bdf7698b770e202021-12-21 10:30:18.693root 11241100x8000000000000000363064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7b29494f643c0522021-12-21 10:30:18.694root 11241100x8000000000000000363065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d0ee97cdd398b62021-12-21 10:30:18.694root 11241100x8000000000000000363066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24916b783d261eeb2021-12-21 10:30:18.694root 11241100x8000000000000000363067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:18.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06f73174d92f5cf2021-12-21 10:30:18.694root 154100x8000000000000000363068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.118{ec2b6afe-acbb-61c1-6844-fe2343560000}5734/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 11241100x8000000000000000363069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.119{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.128059fca874c6162021-12-21 10:30:19.119root 11241100x8000000000000000363070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ea1d54aed1bb2f2021-12-21 10:30:19.120root 11241100x8000000000000000363071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38e2bef58f6ae982021-12-21 10:30:19.120root 11241100x8000000000000000363072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32110111ee483d6e2021-12-21 10:30:19.120root 11241100x8000000000000000363073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e75de5ebbfe66ff82021-12-21 10:30:19.120root 11241100x8000000000000000363074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7b49ec198540f72021-12-21 10:30:19.120root 11241100x8000000000000000363075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f12e489d042c00132021-12-21 10:30:19.120root 11241100x8000000000000000363076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e40e94f1e4a559ab2021-12-21 10:30:19.120root 11241100x8000000000000000363077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.120{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7d9e0b1bd60f0a72021-12-21 10:30:19.120root 11241100x8000000000000000363078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.573b4cce0f20f3fd2021-12-21 10:30:19.121root 11241100x8000000000000000363079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9d285d1b90082c2021-12-21 10:30:19.121root 11241100x8000000000000000363080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1b7ed570e7a87f02021-12-21 10:30:19.121root 11241100x8000000000000000363081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78ffe5672f74a6922021-12-21 10:30:19.121root 11241100x8000000000000000363082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7325df9cb62c8d7e2021-12-21 10:30:19.121root 11241100x8000000000000000363083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.121{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad098a066ad803af2021-12-21 10:30:19.121root 534500x8000000000000000363084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.129{ec2b6afe-acbb-61c1-6844-fe2343560000}5734/bin/psroot 11241100x8000000000000000363085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f2a40ac1aa48f3e2021-12-21 10:30:19.443root 11241100x8000000000000000363086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c53fc8afbcc5892021-12-21 10:30:19.443root 11241100x8000000000000000363087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba546e1ccdd3f5e2021-12-21 10:30:19.443root 11241100x8000000000000000363088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d74cf489165098d2021-12-21 10:30:19.443root 11241100x8000000000000000363089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49ec8d3dd9c03c6f2021-12-21 10:30:19.444root 11241100x8000000000000000363090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4573b854f9c740c2021-12-21 10:30:19.444root 11241100x8000000000000000363091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae0732c0cc66f772021-12-21 10:30:19.444root 11241100x8000000000000000363092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f64d535e4998b362021-12-21 10:30:19.444root 11241100x8000000000000000363093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6870f7db3543d5822021-12-21 10:30:19.444root 11241100x8000000000000000363094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a7d2a8b4b17ff82021-12-21 10:30:19.444root 11241100x8000000000000000363095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b23064be71d143722021-12-21 10:30:19.444root 11241100x8000000000000000363096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a9332e08fd761f72021-12-21 10:30:19.444root 11241100x8000000000000000363097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f655196a928602ae2021-12-21 10:30:19.444root 11241100x8000000000000000363098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5283ca7108211b42021-12-21 10:30:19.444root 11241100x8000000000000000363099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7015399e39342bc82021-12-21 10:30:19.444root 11241100x8000000000000000363100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a53c4507476e6472021-12-21 10:30:19.943root 11241100x8000000000000000363101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4829be069c8c0322021-12-21 10:30:19.943root 11241100x8000000000000000363102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d79206cc8105f572021-12-21 10:30:19.943root 11241100x8000000000000000363103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79be49cfd77febd2021-12-21 10:30:19.943root 11241100x8000000000000000363104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0a76b5edcc71bf2021-12-21 10:30:19.943root 11241100x8000000000000000363105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23967a37f37146482021-12-21 10:30:19.943root 11241100x8000000000000000363106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e6dcafd1175b952021-12-21 10:30:19.944root 11241100x8000000000000000363107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83db01ab532a4df32021-12-21 10:30:19.944root 11241100x8000000000000000363108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32b45e4e80aeef3d2021-12-21 10:30:19.944root 11241100x8000000000000000363109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5228b33bb76bfe3c2021-12-21 10:30:19.944root 11241100x8000000000000000363110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec9589056bd1e9f2021-12-21 10:30:19.944root 11241100x8000000000000000363111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05bc126eb3ac48b92021-12-21 10:30:19.944root 11241100x8000000000000000363112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c42f4d0261704122021-12-21 10:30:19.944root 11241100x8000000000000000363113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467c2682b2db187d2021-12-21 10:30:19.944root 11241100x8000000000000000363114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:19.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b10bc414276b6752021-12-21 10:30:19.945root 354300x8000000000000000363115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.049{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47192-false10.0.1.12-8000- 11241100x8000000000000000363116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60870569a92399872021-12-21 10:30:20.443root 11241100x8000000000000000363117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4184eaad2d1c0d42021-12-21 10:30:20.443root 11241100x8000000000000000363118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.835fade26ba944da2021-12-21 10:30:20.443root 11241100x8000000000000000363119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f405db8b9cfc28e72021-12-21 10:30:20.443root 11241100x8000000000000000363120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d76028959393b8f2021-12-21 10:30:20.443root 11241100x8000000000000000363121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3555798bff53e3db2021-12-21 10:30:20.444root 11241100x8000000000000000363122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e24232b7b94ab9a82021-12-21 10:30:20.444root 11241100x8000000000000000363123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc63224720d5d7c2021-12-21 10:30:20.444root 11241100x8000000000000000363124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf4f51c92a37b7a22021-12-21 10:30:20.444root 11241100x8000000000000000363125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.299770db61487e702021-12-21 10:30:20.444root 11241100x8000000000000000363126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff210cd6159368d2021-12-21 10:30:20.444root 11241100x8000000000000000363127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cacfefee6f780f662021-12-21 10:30:20.444root 11241100x8000000000000000363128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d2fdc6886b3aff82021-12-21 10:30:20.444root 11241100x8000000000000000363129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.434eadc96efac7c12021-12-21 10:30:20.444root 11241100x8000000000000000363130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa2174cf21930a202021-12-21 10:30:20.445root 11241100x8000000000000000363131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c594f9fa5bb45c2021-12-21 10:30:20.445root 11241100x8000000000000000363132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723ae1dadbca17292021-12-21 10:30:20.943root 11241100x8000000000000000363133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85fe219dddff6e6e2021-12-21 10:30:20.943root 11241100x8000000000000000363134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819ba0a4c11f7f462021-12-21 10:30:20.943root 11241100x8000000000000000363135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88fca0495b0a7b8b2021-12-21 10:30:20.943root 11241100x8000000000000000363136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc4f9834898d10732021-12-21 10:30:20.944root 11241100x8000000000000000363137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05a95ce7cf33ba32021-12-21 10:30:20.944root 11241100x8000000000000000363138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b5bba6df7c0f9ee2021-12-21 10:30:20.944root 11241100x8000000000000000363139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88fe15c98fdce1b72021-12-21 10:30:20.944root 11241100x8000000000000000363140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c1d3c13b9fcb0592021-12-21 10:30:20.944root 11241100x8000000000000000363141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48095b40965585832021-12-21 10:30:20.944root 11241100x8000000000000000363142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28fdcf2fd1b5c8a52021-12-21 10:30:20.944root 11241100x8000000000000000363143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5662def87802d2c22021-12-21 10:30:20.944root 11241100x8000000000000000363144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f2a67c1d0b388af2021-12-21 10:30:20.945root 11241100x8000000000000000363145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b34a79dbc9e4662021-12-21 10:30:20.945root 11241100x8000000000000000363146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82aa51b35b2a48e42021-12-21 10:30:20.945root 11241100x8000000000000000363147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:20.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.671c5ef06bd530d02021-12-21 10:30:20.945root 11241100x8000000000000000363148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.308acf964f7548702021-12-21 10:30:21.443root 11241100x8000000000000000363149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd5b62174d1aec12021-12-21 10:30:21.443root 11241100x8000000000000000363150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.166e0133bc185c1c2021-12-21 10:30:21.443root 11241100x8000000000000000363151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4321a78acd782e2021-12-21 10:30:21.443root 11241100x8000000000000000363152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.008b898e82ce20222021-12-21 10:30:21.443root 11241100x8000000000000000363153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131705365914438c2021-12-21 10:30:21.444root 11241100x8000000000000000363154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2a31961ef312002021-12-21 10:30:21.444root 11241100x8000000000000000363155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f0bcdae153b1cb2021-12-21 10:30:21.444root 11241100x8000000000000000363156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cd78c4947c3990f2021-12-21 10:30:21.444root 11241100x8000000000000000363157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4090e34534bd40302021-12-21 10:30:21.444root 11241100x8000000000000000363158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab88edbb23d686f12021-12-21 10:30:21.444root 11241100x8000000000000000363159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77574dc5e38991b52021-12-21 10:30:21.444root 11241100x8000000000000000363160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf5fc508d90b1202021-12-21 10:30:21.444root 11241100x8000000000000000363161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b2aafc50e0e57e2021-12-21 10:30:21.444root 11241100x8000000000000000363162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:21.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b49e713cf3cbae2c2021-12-21 10:30:21.444root 11241100x8000000000000000363163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:21.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b1164123d9461602021-12-21 10:30:21.445root 11241100x8000000000000000363164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.526e14a49569571f2021-12-21 10:30:21.943root 11241100x8000000000000000363165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53d03440eed919c32021-12-21 10:30:21.943root 11241100x8000000000000000363166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48c0408a97caf572021-12-21 10:30:21.943root 11241100x8000000000000000363167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d3420f7c9c83fe2021-12-21 10:30:21.943root 11241100x8000000000000000363168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee532cf761be97632021-12-21 10:30:21.944root 11241100x8000000000000000363169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425e662878b58f522021-12-21 10:30:21.944root 11241100x8000000000000000363170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c77f103eb513f4502021-12-21 10:30:21.944root 11241100x8000000000000000363171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99221b6d9c6182c12021-12-21 10:30:21.944root 11241100x8000000000000000363172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd877c7bee3dc9e92021-12-21 10:30:21.944root 11241100x8000000000000000363173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e11ae0153d1ec92021-12-21 10:30:21.944root 11241100x8000000000000000363174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa3245a9ab2ec10c2021-12-21 10:30:21.944root 11241100x8000000000000000363175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265c3bdff4d288002021-12-21 10:30:21.944root 11241100x8000000000000000363176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad2c74d265a8eb142021-12-21 10:30:21.944root 11241100x8000000000000000363177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:21.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3935fc2032483322021-12-21 10:30:21.944root 11241100x8000000000000000363178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c0b93687ebd1b992021-12-21 10:30:21.945root 11241100x8000000000000000363179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:21.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c6783765846fd9d2021-12-21 10:30:21.945root 11241100x8000000000000000363180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84bff1ef52fdd9f2021-12-21 10:30:22.443root 11241100x8000000000000000363181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a98e159c1afcda162021-12-21 10:30:22.443root 11241100x8000000000000000363182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8b9e863811b7f862021-12-21 10:30:22.443root 11241100x8000000000000000363183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d894d53f9abdc692021-12-21 10:30:22.443root 11241100x8000000000000000363184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9865873babcc9cf2021-12-21 10:30:22.444root 11241100x8000000000000000363185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27a9c0110c4ad4a02021-12-21 10:30:22.444root 11241100x8000000000000000363186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6161463f43baa7672021-12-21 10:30:22.444root 11241100x8000000000000000363187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc8642126e43a5bd2021-12-21 10:30:22.444root 11241100x8000000000000000363188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9598fa13c2511f3c2021-12-21 10:30:22.444root 11241100x8000000000000000363189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1685509cf0339f2b2021-12-21 10:30:22.444root 11241100x8000000000000000363190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7d38236efabf982021-12-21 10:30:22.444root 11241100x8000000000000000363191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:22.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e83eec0a20c07e62021-12-21 10:30:22.444root 11241100x8000000000000000363192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42f68e977685c14d2021-12-21 10:30:22.445root 11241100x8000000000000000363193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd6aa0ad2dc9deb92021-12-21 10:30:22.445root 11241100x8000000000000000363194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178b67cfabb8fa2b2021-12-21 10:30:22.445root 11241100x8000000000000000363195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:22.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29c241d7b2d0b8742021-12-21 10:30:22.445root 11241100x8000000000000000363196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10fb2501b1ca9282021-12-21 10:30:22.943root 11241100x8000000000000000363197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a8e2a4835ad6382021-12-21 10:30:22.943root 11241100x8000000000000000363198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6418319bcfec05f72021-12-21 10:30:22.943root 11241100x8000000000000000363199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a66d9c70584c31e02021-12-21 10:30:22.943root 11241100x8000000000000000363200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f843309b284bb2e32021-12-21 10:30:22.944root 11241100x8000000000000000363201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff6639f8325b460e2021-12-21 10:30:22.944root 11241100x8000000000000000363202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89646be8661a8a42021-12-21 10:30:22.944root 11241100x8000000000000000363203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.beed5dcdb75f72a82021-12-21 10:30:22.944root 11241100x8000000000000000363204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d96d98cd9b40ad62021-12-21 10:30:22.944root 11241100x8000000000000000363205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a0d9ff2d1c292f2021-12-21 10:30:22.944root 11241100x8000000000000000363206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a969bbbf8665ae72021-12-21 10:30:22.944root 11241100x8000000000000000363207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:22.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5db47b6e7a2e60f2021-12-21 10:30:22.944root 11241100x8000000000000000363208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.942467db228db2f12021-12-21 10:30:22.945root 11241100x8000000000000000363209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4676318b9702f7962021-12-21 10:30:22.945root 11241100x8000000000000000363210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.648ade4b94bf5e0c2021-12-21 10:30:22.945root 11241100x8000000000000000363211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:22.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f9ef8f1ee46c9e02021-12-21 10:30:22.945root 11241100x8000000000000000363212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d54e350ba7b0de32021-12-21 10:30:23.443root 11241100x8000000000000000363213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9f1f511e3fbc9552021-12-21 10:30:23.443root 11241100x8000000000000000363214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b373dc9d4bb412202021-12-21 10:30:23.443root 11241100x8000000000000000363215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d6968320b4301b72021-12-21 10:30:23.443root 11241100x8000000000000000363216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dda2c27ba4051e8a2021-12-21 10:30:23.444root 11241100x8000000000000000363217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.991cdc3f24793f5a2021-12-21 10:30:23.444root 11241100x8000000000000000363218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b246c419f9c38cc2021-12-21 10:30:23.444root 11241100x8000000000000000363219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d18b5169bddd95502021-12-21 10:30:23.444root 11241100x8000000000000000363220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec790c9191fb74062021-12-21 10:30:23.444root 11241100x8000000000000000363221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe403be7f7688cb62021-12-21 10:30:23.444root 11241100x8000000000000000363222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97fb39e4ba414c212021-12-21 10:30:23.444root 11241100x8000000000000000363223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7cd01ecf9fbb0b32021-12-21 10:30:23.444root 11241100x8000000000000000363224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03b9ccdbe2040d742021-12-21 10:30:23.444root 11241100x8000000000000000363225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e2ef6bfb1cd6c9e2021-12-21 10:30:23.444root 11241100x8000000000000000363226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:23.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58082b5b9efe56382021-12-21 10:30:23.444root 11241100x8000000000000000363227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:23.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b832a2a955de0072021-12-21 10:30:23.445root 11241100x8000000000000000363228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fef301b64c77479e2021-12-21 10:30:23.943root 11241100x8000000000000000363229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0af3ee31adac1782021-12-21 10:30:23.943root 11241100x8000000000000000363230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9be6136e88879202021-12-21 10:30:23.943root 11241100x8000000000000000363231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3264f0d09feb499c2021-12-21 10:30:23.943root 11241100x8000000000000000363232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32325db6660534be2021-12-21 10:30:23.944root 11241100x8000000000000000363233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ad6b1f02ac063a2021-12-21 10:30:23.944root 11241100x8000000000000000363234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55fc7e69a7dccde32021-12-21 10:30:23.944root 11241100x8000000000000000363235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.840a8fe7f8d0c9002021-12-21 10:30:23.944root 11241100x8000000000000000363236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d956c78d6cc8a77d2021-12-21 10:30:23.944root 11241100x8000000000000000363237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b45c2692d696a22021-12-21 10:30:23.944root 11241100x8000000000000000363238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0208a6c1c5ad24492021-12-21 10:30:23.944root 11241100x8000000000000000363239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092a8878ae517c162021-12-21 10:30:23.944root 11241100x8000000000000000363240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb3bd0bfec2b0db42021-12-21 10:30:23.944root 11241100x8000000000000000363241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:23.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9ae850917ee0262021-12-21 10:30:23.944root 11241100x8000000000000000363242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c1f1bfbd3fafb382021-12-21 10:30:23.945root 11241100x8000000000000000363243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:23.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb599e416821173f2021-12-21 10:30:23.945root 11241100x8000000000000000363244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecdca14f867b0182021-12-21 10:30:24.443root 11241100x8000000000000000363245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0621cab9215425922021-12-21 10:30:24.443root 11241100x8000000000000000363246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a934918a3c5a5d062021-12-21 10:30:24.443root 11241100x8000000000000000363247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcef56129015c0df2021-12-21 10:30:24.443root 11241100x8000000000000000363248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f6d373dbe67eef22021-12-21 10:30:24.443root 11241100x8000000000000000363249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff678da91d904602021-12-21 10:30:24.444root 11241100x8000000000000000363250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5d10d4a1e6e0cff2021-12-21 10:30:24.444root 11241100x8000000000000000363251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c290aacf47da1d82021-12-21 10:30:24.444root 11241100x8000000000000000363252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a58e3f023ee7be92021-12-21 10:30:24.444root 11241100x8000000000000000363253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf530751ce485df2021-12-21 10:30:24.444root 11241100x8000000000000000363254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40bc000802f10062021-12-21 10:30:24.444root 11241100x8000000000000000363255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ce25d37ec36c4032021-12-21 10:30:24.444root 11241100x8000000000000000363256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.455547eac7072d4b2021-12-21 10:30:24.444root 11241100x8000000000000000363257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10e36ace48dfbc92021-12-21 10:30:24.444root 11241100x8000000000000000363258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:24.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c730c43f4a2e36f72021-12-21 10:30:24.444root 11241100x8000000000000000363259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:24.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a7084a286909bd2021-12-21 10:30:24.445root 11241100x8000000000000000363260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609510589f1c35832021-12-21 10:30:24.943root 11241100x8000000000000000363261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e93c53a5a248e0ce2021-12-21 10:30:24.943root 11241100x8000000000000000363262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ec9c1038f611082021-12-21 10:30:24.943root 11241100x8000000000000000363263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f2011ead7f01a182021-12-21 10:30:24.943root 11241100x8000000000000000363264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91b014374b7f0212021-12-21 10:30:24.944root 11241100x8000000000000000363265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859e3c80e8d3b1c42021-12-21 10:30:24.944root 11241100x8000000000000000363266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0993fc600477ca102021-12-21 10:30:24.944root 11241100x8000000000000000363267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f4a2c5e00fd1dc2021-12-21 10:30:24.944root 11241100x8000000000000000363268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5128fca73d2bb5d42021-12-21 10:30:24.944root 11241100x8000000000000000363269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:24.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e42ade99041de8f2021-12-21 10:30:24.944root 11241100x8000000000000000363270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bad53d41c80644d2021-12-21 10:30:24.945root 11241100x8000000000000000363271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3553e33f39555b712021-12-21 10:30:24.945root 11241100x8000000000000000363272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929484d7d91ef2c32021-12-21 10:30:24.945root 11241100x8000000000000000363273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fbcd006f429a1522021-12-21 10:30:24.945root 11241100x8000000000000000363274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6747f45e3e66f5e22021-12-21 10:30:24.945root 11241100x8000000000000000363275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:24.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.928f85b1b909fa702021-12-21 10:30:24.945root 354300x8000000000000000363276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.117{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-34258-false10.0.1.12-8089- 354300x8000000000000000363277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.132{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47196-false10.0.1.12-8000- 11241100x8000000000000000363278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c2018be282f93f2021-12-21 10:30:25.443root 11241100x8000000000000000363279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07e00cca7c19d632021-12-21 10:30:25.443root 11241100x8000000000000000363280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16e211b8e7d79d542021-12-21 10:30:25.443root 11241100x8000000000000000363281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba6bed2d9a6ac60f2021-12-21 10:30:25.443root 11241100x8000000000000000363282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c614436745adc1e02021-12-21 10:30:25.444root 11241100x8000000000000000363283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4de68ddb798eb652021-12-21 10:30:25.444root 11241100x8000000000000000363284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f20e915937250c72021-12-21 10:30:25.444root 11241100x8000000000000000363285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213a1b0b58b8bd922021-12-21 10:30:25.444root 11241100x8000000000000000363286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f3238d44d0b3df52021-12-21 10:30:25.444root 11241100x8000000000000000363287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9795f6c212a86ef82021-12-21 10:30:25.444root 11241100x8000000000000000363288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08fae27f173b29012021-12-21 10:30:25.444root 11241100x8000000000000000363289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6362c6f73fb77452021-12-21 10:30:25.445root 11241100x8000000000000000363290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8770afa35d4deba12021-12-21 10:30:25.445root 11241100x8000000000000000363291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2fd40e8283414872021-12-21 10:30:25.445root 11241100x8000000000000000363292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d255a735dc0f2ec2021-12-21 10:30:25.445root 11241100x8000000000000000363293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74f771f14b5d7ff12021-12-21 10:30:25.445root 11241100x8000000000000000363294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa118fe2401d09842021-12-21 10:30:25.445root 11241100x8000000000000000363295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fcbcda775533f52021-12-21 10:30:25.445root 11241100x8000000000000000363296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e069e273fd2380d2021-12-21 10:30:25.943root 11241100x8000000000000000363297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d426e4f9e866e042021-12-21 10:30:25.943root 11241100x8000000000000000363298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b681348699f010f2021-12-21 10:30:25.943root 11241100x8000000000000000363299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726b06a5a3af05052021-12-21 10:30:25.943root 11241100x8000000000000000363300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5c89f3a20ab2b2a2021-12-21 10:30:25.943root 11241100x8000000000000000363301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4ba8091f17d65f12021-12-21 10:30:25.944root 11241100x8000000000000000363302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd654decce368f582021-12-21 10:30:25.944root 11241100x8000000000000000363303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b224aecde5918f512021-12-21 10:30:25.944root 11241100x8000000000000000363304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.943baca8697792ee2021-12-21 10:30:25.944root 11241100x8000000000000000363305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d52c269bc1305122021-12-21 10:30:25.944root 11241100x8000000000000000363306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca123eba75c743982021-12-21 10:30:25.944root 11241100x8000000000000000363307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e30adee59b088e42021-12-21 10:30:25.944root 11241100x8000000000000000363308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d5f131d2cb87d02021-12-21 10:30:25.944root 11241100x8000000000000000363309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83221cac53806dc42021-12-21 10:30:25.944root 11241100x8000000000000000363310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebd1420db85908312021-12-21 10:30:25.944root 11241100x8000000000000000363311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b18b2eb0aaf0c4a2021-12-21 10:30:25.944root 11241100x8000000000000000363312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd510416d418ed682021-12-21 10:30:25.945root 11241100x8000000000000000363313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:25.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c869807a6a861c3e2021-12-21 10:30:25.945root 11241100x8000000000000000363314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24894db12c5cf0eb2021-12-21 10:30:26.443root 11241100x8000000000000000363315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.049af6b30d13fa112021-12-21 10:30:26.443root 11241100x8000000000000000363316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ecbe7558cac40382021-12-21 10:30:26.443root 11241100x8000000000000000363317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45507db239830512021-12-21 10:30:26.443root 11241100x8000000000000000363318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e636a663b2af0d362021-12-21 10:30:26.444root 11241100x8000000000000000363319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281beebb8208cba02021-12-21 10:30:26.444root 11241100x8000000000000000363320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4068d0bba11779a22021-12-21 10:30:26.444root 11241100x8000000000000000363321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d45de24cb915caa2021-12-21 10:30:26.444root 11241100x8000000000000000363322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2b442815d1252cd2021-12-21 10:30:26.444root 11241100x8000000000000000363323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe9ddb57ccfb565a2021-12-21 10:30:26.444root 11241100x8000000000000000363324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a42d0dc02426482a2021-12-21 10:30:26.444root 11241100x8000000000000000363325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5754ec09dc508732021-12-21 10:30:26.444root 11241100x8000000000000000363326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36d57974868d6cc92021-12-21 10:30:26.444root 11241100x8000000000000000363327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c365c41c7bb5ad52021-12-21 10:30:26.445root 11241100x8000000000000000363328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74ac41de17598f92021-12-21 10:30:26.445root 11241100x8000000000000000363329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7a192dfc707e7482021-12-21 10:30:26.445root 11241100x8000000000000000363330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b1c646486ccd2852021-12-21 10:30:26.445root 11241100x8000000000000000363331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1a0b6bfc8312042021-12-21 10:30:26.446root 11241100x8000000000000000363332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02dcc09354110a672021-12-21 10:30:26.943root 11241100x8000000000000000363333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e3fe6d0ff431a62021-12-21 10:30:26.943root 11241100x8000000000000000363334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.053a32ca0538c21b2021-12-21 10:30:26.943root 11241100x8000000000000000363335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ada35563cb319f52021-12-21 10:30:26.943root 11241100x8000000000000000363336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53c6bd87c7955742021-12-21 10:30:26.943root 11241100x8000000000000000363337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddc263bab2b22432021-12-21 10:30:26.943root 11241100x8000000000000000363338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0bfdecb0f2bd4042021-12-21 10:30:26.944root 11241100x8000000000000000363339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba9c90f899a003dc2021-12-21 10:30:26.944root 11241100x8000000000000000363340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a81ac9f0765cf3262021-12-21 10:30:26.944root 11241100x8000000000000000363341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b891acfa897f3cd2021-12-21 10:30:26.944root 11241100x8000000000000000363342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6414692d1b0a80be2021-12-21 10:30:26.944root 11241100x8000000000000000363343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a38d93cdf717a8f2021-12-21 10:30:26.944root 11241100x8000000000000000363344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.656ad0af392bc1cd2021-12-21 10:30:26.945root 11241100x8000000000000000363345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0bc100bdeef8f9a2021-12-21 10:30:26.945root 11241100x8000000000000000363346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99f6a8a2ae9e77732021-12-21 10:30:26.945root 11241100x8000000000000000363347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.910b8761b63256912021-12-21 10:30:26.945root 11241100x8000000000000000363348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6affa62fb8c361ef2021-12-21 10:30:26.946root 11241100x8000000000000000363349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:26.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.491d52b66e77b43c2021-12-21 10:30:26.946root 11241100x8000000000000000363350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.067fac64d54fcfcd2021-12-21 10:30:27.443root 11241100x8000000000000000363351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac67a874b9ad00552021-12-21 10:30:27.444root 11241100x8000000000000000363352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994d80653928a94f2021-12-21 10:30:27.444root 11241100x8000000000000000363353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b11fc775565dd4c82021-12-21 10:30:27.444root 11241100x8000000000000000363354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e92729a80aa5a6c82021-12-21 10:30:27.445root 11241100x8000000000000000363355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c9069cb7c4ea252021-12-21 10:30:27.445root 11241100x8000000000000000363356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bc2a388bc4f6a612021-12-21 10:30:27.445root 11241100x8000000000000000363357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237b8de611813fb42021-12-21 10:30:27.445root 11241100x8000000000000000363358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab40005f0fd607a12021-12-21 10:30:27.446root 11241100x8000000000000000363359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb8ff39c8dfa7422021-12-21 10:30:27.446root 11241100x8000000000000000363360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac948a268fcb17b22021-12-21 10:30:27.446root 11241100x8000000000000000363361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8815728dfdb163b92021-12-21 10:30:27.446root 11241100x8000000000000000363362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651bfb36d7e18ee32021-12-21 10:30:27.447root 11241100x8000000000000000363363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d3ce826e7fa07b2021-12-21 10:30:27.447root 11241100x8000000000000000363364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2332f3165b37642f2021-12-21 10:30:27.447root 11241100x8000000000000000363365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01189dd17e03ffa32021-12-21 10:30:27.447root 11241100x8000000000000000363366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f590c2607b28b632021-12-21 10:30:27.447root 11241100x8000000000000000363367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b682304a970e5602021-12-21 10:30:27.448root 11241100x8000000000000000363368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4396420418e92c2021-12-21 10:30:27.943root 11241100x8000000000000000363369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39a0915b05cc63732021-12-21 10:30:27.943root 11241100x8000000000000000363370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a052a326f229042b2021-12-21 10:30:27.944root 11241100x8000000000000000363371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9897b30504a178b42021-12-21 10:30:27.944root 11241100x8000000000000000363372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf8e974d46645f192021-12-21 10:30:27.944root 11241100x8000000000000000363373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c3c12f5df93e9822021-12-21 10:30:27.944root 11241100x8000000000000000363374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc0360c30dc60dc2021-12-21 10:30:27.944root 11241100x8000000000000000363375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4840d8c9118edaf2021-12-21 10:30:27.944root 11241100x8000000000000000363376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0c1bb016dffe6a42021-12-21 10:30:27.944root 11241100x8000000000000000363377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a31867bf5584b5212021-12-21 10:30:27.945root 11241100x8000000000000000363378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83a646afd53584012021-12-21 10:30:27.945root 11241100x8000000000000000363379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed4bf8dc019eb2802021-12-21 10:30:27.945root 11241100x8000000000000000363380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c82a132a3855d22021-12-21 10:30:27.945root 11241100x8000000000000000363381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37195e2bb944f6d62021-12-21 10:30:27.945root 11241100x8000000000000000363382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957573573905521f2021-12-21 10:30:27.945root 11241100x8000000000000000363383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e20ae42b6f7f4fc2021-12-21 10:30:27.945root 11241100x8000000000000000363384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a02e7836f10c28812021-12-21 10:30:27.945root 11241100x8000000000000000363385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:27.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606cf0c455c482d12021-12-21 10:30:27.946root 354300x8000000000000000363386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.350{ec2b6afe-923b-61c1-e0f7-1f3839560000}1173/usr/sbin/sshdroottcpfalsefalse64.62.197.32-53946-false10.0.1.25-22- 11241100x8000000000000000363387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.350{ec2b6afe-acc4-61c1-0000-000000000000}5735/usr/sbin/sshd/proc/5735/oom_score_adj2021-12-21 10:30:28.350root 154100x8000000000000000363388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.350{ec2b6afe-acc4-61c1-e027-d6004f560000}5735/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}1173--- 11241100x8000000000000000363389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8aa1117cfcab668c2021-12-21 10:30:28.351root 11241100x8000000000000000363390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f468621a845ba32021-12-21 10:30:28.351root 11241100x8000000000000000363391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66f2a0bc879fa19b2021-12-21 10:30:28.352root 11241100x8000000000000000363392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c47314af14aa4962021-12-21 10:30:28.352root 11241100x8000000000000000363393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd7317aa7bbebbfb2021-12-21 10:30:28.352root 11241100x8000000000000000363394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c272116b9de27172021-12-21 10:30:28.352root 11241100x8000000000000000363395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73deac82eba409f32021-12-21 10:30:28.352root 11241100x8000000000000000363396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.004b91115a3e08d02021-12-21 10:30:28.352root 11241100x8000000000000000363397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88fbb096f8a9ccf82021-12-21 10:30:28.352root 11241100x8000000000000000363398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c45a999259189a642021-12-21 10:30:28.353root 11241100x8000000000000000363399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16d3565d568ca1262021-12-21 10:30:28.353root 11241100x8000000000000000363400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4fe4df3839accbb2021-12-21 10:30:28.353root 11241100x8000000000000000363401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b768635653b7fbb2021-12-21 10:30:28.353root 11241100x8000000000000000363402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8f6b145e7fb92e2021-12-21 10:30:28.353root 11241100x8000000000000000363403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821af50b89b6cd5c2021-12-21 10:30:28.354root 11241100x8000000000000000363404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f95f0f72004e0382021-12-21 10:30:28.354root 11241100x8000000000000000363405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4919ade068f86e052021-12-21 10:30:28.354root 11241100x8000000000000000363406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a7affb98b28b5e2021-12-21 10:30:28.354root 11241100x8000000000000000363407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9d51d55ec7ecb1e2021-12-21 10:30:28.354root 11241100x8000000000000000363408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74dfa0cec0f0e7b42021-12-21 10:30:28.354root 11241100x8000000000000000363409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e246f86fc6e1ccf2021-12-21 10:30:28.355root 11241100x8000000000000000363410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82250e9059424f532021-12-21 10:30:28.355root 11241100x8000000000000000363411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6651208051ddc25a2021-12-21 10:30:28.355root 11241100x8000000000000000363412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.892fb07f08e59ccd2021-12-21 10:30:28.355root 11241100x8000000000000000363413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49850d5c641f85e12021-12-21 10:30:28.355root 11241100x8000000000000000363414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d575e05e2e5a4d2021-12-21 10:30:28.356root 11241100x8000000000000000363415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3721db8db83d0ba82021-12-21 10:30:28.356root 11241100x8000000000000000363416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63d8408b975786152021-12-21 10:30:28.356root 11241100x8000000000000000363417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615923dda13382372021-12-21 10:30:28.693root 11241100x8000000000000000363418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5294278db41a4a302021-12-21 10:30:28.693root 11241100x8000000000000000363419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9c167af920d11d2021-12-21 10:30:28.694root 11241100x8000000000000000363420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2227fafe4421238b2021-12-21 10:30:28.694root 11241100x8000000000000000363421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090cad840115fa822021-12-21 10:30:28.694root 11241100x8000000000000000363422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d929607cde06b852021-12-21 10:30:28.694root 11241100x8000000000000000363423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.212b42e2cde1a6cf2021-12-21 10:30:28.694root 11241100x8000000000000000363424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.610515888cceb99b2021-12-21 10:30:28.694root 11241100x8000000000000000363425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ad886eaf1a75f02021-12-21 10:30:28.694root 11241100x8000000000000000363426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ed8c8606d99dd32021-12-21 10:30:28.694root 11241100x8000000000000000363427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf2fa0297304ee82021-12-21 10:30:28.695root 11241100x8000000000000000363428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79a3c613fac2912a2021-12-21 10:30:28.695root 11241100x8000000000000000363429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e018caf37b295102021-12-21 10:30:28.695root 11241100x8000000000000000363430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43dc7e4eb2b384982021-12-21 10:30:28.695root 11241100x8000000000000000363431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad790dd78ce180232021-12-21 10:30:28.695root 11241100x8000000000000000363432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12cfeddc2186e532021-12-21 10:30:28.695root 11241100x8000000000000000363433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2843b1896d127732021-12-21 10:30:28.695root 11241100x8000000000000000363434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fedc000becb51302021-12-21 10:30:28.695root 11241100x8000000000000000363435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee9dcbed5a28b81e2021-12-21 10:30:28.696root 11241100x8000000000000000363436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df0d2fb96c99c6ce2021-12-21 10:30:28.696root 11241100x8000000000000000363437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1224753facc1ea6c2021-12-21 10:30:28.696root 11241100x8000000000000000363438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b46ffb69f8823c2021-12-21 10:30:28.959root 11241100x8000000000000000363439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82c5d66195353be52021-12-21 10:30:28.959root 11241100x8000000000000000363440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4e9d4b4909b33b62021-12-21 10:30:28.959root 11241100x8000000000000000363441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18b667bda855d292021-12-21 10:30:28.959root 11241100x8000000000000000363442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.959{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd298bbd0c04efb2021-12-21 10:30:28.959root 11241100x8000000000000000363443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1038d6c9e3d7a1682021-12-21 10:30:28.960root 11241100x8000000000000000363444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43001a84353f3a472021-12-21 10:30:28.960root 11241100x8000000000000000363445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5ddeefc8e9e0922021-12-21 10:30:28.960root 11241100x8000000000000000363446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77f558b93bac005d2021-12-21 10:30:28.960root 11241100x8000000000000000363447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c187fd18ab0c1fe72021-12-21 10:30:28.960root 11241100x8000000000000000363448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afa1032ee10b96b32021-12-21 10:30:28.960root 11241100x8000000000000000363449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.960{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a9e365e4926cc32021-12-21 10:30:28.960root 11241100x8000000000000000363450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af13407b97743e122021-12-21 10:30:28.964root 11241100x8000000000000000363451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0a163a723de96e02021-12-21 10:30:28.964root 11241100x8000000000000000363452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ab3cdd8fc22d022021-12-21 10:30:28.964root 11241100x8000000000000000363453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12def238dbdae69d2021-12-21 10:30:28.964root 11241100x8000000000000000363454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.964{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27c5a9c05ec446ea2021-12-21 10:30:28.964root 11241100x8000000000000000363455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cda526ce96051b12021-12-21 10:30:28.965root 11241100x8000000000000000363456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8389041f978a70fc2021-12-21 10:30:28.965root 11241100x8000000000000000363457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69835cf3e3c0684f2021-12-21 10:30:28.965root 11241100x8000000000000000363458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be9b67b3ac1201ad2021-12-21 10:30:28.965root 11241100x8000000000000000363459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4794acd842551022021-12-21 10:30:28.965root 11241100x8000000000000000363460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bc8c13c21cdaaa92021-12-21 10:30:28.965root 11241100x8000000000000000363461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8731d089c8db69d2021-12-21 10:30:28.965root 11241100x8000000000000000363462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.965{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8503e7d9ea169f872021-12-21 10:30:28.965root 11241100x8000000000000000363463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31c50f83a05f29862021-12-21 10:30:28.966root 11241100x8000000000000000363464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53150d57a4d295d42021-12-21 10:30:28.966root 11241100x8000000000000000363465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c52c87df1bc31e932021-12-21 10:30:28.966root 11241100x8000000000000000363466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f589586d09a3de022021-12-21 10:30:28.966root 11241100x8000000000000000363467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0f0dee780e70df2021-12-21 10:30:28.966root 11241100x8000000000000000363468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.966{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6490c96be62864dc2021-12-21 10:30:28.966root 11241100x8000000000000000363469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c1551c6ec9ad7c62021-12-21 10:30:28.967root 11241100x8000000000000000363470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041e65f9435a7dec2021-12-21 10:30:28.967root 11241100x8000000000000000363471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a57f42a420401ed2021-12-21 10:30:28.967root 11241100x8000000000000000363472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.967{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095614932c7bf1ff2021-12-21 10:30:28.967root 11241100x8000000000000000363473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29578686550123ce2021-12-21 10:30:28.968root 11241100x8000000000000000363474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c835da84342368992021-12-21 10:30:28.968root 11241100x8000000000000000363475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.968{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ce312c3c1cdec5f2021-12-21 10:30:28.968root 11241100x8000000000000000363476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2938d19cfcfbd2692021-12-21 10:30:28.969root 11241100x8000000000000000363477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdf56c6a138c5d922021-12-21 10:30:28.969root 11241100x8000000000000000363478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f0a3501aa46c762021-12-21 10:30:28.969root 11241100x8000000000000000363479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35840ac856503f242021-12-21 10:30:28.969root 11241100x8000000000000000363480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95f41423ab32980d2021-12-21 10:30:28.969root 11241100x8000000000000000363481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.826a3f4126a1095a2021-12-21 10:30:28.969root 11241100x8000000000000000363482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2932c8ab8f5383582021-12-21 10:30:28.969root 11241100x8000000000000000363483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.969{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09382c5241e3aded2021-12-21 10:30:28.969root 11241100x8000000000000000363484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e859961135b890762021-12-21 10:30:28.970root 11241100x8000000000000000363485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.970{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efd2c128763fe5872021-12-21 10:30:28.970root 11241100x8000000000000000363486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f6e3e2fcea587de2021-12-21 10:30:28.971root 11241100x8000000000000000363487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebbfaddb765995a32021-12-21 10:30:28.971root 11241100x8000000000000000363488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2613839d3ac0e2c12021-12-21 10:30:28.971root 11241100x8000000000000000363489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32557d7fbe5f34382021-12-21 10:30:28.971root 11241100x8000000000000000363490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.971{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc88bcffd8f2bd122021-12-21 10:30:28.971root 11241100x8000000000000000363491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0800749649b03982021-12-21 10:30:28.973root 11241100x8000000000000000363492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5c781d293f9a9432021-12-21 10:30:28.973root 11241100x8000000000000000363493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9689f03e182e68222021-12-21 10:30:28.973root 11241100x8000000000000000363494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d685b73165c0c02021-12-21 10:30:28.973root 11241100x8000000000000000363495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.973{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4517ea80578787cd2021-12-21 10:30:28.973root 11241100x8000000000000000363496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c25ae98b06bab042021-12-21 10:30:28.974root 11241100x8000000000000000363497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cae1a411a1743a3e2021-12-21 10:30:28.974root 11241100x8000000000000000363498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.974{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6567149fe8c17b422021-12-21 10:30:28.974root 11241100x8000000000000000363499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.975{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2358d05d328f76f62021-12-21 10:30:28.975root 11241100x8000000000000000363500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.975{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2638ec367d6e504c2021-12-21 10:30:28.975root 11241100x8000000000000000363501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.975{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5e1395bca09e7432021-12-21 10:30:28.975root 11241100x8000000000000000363502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.976{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6998ee1c42b70ce42021-12-21 10:30:28.976root 11241100x8000000000000000363503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.976{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48e79964a50fd3f2021-12-21 10:30:28.976root 11241100x8000000000000000363504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.976{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94d5433a78a79bbc2021-12-21 10:30:28.976root 11241100x8000000000000000363505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.976{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd9a1e4c78113a472021-12-21 10:30:28.976root 11241100x8000000000000000363506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.976{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c73c82da575d4a922021-12-21 10:30:28.976root 11241100x8000000000000000363507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.977{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6de91b3670a098ce2021-12-21 10:30:28.977root 11241100x8000000000000000363508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.977{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2740e65a3af7aa3a2021-12-21 10:30:28.977root 11241100x8000000000000000363509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.977{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52318a5429e1284f2021-12-21 10:30:28.977root 11241100x8000000000000000363510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.977{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e038deedcbd04d4f2021-12-21 10:30:28.977root 11241100x8000000000000000363511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.977{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dc99255f6eb1b992021-12-21 10:30:28.977root 11241100x8000000000000000363512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.977{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9924d66f16d009ad2021-12-21 10:30:28.977root 11241100x8000000000000000363513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.978{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5a426caca125d72021-12-21 10:30:28.978root 11241100x8000000000000000363514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.978{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d8eaebec88dd5182021-12-21 10:30:28.978root 11241100x8000000000000000363515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.978{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c3cdfc8389386432021-12-21 10:30:28.978root 11241100x8000000000000000363516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.978{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10dd488859f0b7ca2021-12-21 10:30:28.978root 11241100x8000000000000000363517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.978{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ae4c7ec941f3cf72021-12-21 10:30:28.978root 11241100x8000000000000000363518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.978{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a639b7ab5ba8d732021-12-21 10:30:28.978root 11241100x8000000000000000363519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.979{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0d4145174165be82021-12-21 10:30:28.979root 11241100x8000000000000000363520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.979{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b87bdbba11ed66912021-12-21 10:30:28.979root 11241100x8000000000000000363521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.979{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15fb2fce1f6fde662021-12-21 10:30:28.979root 11241100x8000000000000000363522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:28.979{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def63f3ffde66b612021-12-21 10:30:28.979root 11241100x8000000000000000363523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85810f0f7dd00ed82021-12-21 10:30:29.443root 11241100x8000000000000000363524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71891f92b444fffb2021-12-21 10:30:29.443root 11241100x8000000000000000363525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9dea8db4994828c2021-12-21 10:30:29.444root 11241100x8000000000000000363526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eea9109b00a9113d2021-12-21 10:30:29.444root 11241100x8000000000000000363527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d6e443585acf9f2021-12-21 10:30:29.444root 11241100x8000000000000000363528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.108fb3faa9542f022021-12-21 10:30:29.444root 11241100x8000000000000000363529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396b78022b53f87c2021-12-21 10:30:29.444root 11241100x8000000000000000363530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2873dca40d4e2e372021-12-21 10:30:29.444root 11241100x8000000000000000363531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7ee6541f619d3a2021-12-21 10:30:29.444root 11241100x8000000000000000363532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac0175ad1422785b2021-12-21 10:30:29.444root 11241100x8000000000000000363533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f11ffaa21b1bc482021-12-21 10:30:29.445root 11241100x8000000000000000363534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad0089a647df8a1a2021-12-21 10:30:29.445root 11241100x8000000000000000363535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe36719850699d232021-12-21 10:30:29.445root 11241100x8000000000000000363536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d0d9ec8807872d12021-12-21 10:30:29.445root 11241100x8000000000000000363537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e29b45c159595f02021-12-21 10:30:29.445root 11241100x8000000000000000363538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd0be8b5ad3b1e82021-12-21 10:30:29.445root 11241100x8000000000000000363539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88006b3fd67aba002021-12-21 10:30:29.445root 11241100x8000000000000000363540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69c678b12fe7f0582021-12-21 10:30:29.445root 11241100x8000000000000000363541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdeaf3eec94d14712021-12-21 10:30:29.445root 11241100x8000000000000000363542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dde188e9fa151cdc2021-12-21 10:30:29.445root 11241100x8000000000000000363543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12a6fffaccec5ce02021-12-21 10:30:29.445root 11241100x8000000000000000363544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ddbe4fcfbdfac92021-12-21 10:30:29.943root 11241100x8000000000000000363545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c1b9f7beb0c8e92021-12-21 10:30:29.943root 11241100x8000000000000000363546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.717adee2af308bf92021-12-21 10:30:29.943root 11241100x8000000000000000363547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a1e271dc3854432021-12-21 10:30:29.943root 11241100x8000000000000000363548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5d0d4643799e302021-12-21 10:30:29.943root 11241100x8000000000000000363549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17fe9dcbd1d97b312021-12-21 10:30:29.944root 11241100x8000000000000000363550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ca266d30b004a0f2021-12-21 10:30:29.944root 11241100x8000000000000000363551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00329242fab5d8442021-12-21 10:30:29.944root 11241100x8000000000000000363552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3a50dce6fe0e31b2021-12-21 10:30:29.944root 11241100x8000000000000000363553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16f398d52860c16e2021-12-21 10:30:29.944root 11241100x8000000000000000363554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdc8a9a726e2da462021-12-21 10:30:29.944root 11241100x8000000000000000363555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22a7ae3e5d855edc2021-12-21 10:30:29.944root 11241100x8000000000000000363556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4acb1304b9e2e0e42021-12-21 10:30:29.944root 11241100x8000000000000000363557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13cab37795ee4a8e2021-12-21 10:30:29.944root 11241100x8000000000000000363558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a4879f9ddd5cfd62021-12-21 10:30:29.944root 11241100x8000000000000000363559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18850e49a360beef2021-12-21 10:30:29.944root 11241100x8000000000000000363560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c6eb285687ea452021-12-21 10:30:29.944root 11241100x8000000000000000363561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8004e26b2fe4e2432021-12-21 10:30:29.944root 11241100x8000000000000000363562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40d6960f711a7b9a2021-12-21 10:30:29.944root 11241100x8000000000000000363563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c70640f3a003326f2021-12-21 10:30:29.945root 11241100x8000000000000000363564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:29.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93be7989c57ede172021-12-21 10:30:29.945root 354300x8000000000000000363565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.188{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47198-false10.0.1.12-8000- 11241100x8000000000000000363566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e689f4831815112021-12-21 10:30:30.443root 11241100x8000000000000000363567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa46e6429f44bfd2021-12-21 10:30:30.443root 11241100x8000000000000000363568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe963304438df29a2021-12-21 10:30:30.444root 11241100x8000000000000000363569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b9d1b9fbbcf0cc2021-12-21 10:30:30.444root 11241100x8000000000000000363570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2b96d62cf6e96932021-12-21 10:30:30.444root 11241100x8000000000000000363571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c31c1f16ccd71592021-12-21 10:30:30.445root 11241100x8000000000000000363572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557504840f373d782021-12-21 10:30:30.445root 11241100x8000000000000000363573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a14765910b71f6c2021-12-21 10:30:30.446root 11241100x8000000000000000363574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127d06568e940d3a2021-12-21 10:30:30.446root 11241100x8000000000000000363575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30ba941988752752021-12-21 10:30:30.446root 11241100x8000000000000000363576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c11b63d866c98ae32021-12-21 10:30:30.448root 11241100x8000000000000000363577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.59f7230ba278c9e32021-12-21 10:30:30.448root 11241100x8000000000000000363578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7c87cd0fd2c94fb2021-12-21 10:30:30.449root 11241100x8000000000000000363579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0088cbfe594c9482021-12-21 10:30:30.449root 11241100x8000000000000000363580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faea2e848f54aef92021-12-21 10:30:30.449root 11241100x8000000000000000363581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fc3b7a925fba23a2021-12-21 10:30:30.449root 11241100x8000000000000000363582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33c5e9b708d192db2021-12-21 10:30:30.449root 11241100x8000000000000000363583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188da91197af3a5a2021-12-21 10:30:30.449root 11241100x8000000000000000363584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd06ca1cef6886df2021-12-21 10:30:30.449root 11241100x8000000000000000363585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f6b2e6c6272368e2021-12-21 10:30:30.449root 11241100x8000000000000000363586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33454073dede1f0d2021-12-21 10:30:30.450root 11241100x8000000000000000363587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.462673024d7f05bb2021-12-21 10:30:30.450root 11241100x8000000000000000363588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceab1d6eae0b18562021-12-21 10:30:30.943root 11241100x8000000000000000363589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9348494de7b903ce2021-12-21 10:30:30.943root 11241100x8000000000000000363590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c390e05a90366caa2021-12-21 10:30:30.943root 11241100x8000000000000000363591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23bf69b9c85da7332021-12-21 10:30:30.943root 11241100x8000000000000000363592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d85bcbd29a4a168a2021-12-21 10:30:30.944root 11241100x8000000000000000363593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.562660f96b8b12f62021-12-21 10:30:30.944root 11241100x8000000000000000363594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5210f0b4cb19d0e02021-12-21 10:30:30.944root 11241100x8000000000000000363595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddb03e64e868142b2021-12-21 10:30:30.944root 11241100x8000000000000000363596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25ed568a305d29032021-12-21 10:30:30.944root 11241100x8000000000000000363597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3b8074055c5b0322021-12-21 10:30:30.944root 11241100x8000000000000000363598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f890b0d6b004bf2021-12-21 10:30:30.944root 11241100x8000000000000000363599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e836e2b504b8f042021-12-21 10:30:30.944root 11241100x8000000000000000363600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7deab20c3af16152021-12-21 10:30:30.944root 11241100x8000000000000000363601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1f3e5cb6990dd82021-12-21 10:30:30.944root 11241100x8000000000000000363602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce03814bdadaae82021-12-21 10:30:30.944root 11241100x8000000000000000363603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b991c2cb023697e12021-12-21 10:30:30.944root 11241100x8000000000000000363604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b85f702899ee4b922021-12-21 10:30:30.944root 11241100x8000000000000000363605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffb0396dbf824e82021-12-21 10:30:30.945root 11241100x8000000000000000363606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.686eadd90ec2df2d2021-12-21 10:30:30.945root 11241100x8000000000000000363607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf4c90e44191539e2021-12-21 10:30:30.945root 11241100x8000000000000000363608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1db917b0868f54a2021-12-21 10:30:30.945root 11241100x8000000000000000363609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:30.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f380d04f6063ff9c2021-12-21 10:30:30.945root 11241100x8000000000000000363610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bf0ffe7beaff32e2021-12-21 10:30:31.443root 11241100x8000000000000000363611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c096eecfa28e1d3d2021-12-21 10:30:31.443root 11241100x8000000000000000363612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8e5b813916a25842021-12-21 10:30:31.444root 11241100x8000000000000000363613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e13fdea89cc94862021-12-21 10:30:31.444root 11241100x8000000000000000363614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7b2d1b362a74bb62021-12-21 10:30:31.444root 11241100x8000000000000000363615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f0358f781e2eb12021-12-21 10:30:31.444root 11241100x8000000000000000363616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bff6034a6e5c1e402021-12-21 10:30:31.444root 11241100x8000000000000000363617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.612dcc53d8538d7a2021-12-21 10:30:31.444root 11241100x8000000000000000363618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b17db00d8a2721e2021-12-21 10:30:31.444root 11241100x8000000000000000363619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9229413836de437a2021-12-21 10:30:31.444root 11241100x8000000000000000363620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c82361beeb0d3e02021-12-21 10:30:31.444root 11241100x8000000000000000363621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b584d30a7ac34dbf2021-12-21 10:30:31.444root 11241100x8000000000000000363622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.339f6b61d5a89fff2021-12-21 10:30:31.444root 11241100x8000000000000000363623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b917595c77d244b2021-12-21 10:30:31.444root 11241100x8000000000000000363624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.140e5231c8a5dcbc2021-12-21 10:30:31.444root 11241100x8000000000000000363625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04817c2bb50cc2242021-12-21 10:30:31.444root 11241100x8000000000000000363626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.155bf23e36ce4fdf2021-12-21 10:30:31.444root 11241100x8000000000000000363627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35a5d08655a97a32021-12-21 10:30:31.444root 11241100x8000000000000000363628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaaac06af52a915f2021-12-21 10:30:31.445root 11241100x8000000000000000363629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7376f39cadc388382021-12-21 10:30:31.445root 11241100x8000000000000000363630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b98f0918f606a272021-12-21 10:30:31.445root 11241100x8000000000000000363631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4724ce5db78323db2021-12-21 10:30:31.445root 11241100x8000000000000000363632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250d6c47190cd1732021-12-21 10:30:31.943root 11241100x8000000000000000363633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a30f011553d35552021-12-21 10:30:31.944root 11241100x8000000000000000363634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fb4808e8006d17a2021-12-21 10:30:31.944root 11241100x8000000000000000363635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4e0271bbe27a6022021-12-21 10:30:31.945root 11241100x8000000000000000363636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a960ab339b00cb8c2021-12-21 10:30:31.945root 11241100x8000000000000000363637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38d426fe1afd6b492021-12-21 10:30:31.945root 11241100x8000000000000000363638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96bb04447ac2adaf2021-12-21 10:30:31.946root 11241100x8000000000000000363639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2470a849992505f82021-12-21 10:30:31.946root 11241100x8000000000000000363640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2934a2e6615f36e12021-12-21 10:30:31.946root 11241100x8000000000000000363641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4cc8ba256df1aff2021-12-21 10:30:31.947root 11241100x8000000000000000363642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27f020c21b2bdba42021-12-21 10:30:31.947root 11241100x8000000000000000363643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b499fa6e0c457fd12021-12-21 10:30:31.947root 11241100x8000000000000000363644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b18d7c0e47b3c4202021-12-21 10:30:31.948root 11241100x8000000000000000363645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be59b8abad5c29a62021-12-21 10:30:31.948root 11241100x8000000000000000363646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8af37cf152d89c2021-12-21 10:30:31.948root 11241100x8000000000000000363647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.949b496befb7bf582021-12-21 10:30:31.949root 11241100x8000000000000000363648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a08448a545628d0d2021-12-21 10:30:31.949root 11241100x8000000000000000363649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19b60e710da788f62021-12-21 10:30:31.949root 11241100x8000000000000000363650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73a6880f28706a092021-12-21 10:30:31.949root 11241100x8000000000000000363651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.774acfdcf2a4d8392021-12-21 10:30:31.950root 11241100x8000000000000000363652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92b445704d731f32021-12-21 10:30:31.950root 11241100x8000000000000000363653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:31.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f10f17e049b34672021-12-21 10:30:31.950root 11241100x8000000000000000363654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2afe4e2b297e482b2021-12-21 10:30:32.443root 11241100x8000000000000000363655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b137b2de0cd980c2021-12-21 10:30:32.443root 11241100x8000000000000000363656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78aaebd8f4585a452021-12-21 10:30:32.444root 11241100x8000000000000000363657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8fae8e4997f0522021-12-21 10:30:32.444root 11241100x8000000000000000363658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d4a7423a72374022021-12-21 10:30:32.445root 11241100x8000000000000000363659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cced69249cae40052021-12-21 10:30:32.445root 11241100x8000000000000000363660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac0a63fd0e54e25c2021-12-21 10:30:32.447root 11241100x8000000000000000363661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d89b6c45f71a2f2021-12-21 10:30:32.448root 11241100x8000000000000000363662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4cc550a3e5e47b72021-12-21 10:30:32.448root 11241100x8000000000000000363663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b03c7fafd9a98d82021-12-21 10:30:32.449root 11241100x8000000000000000363664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26cae8da9c8f4d782021-12-21 10:30:32.449root 11241100x8000000000000000363665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ca957bde04eb722021-12-21 10:30:32.449root 11241100x8000000000000000363666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91e8eb15ab4cf57c2021-12-21 10:30:32.449root 11241100x8000000000000000363667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c5b118922b700a2021-12-21 10:30:32.449root 11241100x8000000000000000363668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c653f461f2323ca12021-12-21 10:30:32.449root 11241100x8000000000000000363669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3a5d67a9e979c572021-12-21 10:30:32.450root 11241100x8000000000000000363670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57ba8909f7dc66792021-12-21 10:30:32.450root 11241100x8000000000000000363671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45e3cf51717b1b82021-12-21 10:30:32.450root 11241100x8000000000000000363672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed22540ba2fdda32021-12-21 10:30:32.450root 11241100x8000000000000000363673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f1972878e4b7282021-12-21 10:30:32.450root 11241100x8000000000000000363674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c47c59b22b25be402021-12-21 10:30:32.450root 11241100x8000000000000000363675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08c7a8c949bd6f1e2021-12-21 10:30:32.450root 11241100x8000000000000000363676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8a9b277f9cdb8a2021-12-21 10:30:32.450root 11241100x8000000000000000363677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d732d19c831094182021-12-21 10:30:32.943root 11241100x8000000000000000363678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a94c66a5535b9c2021-12-21 10:30:32.943root 11241100x8000000000000000363679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fda2cfb4b22bdea2021-12-21 10:30:32.944root 11241100x8000000000000000363680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f908387fe2fb21a2021-12-21 10:30:32.944root 11241100x8000000000000000363681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb5d2d5eda32828a2021-12-21 10:30:32.945root 11241100x8000000000000000363682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6685e70cb45df22021-12-21 10:30:32.945root 11241100x8000000000000000363683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7da69a23cbfbfa472021-12-21 10:30:32.946root 11241100x8000000000000000363684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4022799bb03cb7852021-12-21 10:30:32.947root 11241100x8000000000000000363685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b19922bcd88454822021-12-21 10:30:32.947root 11241100x8000000000000000363686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b9f853cc5a699f42021-12-21 10:30:32.947root 11241100x8000000000000000363687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c4e7dc1cfebbb9f2021-12-21 10:30:32.949root 11241100x8000000000000000363688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41a553b3ea61a6d72021-12-21 10:30:32.949root 11241100x8000000000000000363689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2a61b6538a2a7f2021-12-21 10:30:32.950root 11241100x8000000000000000363690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a874b336528e4432021-12-21 10:30:32.951root 11241100x8000000000000000363691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6c5b625b87e497c2021-12-21 10:30:32.951root 11241100x8000000000000000363692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b10ff83cc8b43232021-12-21 10:30:32.952root 11241100x8000000000000000363693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1504cc8e95fba9972021-12-21 10:30:32.952root 11241100x8000000000000000363694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60dab7668c94b7892021-12-21 10:30:32.953root 11241100x8000000000000000363695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed991b24e8c96e2a2021-12-21 10:30:32.953root 11241100x8000000000000000363696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1aaa7ec5ddf9662021-12-21 10:30:32.954root 11241100x8000000000000000363697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ff1a3d2ae2f75042021-12-21 10:30:32.954root 11241100x8000000000000000363698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76192d9683bf09f22021-12-21 10:30:32.954root 11241100x8000000000000000363699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403fd380de79f1472021-12-21 10:30:32.954root 11241100x8000000000000000363700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:32.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e75735301c0aa212021-12-21 10:30:32.955root 11241100x8000000000000000363701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.354{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9916b6b35884a9192021-12-21 10:30:33.354root 534500x8000000000000000363702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.354{ec2b6afe-acc4-61c1-0000-000000000000}5736-sshd 11241100x8000000000000000363703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90e78fca701bc6242021-12-21 10:30:33.355root 534500x8000000000000000363704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.355{ec2b6afe-acc4-61c1-e027-d6004f560000}5735/usr/sbin/sshdroot 11241100x8000000000000000363705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1f3ce374d9cbddc2021-12-21 10:30:33.355root 11241100x8000000000000000363706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.355{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edccd86ec34452dc2021-12-21 10:30:33.355root 11241100x8000000000000000363707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9136cd60ce8ca9132021-12-21 10:30:33.356root 11241100x8000000000000000363708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a388151513e5e8b2021-12-21 10:30:33.356root 11241100x8000000000000000363709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1e5d6669bfc65042021-12-21 10:30:33.356root 11241100x8000000000000000363710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f74ef45279ce8a082021-12-21 10:30:33.356root 11241100x8000000000000000363711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.315ba78c183bf1f42021-12-21 10:30:33.356root 11241100x8000000000000000363712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e54691570ebcd8c72021-12-21 10:30:33.356root 11241100x8000000000000000363713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c205c6aba865ecb2021-12-21 10:30:33.356root 11241100x8000000000000000363714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.356{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e73b0d23ebe223a42021-12-21 10:30:33.356root 11241100x8000000000000000363715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d5d2b27c6b292d2021-12-21 10:30:33.357root 11241100x8000000000000000363716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c5da2ce4143813d2021-12-21 10:30:33.357root 11241100x8000000000000000363717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63e316ff3d430b212021-12-21 10:30:33.357root 11241100x8000000000000000363718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9503b1a141641d532021-12-21 10:30:33.357root 11241100x8000000000000000363719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11bc7a85c3a4d1a12021-12-21 10:30:33.357root 11241100x8000000000000000363720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eb1cabb649dbfe02021-12-21 10:30:33.357root 11241100x8000000000000000363721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dd3b370d32fda252021-12-21 10:30:33.357root 11241100x8000000000000000363722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c12320e5f470b12021-12-21 10:30:33.357root 11241100x8000000000000000363723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396ae3ee99a8580e2021-12-21 10:30:33.357root 11241100x8000000000000000363724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c303d6c920312f2021-12-21 10:30:33.357root 11241100x8000000000000000363725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.357{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a10b77254b46c4dc2021-12-21 10:30:33.357root 11241100x8000000000000000363726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d8bc432c68325a42021-12-21 10:30:33.693root 11241100x8000000000000000363727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e989501b412583c2021-12-21 10:30:33.693root 11241100x8000000000000000363728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a51887e875885d22021-12-21 10:30:33.693root 11241100x8000000000000000363729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d2b27e1951fefcc2021-12-21 10:30:33.694root 11241100x8000000000000000363730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54904899aefecec22021-12-21 10:30:33.694root 11241100x8000000000000000363731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aea35518bdbdc99d2021-12-21 10:30:33.694root 11241100x8000000000000000363732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ba57cf8db2c52d82021-12-21 10:30:33.694root 11241100x8000000000000000363733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.667dd840f0a939492021-12-21 10:30:33.695root 11241100x8000000000000000363734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26bdeb5be47d75872021-12-21 10:30:33.695root 11241100x8000000000000000363735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e6445806e6afff2021-12-21 10:30:33.695root 11241100x8000000000000000363736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d3808749cd8a5672021-12-21 10:30:33.695root 11241100x8000000000000000363737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7669bedfa4d70102021-12-21 10:30:33.696root 11241100x8000000000000000363738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c106f511b40aadd82021-12-21 10:30:33.696root 11241100x8000000000000000363739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e452564049460292021-12-21 10:30:33.696root 11241100x8000000000000000363740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd426f040bc9df72021-12-21 10:30:33.697root 11241100x8000000000000000363741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f2cb60f17b189f82021-12-21 10:30:33.697root 11241100x8000000000000000363742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8984b7cefa40eaa72021-12-21 10:30:33.697root 11241100x8000000000000000363743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06d1c8af0d790f8d2021-12-21 10:30:33.698root 11241100x8000000000000000363744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd4493d37c667d6c2021-12-21 10:30:33.698root 11241100x8000000000000000363745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea1ccaf6bfca63b2021-12-21 10:30:33.698root 11241100x8000000000000000363746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4892ea52c1fe9702021-12-21 10:30:33.698root 11241100x8000000000000000363747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61389c9fd2f437ea2021-12-21 10:30:33.698root 11241100x8000000000000000363748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c4521f60aa9acb2021-12-21 10:30:33.699root 11241100x8000000000000000363749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2400847b4adedca52021-12-21 10:30:33.699root 11241100x8000000000000000363750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f601d27b37c8423b2021-12-21 10:30:33.699root 11241100x8000000000000000363751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94c187c11b9449682021-12-21 10:30:33.699root 11241100x8000000000000000363752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:33.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b2b1b50efbe7912021-12-21 10:30:33.699root 11241100x8000000000000000363753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8462f7cb4620a502021-12-21 10:30:34.193root 11241100x8000000000000000363754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601a14543850ffe52021-12-21 10:30:34.194root 11241100x8000000000000000363755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4706f66b0d126d2b2021-12-21 10:30:34.194root 11241100x8000000000000000363756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79a659935bd5e622021-12-21 10:30:34.194root 11241100x8000000000000000363757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67d2f6cdc53e49722021-12-21 10:30:34.194root 11241100x8000000000000000363758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d945bf005637e8f2021-12-21 10:30:34.194root 11241100x8000000000000000363759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.014636f4c1e4b5362021-12-21 10:30:34.194root 11241100x8000000000000000363760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45547e78c9780c032021-12-21 10:30:34.194root 11241100x8000000000000000363761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fa2120c3b28f9622021-12-21 10:30:34.195root 11241100x8000000000000000363762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a850d53e1a9b5cf2021-12-21 10:30:34.195root 11241100x8000000000000000363763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd0c0dc4a26cd3932021-12-21 10:30:34.195root 11241100x8000000000000000363764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7089fba54b4d432021-12-21 10:30:34.196root 11241100x8000000000000000363765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2101621356dfd002021-12-21 10:30:34.196root 11241100x8000000000000000363766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31b04cf3be2848112021-12-21 10:30:34.196root 11241100x8000000000000000363767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.346dc663a79633072021-12-21 10:30:34.196root 11241100x8000000000000000363768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d355e6856262e0432021-12-21 10:30:34.196root 11241100x8000000000000000363769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a53de7a0aab6ba0e2021-12-21 10:30:34.196root 11241100x8000000000000000363770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4607d035b1f72ab62021-12-21 10:30:34.197root 11241100x8000000000000000363771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56114baac11d90c12021-12-21 10:30:34.197root 11241100x8000000000000000363772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0a74cf2f40dcad2021-12-21 10:30:34.197root 11241100x8000000000000000363773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1155b56ddf78f032021-12-21 10:30:34.197root 11241100x8000000000000000363774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713d1fae54c18d832021-12-21 10:30:34.198root 11241100x8000000000000000363775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.379bc84f574bd5692021-12-21 10:30:34.198root 11241100x8000000000000000363776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a67a85d243b0a52021-12-21 10:30:34.198root 11241100x8000000000000000363777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec42ceb1801201b2021-12-21 10:30:34.693root 11241100x8000000000000000363778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.440d51dbee6d1ed82021-12-21 10:30:34.693root 11241100x8000000000000000363779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.806e9a3198159b932021-12-21 10:30:34.693root 11241100x8000000000000000363780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65485c496b08c1b62021-12-21 10:30:34.694root 11241100x8000000000000000363781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29d55dfaf17fe7522021-12-21 10:30:34.694root 11241100x8000000000000000363782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab3a716177beec12021-12-21 10:30:34.694root 11241100x8000000000000000363783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae0f8d4053f86d6e2021-12-21 10:30:34.694root 11241100x8000000000000000363784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f414d22f5b1a875e2021-12-21 10:30:34.695root 11241100x8000000000000000363785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.591a6c473f6edb012021-12-21 10:30:34.695root 11241100x8000000000000000363786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ecd6db34b888032021-12-21 10:30:34.695root 11241100x8000000000000000363787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868fc7b0a0ee60fb2021-12-21 10:30:34.695root 11241100x8000000000000000363788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74ec50b4557bd5d52021-12-21 10:30:34.695root 11241100x8000000000000000363789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae51b4ec6e9839d2021-12-21 10:30:34.695root 11241100x8000000000000000363790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6050c6edd22d412021-12-21 10:30:34.695root 11241100x8000000000000000363791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac4bbb4807aa1cdb2021-12-21 10:30:34.695root 11241100x8000000000000000363792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdf785d9638984092021-12-21 10:30:34.695root 11241100x8000000000000000363793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f1354107149efd2021-12-21 10:30:34.696root 11241100x8000000000000000363794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955eb81ac5ed5b322021-12-21 10:30:34.696root 11241100x8000000000000000363795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d7a4f22fa617342021-12-21 10:30:34.696root 11241100x8000000000000000363796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1b219411ffcc7b42021-12-21 10:30:34.696root 11241100x8000000000000000363797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2683cc83558ead7e2021-12-21 10:30:34.696root 11241100x8000000000000000363798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a13c7e41f26dea2021-12-21 10:30:34.696root 11241100x8000000000000000363799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23f9868f6f16c542021-12-21 10:30:34.696root 11241100x8000000000000000363800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:34.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8821ca9e132152a62021-12-21 10:30:34.696root 11241100x8000000000000000363801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4445b6c6258d1ae12021-12-21 10:30:35.193root 11241100x8000000000000000363802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e1f3dfd243012c12021-12-21 10:30:35.193root 11241100x8000000000000000363803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd6c6d4980ac68bf2021-12-21 10:30:35.194root 11241100x8000000000000000363804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6014b334dd59b4702021-12-21 10:30:35.194root 11241100x8000000000000000363805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdd70442c8e67c1b2021-12-21 10:30:35.194root 11241100x8000000000000000363806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7074df37a1c1ca5e2021-12-21 10:30:35.194root 11241100x8000000000000000363807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaea935275e7d9812021-12-21 10:30:35.194root 11241100x8000000000000000363808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2a124dff9079af2021-12-21 10:30:35.195root 11241100x8000000000000000363809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c167ac7340d24872021-12-21 10:30:35.195root 11241100x8000000000000000363810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d4376755b3b141a2021-12-21 10:30:35.195root 11241100x8000000000000000363811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9955732d39fb27232021-12-21 10:30:35.195root 11241100x8000000000000000363812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb5ee87a732d7e72021-12-21 10:30:35.195root 11241100x8000000000000000363813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785393cd7eef1c732021-12-21 10:30:35.195root 11241100x8000000000000000363814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.382e3569c7bcced32021-12-21 10:30:35.195root 11241100x8000000000000000363815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57bff5abf299141b2021-12-21 10:30:35.195root 11241100x8000000000000000363816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70e3c456ff9f88e92021-12-21 10:30:35.196root 11241100x8000000000000000363817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6e57bab8b1296e92021-12-21 10:30:35.196root 11241100x8000000000000000363818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca6664d3f6b2da412021-12-21 10:30:35.196root 11241100x8000000000000000363819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.966467038ca039432021-12-21 10:30:35.196root 11241100x8000000000000000363820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edad54bf8f5f50a72021-12-21 10:30:35.196root 11241100x8000000000000000363821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5a5b82a2f0d6f842021-12-21 10:30:35.196root 11241100x8000000000000000363822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1002181fbc1fd42021-12-21 10:30:35.196root 11241100x8000000000000000363823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05821055921d67702021-12-21 10:30:35.196root 11241100x8000000000000000363824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b599470e729b3af22021-12-21 10:30:35.196root 11241100x8000000000000000363825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff94d5a82dd9caa12021-12-21 10:30:35.693root 11241100x8000000000000000363826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bef7893713ddf08a2021-12-21 10:30:35.693root 11241100x8000000000000000363827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b2c173f2cbd864f2021-12-21 10:30:35.693root 11241100x8000000000000000363828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33b2d4a555f7d3c2021-12-21 10:30:35.693root 11241100x8000000000000000363829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f4e4f80b5412a432021-12-21 10:30:35.693root 11241100x8000000000000000363830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b964910a25d622672021-12-21 10:30:35.694root 11241100x8000000000000000363831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0b9cb807f7e4e92021-12-21 10:30:35.694root 11241100x8000000000000000363832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e95e096a0eb8a112021-12-21 10:30:35.694root 11241100x8000000000000000363833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1643ec4073e47c52021-12-21 10:30:35.694root 11241100x8000000000000000363834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9845529b5bef6e142021-12-21 10:30:35.694root 11241100x8000000000000000363835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2f390ee98cf69762021-12-21 10:30:35.694root 11241100x8000000000000000363836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.350544046281a7c52021-12-21 10:30:35.694root 11241100x8000000000000000363837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9596a9045e5cf92021-12-21 10:30:35.695root 11241100x8000000000000000363838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e1bf76bf65f2b812021-12-21 10:30:35.695root 11241100x8000000000000000363839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ebf7adbd90783572021-12-21 10:30:35.695root 11241100x8000000000000000363840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e802280665f23d652021-12-21 10:30:35.695root 11241100x8000000000000000363841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0923f726ffb2df3f2021-12-21 10:30:35.695root 11241100x8000000000000000363842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b376ebe7c8c969c2021-12-21 10:30:35.696root 11241100x8000000000000000363843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f319be2af10441b32021-12-21 10:30:35.696root 11241100x8000000000000000363844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1328391c199340592021-12-21 10:30:35.696root 11241100x8000000000000000363845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f70567df69b2f342021-12-21 10:30:35.696root 11241100x8000000000000000363846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57699c347c62da92021-12-21 10:30:35.696root 11241100x8000000000000000363847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40080c7c2355bf5a2021-12-21 10:30:35.696root 11241100x8000000000000000363848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02c867c592feebc12021-12-21 10:30:35.696root 11241100x8000000000000000363849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:35.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5061e041ea2b1d62021-12-21 10:30:35.697root 354300x8000000000000000363850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.042{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47200-false10.0.1.12-8000- 11241100x8000000000000000363851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.042{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.807459023cd0c0ef2021-12-21 10:30:36.042root 11241100x8000000000000000363852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.042{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4c8ad897ad19622021-12-21 10:30:36.042root 11241100x8000000000000000363853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86b3d81353547c462021-12-21 10:30:36.043root 11241100x8000000000000000363854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1a3cdec01bd965d2021-12-21 10:30:36.043root 11241100x8000000000000000363855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133101d65920f0722021-12-21 10:30:36.043root 11241100x8000000000000000363856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1b02b78d1c11d3b2021-12-21 10:30:36.043root 11241100x8000000000000000363857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d96a634aa468c84e2021-12-21 10:30:36.043root 11241100x8000000000000000363858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f66dd0330bfe6002021-12-21 10:30:36.043root 11241100x8000000000000000363859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a11729982d65d0252021-12-21 10:30:36.043root 11241100x8000000000000000363860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be5978c003bab18b2021-12-21 10:30:36.043root 11241100x8000000000000000363861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc25a491561f5eb42021-12-21 10:30:36.043root 11241100x8000000000000000363862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d1f62dba46985842021-12-21 10:30:36.043root 11241100x8000000000000000363863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a1df772e11f9682021-12-21 10:30:36.043root 11241100x8000000000000000363864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d57cdcddbed18f0f2021-12-21 10:30:36.043root 11241100x8000000000000000363865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef352b900f4800442021-12-21 10:30:36.044root 11241100x8000000000000000363866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7697db2b8436687b2021-12-21 10:30:36.044root 11241100x8000000000000000363867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad558588cee79a282021-12-21 10:30:36.044root 11241100x8000000000000000363868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efcd450faba996d32021-12-21 10:30:36.044root 11241100x8000000000000000363869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fecb671ba3de26b12021-12-21 10:30:36.044root 11241100x8000000000000000363870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e74180af03d9cb2021-12-21 10:30:36.044root 11241100x8000000000000000363871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efdeb5d94a7183242021-12-21 10:30:36.044root 11241100x8000000000000000363872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ea87854fc2a4eb2021-12-21 10:30:36.044root 11241100x8000000000000000363873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.085b440732d642182021-12-21 10:30:36.044root 11241100x8000000000000000363874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4958a7313dec76272021-12-21 10:30:36.045root 11241100x8000000000000000363875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b8505c3628b91862021-12-21 10:30:36.045root 11241100x8000000000000000363876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d648a5cb2352832021-12-21 10:30:36.045root 11241100x8000000000000000363877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7efdd7eb570932222021-12-21 10:30:36.045root 11241100x8000000000000000363878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352647f205241d422021-12-21 10:30:36.045root 11241100x8000000000000000363879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04f847dd19ed6b1d2021-12-21 10:30:36.045root 11241100x8000000000000000363880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5231b582827230282021-12-21 10:30:36.045root 11241100x8000000000000000363881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f3cd00fbd2c90c02021-12-21 10:30:36.045root 11241100x8000000000000000363882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07fc6ef2524d707e2021-12-21 10:30:36.045root 11241100x8000000000000000363883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df66638e4dd9fcab2021-12-21 10:30:36.045root 11241100x8000000000000000363884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ef110904e1597362021-12-21 10:30:36.046root 11241100x8000000000000000363885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f71b359cb55c7c2021-12-21 10:30:36.046root 11241100x8000000000000000363886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fa5f2bcd44dc5732021-12-21 10:30:36.046root 11241100x8000000000000000363887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c71b6467d2097a22021-12-21 10:30:36.046root 11241100x8000000000000000363888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f3c7fb4897458e2021-12-21 10:30:36.046root 11241100x8000000000000000363889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d520e96466866bae2021-12-21 10:30:36.046root 11241100x8000000000000000363890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2904a466e6a52d52021-12-21 10:30:36.046root 11241100x8000000000000000363891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e03894b9174cd552021-12-21 10:30:36.046root 11241100x8000000000000000363892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c51adcccbe4fd562021-12-21 10:30:36.046root 11241100x8000000000000000363893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d11245e07c46de72021-12-21 10:30:36.046root 11241100x8000000000000000363894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.047{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed1ee4b4f331eaa2021-12-21 10:30:36.047root 11241100x8000000000000000363895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.047{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16409cae549176ef2021-12-21 10:30:36.047root 11241100x8000000000000000363896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.047{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6064a78113b14662021-12-21 10:30:36.047root 11241100x8000000000000000363897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.047{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0562f096bcc620982021-12-21 10:30:36.047root 11241100x8000000000000000363898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.047{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f736b9861c1e84182021-12-21 10:30:36.047root 11241100x8000000000000000363899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.047{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4298f58a71dd6552021-12-21 10:30:36.047root 11241100x8000000000000000363900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.048{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39fed6dbe83b567d2021-12-21 10:30:36.048root 11241100x8000000000000000363901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.347{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:30:36.347root 11241100x8000000000000000363902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7281fa1c1b9ff4da2021-12-21 10:30:36.348root 11241100x8000000000000000363903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b555d241b94a68b02021-12-21 10:30:36.348root 11241100x8000000000000000363904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f5a6e65fd7793c2021-12-21 10:30:36.348root 11241100x8000000000000000363905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cf63eb1f611d86e2021-12-21 10:30:36.348root 11241100x8000000000000000363906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87b1684dd49070132021-12-21 10:30:36.349root 11241100x8000000000000000363907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd1accca8662346e2021-12-21 10:30:36.349root 11241100x8000000000000000363908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f62c01cb7d313472021-12-21 10:30:36.349root 11241100x8000000000000000363909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1aedcc5c4c8bf9b2021-12-21 10:30:36.349root 11241100x8000000000000000363910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01c0a6076ee179f02021-12-21 10:30:36.349root 11241100x8000000000000000363911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef34da228e90f7402021-12-21 10:30:36.349root 11241100x8000000000000000363912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88fb6e8a5eba222a2021-12-21 10:30:36.349root 11241100x8000000000000000363913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d017b177d22e32d2021-12-21 10:30:36.350root 11241100x8000000000000000363914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3badb1d1218af82e2021-12-21 10:30:36.350root 11241100x8000000000000000363915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d13c988d89b5f8e2021-12-21 10:30:36.350root 11241100x8000000000000000363916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5159da8837de874d2021-12-21 10:30:36.350root 11241100x8000000000000000363917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7fa8af18adabb2d2021-12-21 10:30:36.350root 11241100x8000000000000000363918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd4bb1b37fc6c3922021-12-21 10:30:36.350root 11241100x8000000000000000363919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ccc39275ab6da072021-12-21 10:30:36.350root 11241100x8000000000000000363920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad01a1350f64baf02021-12-21 10:30:36.350root 11241100x8000000000000000363921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b94a395721745d12021-12-21 10:30:36.351root 11241100x8000000000000000363922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e24117dcfea3e722021-12-21 10:30:36.351root 11241100x8000000000000000363923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f95b35ab64e15f2021-12-21 10:30:36.351root 11241100x8000000000000000363924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ff207ec45d20d22021-12-21 10:30:36.351root 11241100x8000000000000000363925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24bd317bdb2694292021-12-21 10:30:36.351root 11241100x8000000000000000363926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9280309803ca54e62021-12-21 10:30:36.351root 11241100x8000000000000000363927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29e9f9cec891aa102021-12-21 10:30:36.351root 11241100x8000000000000000363928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677647ca98e21ba02021-12-21 10:30:36.351root 11241100x8000000000000000363929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be6ab3144bcc9892021-12-21 10:30:36.351root 11241100x8000000000000000363930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606713c24dc55d922021-12-21 10:30:36.351root 11241100x8000000000000000363931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.351{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49d263e5b3010c7a2021-12-21 10:30:36.351root 11241100x8000000000000000363932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e1fe17c918e7212021-12-21 10:30:36.352root 11241100x8000000000000000363933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54637eaf63624f032021-12-21 10:30:36.352root 11241100x8000000000000000363934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76200a680ae12dc52021-12-21 10:30:36.352root 11241100x8000000000000000363935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53b98fe1fd9232242021-12-21 10:30:36.352root 11241100x8000000000000000363936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c973886a61fced032021-12-21 10:30:36.352root 11241100x8000000000000000363937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f54f80e3cebd8b442021-12-21 10:30:36.352root 11241100x8000000000000000363938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6abb75000adb43c2021-12-21 10:30:36.352root 11241100x8000000000000000363939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5c1cce25e428d42021-12-21 10:30:36.352root 11241100x8000000000000000363940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60f2bafd7c601a3e2021-12-21 10:30:36.352root 11241100x8000000000000000363941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a331c26bf1fbc182021-12-21 10:30:36.352root 11241100x8000000000000000363942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dee39c24bfe562b2021-12-21 10:30:36.352root 11241100x8000000000000000363943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3b4a4970d0747a02021-12-21 10:30:36.352root 11241100x8000000000000000363944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae2976755f74ea512021-12-21 10:30:36.352root 11241100x8000000000000000363945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d4dbb36565636f2021-12-21 10:30:36.352root 11241100x8000000000000000363946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e776443cbaf3d1cc2021-12-21 10:30:36.352root 11241100x8000000000000000363947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.352{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ddd1f085839d272021-12-21 10:30:36.352root 11241100x8000000000000000363948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd1e7a75783526842021-12-21 10:30:36.353root 11241100x8000000000000000363949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0b99011ccebb6ad2021-12-21 10:30:36.353root 11241100x8000000000000000363950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8912f4702106bb82021-12-21 10:30:36.353root 11241100x8000000000000000363951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff533e665a0f444f2021-12-21 10:30:36.353root 11241100x8000000000000000363952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.353{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e525834954c23f502021-12-21 10:30:36.353root 11241100x8000000000000000363953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10c6ab20c200334a2021-12-21 10:30:36.693root 11241100x8000000000000000363954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcf736bca962afec2021-12-21 10:30:36.694root 11241100x8000000000000000363955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70b72e066d8250af2021-12-21 10:30:36.694root 11241100x8000000000000000363956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d40d9b15a7a4ea42021-12-21 10:30:36.695root 11241100x8000000000000000363957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41550546b4f318882021-12-21 10:30:36.695root 11241100x8000000000000000363958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f115f8a34a6c1dc2021-12-21 10:30:36.696root 11241100x8000000000000000363959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe59737d5575039e2021-12-21 10:30:36.696root 11241100x8000000000000000363960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29737014610a039e2021-12-21 10:30:36.696root 11241100x8000000000000000363961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92f3357f858354a2021-12-21 10:30:36.697root 11241100x8000000000000000363962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6b2a0eb9b219b4e2021-12-21 10:30:36.697root 11241100x8000000000000000363963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117eef1770ee46262021-12-21 10:30:36.698root 11241100x8000000000000000363964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e446ad4fc7ff820d2021-12-21 10:30:36.698root 11241100x8000000000000000363965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957e1b8b3a7804882021-12-21 10:30:36.699root 11241100x8000000000000000363966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7afc78d146333eb2021-12-21 10:30:36.699root 11241100x8000000000000000363967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.694ac9906ce657012021-12-21 10:30:36.699root 11241100x8000000000000000363968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4cfb099f08077f62021-12-21 10:30:36.700root 11241100x8000000000000000363969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9794ea12990fdc182021-12-21 10:30:36.700root 11241100x8000000000000000363970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8f2b33bb1f37382021-12-21 10:30:36.700root 11241100x8000000000000000363971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07a6a467296db0962021-12-21 10:30:36.701root 11241100x8000000000000000363972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013811603ea75df12021-12-21 10:30:36.701root 11241100x8000000000000000363973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de7ee32d7d8381e72021-12-21 10:30:36.701root 11241100x8000000000000000363974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0800b4cb5cf91fde2021-12-21 10:30:36.701root 11241100x8000000000000000363975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.650dfd34017fcb3b2021-12-21 10:30:36.702root 11241100x8000000000000000363976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3599d39f012397c62021-12-21 10:30:36.702root 11241100x8000000000000000363977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.515e58a8b20e495f2021-12-21 10:30:36.702root 11241100x8000000000000000363978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:36.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bec0fc2885e1854e2021-12-21 10:30:36.702root 11241100x8000000000000000363979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc464d1519be9442021-12-21 10:30:37.193root 11241100x8000000000000000363980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c48c5ae18e2ce42021-12-21 10:30:37.194root 11241100x8000000000000000363981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.725fd5f4c9c1987b2021-12-21 10:30:37.194root 11241100x8000000000000000363982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5ebad69fee78cb82021-12-21 10:30:37.194root 11241100x8000000000000000363983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9244ccf5e2f66ee62021-12-21 10:30:37.195root 11241100x8000000000000000363984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5979736a8c4e9e9d2021-12-21 10:30:37.195root 11241100x8000000000000000363985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b2c42fd0e6ae9ce2021-12-21 10:30:37.195root 11241100x8000000000000000363986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.059d82451492f6d82021-12-21 10:30:37.195root 11241100x8000000000000000363987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5845f387b3c09b2021-12-21 10:30:37.195root 11241100x8000000000000000363988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264d649549bb59832021-12-21 10:30:37.195root 11241100x8000000000000000363989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88deecc9af1b1162021-12-21 10:30:37.195root 11241100x8000000000000000363990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0635540defd5adf42021-12-21 10:30:37.195root 11241100x8000000000000000363991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed376a12679be542021-12-21 10:30:37.196root 11241100x8000000000000000363992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dd26e2ca3e3c0302021-12-21 10:30:37.196root 11241100x8000000000000000363993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91ddedd52721d2882021-12-21 10:30:37.196root 11241100x8000000000000000363994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19798e7045c542792021-12-21 10:30:37.196root 11241100x8000000000000000363995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19482066805b5bd2021-12-21 10:30:37.196root 11241100x8000000000000000363996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0b69181674b378e2021-12-21 10:30:37.196root 11241100x8000000000000000363997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49033a98395411f82021-12-21 10:30:37.196root 11241100x8000000000000000363998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ed39a58e5034cb2021-12-21 10:30:37.196root 11241100x8000000000000000363999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c250f598f7283562021-12-21 10:30:37.196root 11241100x8000000000000000364000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b08661fe61ed0cb22021-12-21 10:30:37.196root 11241100x8000000000000000364001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7fa7169900b46dd2021-12-21 10:30:37.196root 11241100x8000000000000000364002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeff380a8bfc3c672021-12-21 10:30:37.197root 11241100x8000000000000000364003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cbc2d37033cf8052021-12-21 10:30:37.197root 11241100x8000000000000000364004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3140dae9e18bb62021-12-21 10:30:37.197root 11241100x8000000000000000364005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b550fa9402d6262021-12-21 10:30:37.197root 11241100x8000000000000000364006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e833ecba72dc7cc52021-12-21 10:30:37.692root 11241100x8000000000000000364007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64d52e4635ea7a2a2021-12-21 10:30:37.693root 11241100x8000000000000000364008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.519fa15af390371f2021-12-21 10:30:37.693root 11241100x8000000000000000364009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc09b112a52e20672021-12-21 10:30:37.693root 11241100x8000000000000000364010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce869044a67970b2021-12-21 10:30:37.694root 11241100x8000000000000000364011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d394d40edeafc0292021-12-21 10:30:37.694root 11241100x8000000000000000364012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3f8e2444009656d2021-12-21 10:30:37.694root 11241100x8000000000000000364013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d01bd7a3c8b1ace2021-12-21 10:30:37.694root 11241100x8000000000000000364014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf29f9a597e084652021-12-21 10:30:37.694root 11241100x8000000000000000364015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8118976e055ed11a2021-12-21 10:30:37.694root 11241100x8000000000000000364016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7f7f7aff58302f52021-12-21 10:30:37.694root 11241100x8000000000000000364017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.046f24bd4fcc156a2021-12-21 10:30:37.694root 11241100x8000000000000000364018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec03a560c513d1502021-12-21 10:30:37.694root 11241100x8000000000000000364019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f370e8b2edaa0aff2021-12-21 10:30:37.694root 11241100x8000000000000000364020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e48558082f76872021-12-21 10:30:37.694root 11241100x8000000000000000364021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cfce1982c256f3a2021-12-21 10:30:37.694root 11241100x8000000000000000364022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f08ded58b3908382021-12-21 10:30:37.694root 11241100x8000000000000000364023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2949956fa4515372021-12-21 10:30:37.694root 11241100x8000000000000000364024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.240b04d35f6b8c4e2021-12-21 10:30:37.695root 11241100x8000000000000000364025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6c55dada70bbc9d2021-12-21 10:30:37.695root 11241100x8000000000000000364026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ec06aa61053bc5d2021-12-21 10:30:37.695root 11241100x8000000000000000364027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127fb5d29b8053a52021-12-21 10:30:37.695root 11241100x8000000000000000364028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be8419aacf95ee6b2021-12-21 10:30:37.695root 11241100x8000000000000000364029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35d6e5f89814196f2021-12-21 10:30:37.695root 11241100x8000000000000000364030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d57ed5ee29f8c2b2021-12-21 10:30:37.695root 11241100x8000000000000000364031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71cec9e89700b6cf2021-12-21 10:30:37.695root 11241100x8000000000000000364032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d92c33a94d96759d2021-12-21 10:30:37.695root 11241100x8000000000000000364033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69037fca52e2a3e12021-12-21 10:30:37.695root 11241100x8000000000000000364034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:37.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9edfd6ee229de2d2021-12-21 10:30:37.696root 11241100x8000000000000000364035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d0164c65be01b2a2021-12-21 10:30:38.193root 11241100x8000000000000000364036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.739a8d41b8decfc52021-12-21 10:30:38.193root 11241100x8000000000000000364037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bcfeb1fd45f2d22021-12-21 10:30:38.193root 11241100x8000000000000000364038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c110dda3da0b18122021-12-21 10:30:38.193root 11241100x8000000000000000364039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e6a925ba0514432021-12-21 10:30:38.193root 11241100x8000000000000000364040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2980b7b887ac0522021-12-21 10:30:38.194root 11241100x8000000000000000364041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd044fc220d53f22021-12-21 10:30:38.194root 11241100x8000000000000000364042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ef8c1aa4b8913c2021-12-21 10:30:38.194root 11241100x8000000000000000364043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e3bf0ee7ddc31512021-12-21 10:30:38.194root 11241100x8000000000000000364044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.972f1d5e37d64b5e2021-12-21 10:30:38.194root 11241100x8000000000000000364045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cbccb76dbd968312021-12-21 10:30:38.194root 11241100x8000000000000000364046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30bed291a1996ba52021-12-21 10:30:38.194root 11241100x8000000000000000364047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51e26453c93566902021-12-21 10:30:38.194root 11241100x8000000000000000364048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.207a65bca44367c02021-12-21 10:30:38.194root 11241100x8000000000000000364049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff9af76249a018102021-12-21 10:30:38.194root 11241100x8000000000000000364050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d111f597dd661f2021-12-21 10:30:38.194root 11241100x8000000000000000364051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8f90776a5bb0602021-12-21 10:30:38.195root 11241100x8000000000000000364052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95082eba172bc4272021-12-21 10:30:38.195root 11241100x8000000000000000364053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b961c57c2f249cf2021-12-21 10:30:38.195root 11241100x8000000000000000364054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a752c21817c7c5b2021-12-21 10:30:38.195root 11241100x8000000000000000364055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74a9d49c956f982a2021-12-21 10:30:38.196root 11241100x8000000000000000364056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f42af0be6174c4cd2021-12-21 10:30:38.196root 11241100x8000000000000000364057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b50440652cbc66c2021-12-21 10:30:38.196root 11241100x8000000000000000364058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5641190682def3182021-12-21 10:30:38.196root 11241100x8000000000000000364059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e99c9e800f121a4f2021-12-21 10:30:38.196root 11241100x8000000000000000364060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.779938ec059ccb442021-12-21 10:30:38.196root 11241100x8000000000000000364061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290e968ea7d8d4f32021-12-21 10:30:38.693root 11241100x8000000000000000364062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9751c964a13e98432021-12-21 10:30:38.693root 11241100x8000000000000000364063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d66ab7cb5e9df132021-12-21 10:30:38.693root 11241100x8000000000000000364064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6041a81860cb01a12021-12-21 10:30:38.694root 11241100x8000000000000000364065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc17855f8ad1b0002021-12-21 10:30:38.694root 11241100x8000000000000000364066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af13f337b0a83ee12021-12-21 10:30:38.694root 11241100x8000000000000000364067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1bbb47b79956f62021-12-21 10:30:38.694root 11241100x8000000000000000364068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb0f53fe63b764b52021-12-21 10:30:38.694root 11241100x8000000000000000364069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c9233f1a694a4f52021-12-21 10:30:38.694root 11241100x8000000000000000364070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.412f11d2c77794882021-12-21 10:30:38.694root 11241100x8000000000000000364071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44e45d6791d2f9d42021-12-21 10:30:38.694root 11241100x8000000000000000364072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c4ab84e6bf754f2021-12-21 10:30:38.694root 11241100x8000000000000000364073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31337404c189ba962021-12-21 10:30:38.694root 11241100x8000000000000000364074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f31734f700a73f5b2021-12-21 10:30:38.694root 11241100x8000000000000000364075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ae38e2eb8d9a1d2021-12-21 10:30:38.694root 11241100x8000000000000000364076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5700b658231557c2021-12-21 10:30:38.694root 11241100x8000000000000000364077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09613767d6793cc02021-12-21 10:30:38.694root 11241100x8000000000000000364078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b932eb741aee65c22021-12-21 10:30:38.694root 11241100x8000000000000000364079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5167f5488722e7892021-12-21 10:30:38.694root 11241100x8000000000000000364080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36740657a9ed17de2021-12-21 10:30:38.695root 11241100x8000000000000000364081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f43a1f1c08addf912021-12-21 10:30:38.695root 11241100x8000000000000000364082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.415d4e1217f6addf2021-12-21 10:30:38.695root 11241100x8000000000000000364083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e61d0b8863ace452021-12-21 10:30:38.695root 11241100x8000000000000000364084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d71e774f7afbf712021-12-21 10:30:38.695root 11241100x8000000000000000364085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0328ca130ee9e6072021-12-21 10:30:38.695root 11241100x8000000000000000364086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:38.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2b0fe910e93df1d2021-12-21 10:30:38.695root 11241100x8000000000000000364087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5eae3c0d846c1002021-12-21 10:30:39.193root 11241100x8000000000000000364088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16bb95b8453cbe3e2021-12-21 10:30:39.193root 11241100x8000000000000000364089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72ab15f65eeb4d972021-12-21 10:30:39.193root 11241100x8000000000000000364090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6f81c0d83c1c602021-12-21 10:30:39.193root 11241100x8000000000000000364091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d783b0625ec0d70e2021-12-21 10:30:39.193root 11241100x8000000000000000364092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2e1a327a3a907972021-12-21 10:30:39.194root 11241100x8000000000000000364093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d480ae14f42c5bd2021-12-21 10:30:39.194root 11241100x8000000000000000364094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a6a8f907443c3e2021-12-21 10:30:39.194root 11241100x8000000000000000364095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ceb24ba7147a2b6e2021-12-21 10:30:39.194root 11241100x8000000000000000364096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7bb051463ab40f72021-12-21 10:30:39.194root 11241100x8000000000000000364097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02e027503cdf01122021-12-21 10:30:39.194root 11241100x8000000000000000364098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5969c7975b28f2be2021-12-21 10:30:39.194root 11241100x8000000000000000364099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1a267d29fc3c022021-12-21 10:30:39.195root 11241100x8000000000000000364100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24af0120d122aa862021-12-21 10:30:39.195root 11241100x8000000000000000364101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e8604807079f752021-12-21 10:30:39.195root 11241100x8000000000000000364102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0187b17a8d7e850a2021-12-21 10:30:39.195root 11241100x8000000000000000364103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce849fac9b804db52021-12-21 10:30:39.195root 11241100x8000000000000000364104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2c4601d36505a0e2021-12-21 10:30:39.195root 11241100x8000000000000000364105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6449cf916948032021-12-21 10:30:39.196root 11241100x8000000000000000364106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cae0f7d1e3b258d2021-12-21 10:30:39.196root 11241100x8000000000000000364107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c098af8767473d892021-12-21 10:30:39.196root 11241100x8000000000000000364108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa6b3fef29d9a0c92021-12-21 10:30:39.196root 11241100x8000000000000000364109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839d7ad7d22f262c2021-12-21 10:30:39.196root 11241100x8000000000000000364110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e0329f021c1eb82021-12-21 10:30:39.196root 11241100x8000000000000000364111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c97191650455ffe2021-12-21 10:30:39.196root 11241100x8000000000000000364112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df9da9466d1614bc2021-12-21 10:30:39.196root 11241100x8000000000000000364113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af5a89f2a394c9712021-12-21 10:30:39.197root 11241100x8000000000000000364114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b9b45a60a67740a2021-12-21 10:30:39.197root 11241100x8000000000000000364115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.923b7d0cd1545d222021-12-21 10:30:39.197root 11241100x8000000000000000364116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ac3813e76e347dd2021-12-21 10:30:39.197root 11241100x8000000000000000364117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36c5afb0f48c345d2021-12-21 10:30:39.197root 11241100x8000000000000000364118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bafb2b62c57ea8f92021-12-21 10:30:39.197root 11241100x8000000000000000364119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b40d5b2381a1242021-12-21 10:30:39.197root 23542300x8000000000000000364120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.349{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000364121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5855e75884f4e7d72021-12-21 10:30:39.693root 11241100x8000000000000000364122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1185c8c57ca1e612021-12-21 10:30:39.693root 11241100x8000000000000000364123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbe72ab8a4c1233c2021-12-21 10:30:39.694root 11241100x8000000000000000364124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37752e716c5459192021-12-21 10:30:39.694root 11241100x8000000000000000364125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e150b4501f920782021-12-21 10:30:39.694root 11241100x8000000000000000364126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.237e976f57e8e5302021-12-21 10:30:39.694root 11241100x8000000000000000364127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9701832b583f09382021-12-21 10:30:39.694root 11241100x8000000000000000364128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81672daed25fdfea2021-12-21 10:30:39.694root 11241100x8000000000000000364129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acda4961e1e233c82021-12-21 10:30:39.694root 11241100x8000000000000000364130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6ee71ec3c3be5d2021-12-21 10:30:39.694root 11241100x8000000000000000364131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.031f1aa8a863941f2021-12-21 10:30:39.694root 11241100x8000000000000000364132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.125677876ad3e53f2021-12-21 10:30:39.695root 11241100x8000000000000000364133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0ed2764f56885932021-12-21 10:30:39.695root 11241100x8000000000000000364134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402f61407a21a7902021-12-21 10:30:39.695root 11241100x8000000000000000364135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b37724bb61e71ca32021-12-21 10:30:39.695root 11241100x8000000000000000364136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30ac74f5bc52d91d2021-12-21 10:30:39.695root 11241100x8000000000000000364137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b28a3033fa621e2021-12-21 10:30:39.695root 11241100x8000000000000000364138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6531c5439dd4f002021-12-21 10:30:39.696root 11241100x8000000000000000364139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e8a15e9031688352021-12-21 10:30:39.696root 11241100x8000000000000000364140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c5e0c80ab205fe72021-12-21 10:30:39.696root 11241100x8000000000000000364141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69478ba015cde61f2021-12-21 10:30:39.696root 11241100x8000000000000000364142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b245ffbd411c122d2021-12-21 10:30:39.696root 11241100x8000000000000000364143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da9c57b766e533482021-12-21 10:30:39.696root 11241100x8000000000000000364144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0c7b6f56233e3b2021-12-21 10:30:39.697root 11241100x8000000000000000364145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335a714686ffadd32021-12-21 10:30:39.697root 11241100x8000000000000000364146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.264e481ec08ec2c62021-12-21 10:30:39.697root 11241100x8000000000000000364147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:39.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3aefb5c60239fb372021-12-21 10:30:39.697root 11241100x8000000000000000364148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a110b06d5131a4d22021-12-21 10:30:40.192root 11241100x8000000000000000364149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d3d3f053370d902021-12-21 10:30:40.193root 11241100x8000000000000000364150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a8a15c528e56bfd2021-12-21 10:30:40.193root 11241100x8000000000000000364151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65a41628a430b75f2021-12-21 10:30:40.193root 11241100x8000000000000000364152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a3ae5b9e88a501b2021-12-21 10:30:40.193root 11241100x8000000000000000364153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71d314c0a496f4642021-12-21 10:30:40.193root 11241100x8000000000000000364154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6aa9b1cc41ba16f12021-12-21 10:30:40.193root 11241100x8000000000000000364155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.516b5b4ee12373c82021-12-21 10:30:40.193root 11241100x8000000000000000364156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ff12389e0b50512021-12-21 10:30:40.193root 11241100x8000000000000000364157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f5412d4a5d8b9c2021-12-21 10:30:40.193root 11241100x8000000000000000364158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1396b5f281c856f92021-12-21 10:30:40.194root 11241100x8000000000000000364159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18a4eb1c10569072021-12-21 10:30:40.194root 11241100x8000000000000000364160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1a54a04767410b32021-12-21 10:30:40.194root 11241100x8000000000000000364161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd059ab16bf79032021-12-21 10:30:40.194root 11241100x8000000000000000364162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f97df0317a17367a2021-12-21 10:30:40.194root 11241100x8000000000000000364163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb4fb9851c192c12021-12-21 10:30:40.194root 11241100x8000000000000000364164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b810ecd85e63decf2021-12-21 10:30:40.194root 11241100x8000000000000000364165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfed799dfe3bbac72021-12-21 10:30:40.194root 11241100x8000000000000000364166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f903f2b3bbacd32021-12-21 10:30:40.194root 11241100x8000000000000000364167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb59b8e09f1debb12021-12-21 10:30:40.195root 11241100x8000000000000000364168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91608301e5d78bb32021-12-21 10:30:40.195root 11241100x8000000000000000364169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72b5674dad770af82021-12-21 10:30:40.195root 11241100x8000000000000000364170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3933911adf85a4912021-12-21 10:30:40.195root 11241100x8000000000000000364171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f87146ebec4c9782021-12-21 10:30:40.195root 11241100x8000000000000000364172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa09c9a7f6afa5d2021-12-21 10:30:40.195root 11241100x8000000000000000364173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efcfaf5beca2318c2021-12-21 10:30:40.196root 11241100x8000000000000000364174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9872d943ba20adc42021-12-21 10:30:40.196root 11241100x8000000000000000364175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fcd207422b7b70222021-12-21 10:30:40.196root 11241100x8000000000000000364176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbb3aca216bde91c2021-12-21 10:30:40.196root 11241100x8000000000000000364177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.162e2acb59c03c282021-12-21 10:30:40.196root 11241100x8000000000000000364178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85f631ac4b8953b22021-12-21 10:30:40.197root 11241100x8000000000000000364179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c31c211cb02bd5bd2021-12-21 10:30:40.197root 11241100x8000000000000000364180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a33ba6d1b801e5cb2021-12-21 10:30:40.197root 11241100x8000000000000000364181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfbcae5f6bff936e2021-12-21 10:30:40.197root 11241100x8000000000000000364182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b62b1d777ad16e162021-12-21 10:30:40.198root 11241100x8000000000000000364183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2cfd1e6dd23d3d52021-12-21 10:30:40.198root 11241100x8000000000000000364184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f81399b8748534d22021-12-21 10:30:40.198root 11241100x8000000000000000364185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a20aaff6ce601fd72021-12-21 10:30:40.199root 11241100x8000000000000000364186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457c93b9b1159fab2021-12-21 10:30:40.199root 11241100x8000000000000000364187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13fe788374eb8cfe2021-12-21 10:30:40.199root 11241100x8000000000000000364188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2a1d98d48feb6d02021-12-21 10:30:40.200root 11241100x8000000000000000364189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ccdfb55c15f7aa52021-12-21 10:30:40.200root 11241100x8000000000000000364190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.353922215ca619062021-12-21 10:30:40.200root 11241100x8000000000000000364191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a544033681eba432021-12-21 10:30:40.200root 11241100x8000000000000000364192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e89290ab8a7b442a2021-12-21 10:30:40.200root 11241100x8000000000000000364193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b5d882ac4c16332021-12-21 10:30:40.201root 11241100x8000000000000000364194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae5dc14830f776a2021-12-21 10:30:40.201root 11241100x8000000000000000364195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41004733da277d82021-12-21 10:30:40.201root 11241100x8000000000000000364196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cd015a293ef52fb2021-12-21 10:30:40.201root 11241100x8000000000000000364197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.646d56b624fdd4822021-12-21 10:30:40.201root 11241100x8000000000000000364198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee110e043cab76ce2021-12-21 10:30:40.202root 11241100x8000000000000000364199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4699024724d93f142021-12-21 10:30:40.202root 11241100x8000000000000000364200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f88ed63f55de92b2021-12-21 10:30:40.202root 11241100x8000000000000000364201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0aa256e522c9b562021-12-21 10:30:40.202root 11241100x8000000000000000364202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f09652c87cd379a2021-12-21 10:30:40.202root 11241100x8000000000000000364203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a994a45bfd95d5eb2021-12-21 10:30:40.202root 11241100x8000000000000000364204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d9d7195e497ae992021-12-21 10:30:40.693root 11241100x8000000000000000364205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3ee15cea8f3d8cc2021-12-21 10:30:40.694root 11241100x8000000000000000364206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf0d59853d1fd1622021-12-21 10:30:40.694root 11241100x8000000000000000364207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7bd27372575f7f52021-12-21 10:30:40.694root 11241100x8000000000000000364208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024dc058de4f0fd82021-12-21 10:30:40.695root 11241100x8000000000000000364209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ae03919ba98c2aa2021-12-21 10:30:40.695root 11241100x8000000000000000364210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f84ba89ad02d30bd2021-12-21 10:30:40.695root 11241100x8000000000000000364211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a05d716da1b2df52021-12-21 10:30:40.696root 11241100x8000000000000000364212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf04a2d505885a732021-12-21 10:30:40.696root 11241100x8000000000000000364213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025a542216e924382021-12-21 10:30:40.697root 11241100x8000000000000000364214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040a312ea6734b6f2021-12-21 10:30:40.701root 11241100x8000000000000000364215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbfc30d11452a3ad2021-12-21 10:30:40.701root 11241100x8000000000000000364216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b06997f45ec9c5af2021-12-21 10:30:40.703root 11241100x8000000000000000364217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6907a85f51236f9f2021-12-21 10:30:40.703root 11241100x8000000000000000364218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba100c686e6b0d432021-12-21 10:30:40.703root 11241100x8000000000000000364219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66b130be84b108672021-12-21 10:30:40.703root 11241100x8000000000000000364220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3024d9cdc273a1982021-12-21 10:30:40.703root 11241100x8000000000000000364221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcc29b0d7fecc9142021-12-21 10:30:40.703root 11241100x8000000000000000364222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.512939c4b598fe2f2021-12-21 10:30:40.703root 11241100x8000000000000000364223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd06897f5cc709862021-12-21 10:30:40.703root 11241100x8000000000000000364224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b74ad3f575cbfbf2021-12-21 10:30:40.704root 11241100x8000000000000000364225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68bddf1a01b70db72021-12-21 10:30:40.704root 11241100x8000000000000000364226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb401ca6458b0292021-12-21 10:30:40.704root 11241100x8000000000000000364227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa7b9debd3f67e582021-12-21 10:30:40.704root 11241100x8000000000000000364228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.883a70971c0d36052021-12-21 10:30:40.704root 11241100x8000000000000000364229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a36ecf7bcabfd32021-12-21 10:30:40.704root 11241100x8000000000000000364230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:40.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71128bb30b7b6c6a2021-12-21 10:30:40.704root 11241100x8000000000000000364231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4f0955d2bc5565c2021-12-21 10:30:41.193root 11241100x8000000000000000364232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4ab95b4ba6fefcd2021-12-21 10:30:41.193root 11241100x8000000000000000364233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80515544069fdb322021-12-21 10:30:41.194root 11241100x8000000000000000364234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca8a4b1e18396132021-12-21 10:30:41.194root 11241100x8000000000000000364235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ee213410a749cc62021-12-21 10:30:41.194root 11241100x8000000000000000364236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a2ad538e753a9b2021-12-21 10:30:41.194root 11241100x8000000000000000364237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad3411e9f2f498482021-12-21 10:30:41.195root 11241100x8000000000000000364238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.567acb8c0072a7b72021-12-21 10:30:41.195root 11241100x8000000000000000364239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c0a96cffe41f4d2021-12-21 10:30:41.195root 11241100x8000000000000000364240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6c18d553f5eef842021-12-21 10:30:41.196root 11241100x8000000000000000364241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00765ca95a832a152021-12-21 10:30:41.196root 11241100x8000000000000000364242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.269d76883bd6d6e42021-12-21 10:30:41.196root 11241100x8000000000000000364243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7051c115dba914a92021-12-21 10:30:41.196root 11241100x8000000000000000364244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e48d828f234db7da2021-12-21 10:30:41.196root 11241100x8000000000000000364245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd3b0cd856ba07232021-12-21 10:30:41.196root 11241100x8000000000000000364246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0439fe8f6000e51f2021-12-21 10:30:41.196root 11241100x8000000000000000364247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a4ed19bdf1dc702021-12-21 10:30:41.197root 11241100x8000000000000000364248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ac3a6874cf94f52021-12-21 10:30:41.197root 11241100x8000000000000000364249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.255b2f267fa54b882021-12-21 10:30:41.197root 11241100x8000000000000000364250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3676401bbb385a8f2021-12-21 10:30:41.197root 11241100x8000000000000000364251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8921e4a9bb480c142021-12-21 10:30:41.197root 11241100x8000000000000000364252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d846919d3c6ef752021-12-21 10:30:41.197root 11241100x8000000000000000364253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7c734e68fdffaae2021-12-21 10:30:41.197root 11241100x8000000000000000364254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f612b1817b8cb52021-12-21 10:30:41.197root 11241100x8000000000000000364255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c6ee2720fe814a42021-12-21 10:30:41.198root 11241100x8000000000000000364256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.517fc759a69f21262021-12-21 10:30:41.198root 11241100x8000000000000000364257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83269dcf8e8ef8652021-12-21 10:30:41.198root 11241100x8000000000000000364258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2884ea9d955973d12021-12-21 10:30:41.198root 11241100x8000000000000000364259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9652af5468fd4f762021-12-21 10:30:41.198root 354300x8000000000000000364260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.235{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47202-false10.0.1.12-8000- 11241100x8000000000000000364261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78d7630a038466612021-12-21 10:30:41.693root 11241100x8000000000000000364262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b7c1909dd2efbbf2021-12-21 10:30:41.693root 11241100x8000000000000000364263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.839b0659a68d870f2021-12-21 10:30:41.693root 11241100x8000000000000000364264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d502f24fa4f036362021-12-21 10:30:41.694root 11241100x8000000000000000364265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7448857b6e40a72021-12-21 10:30:41.694root 11241100x8000000000000000364266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02b23219a48b0c62021-12-21 10:30:41.694root 11241100x8000000000000000364267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd58de261c351c892021-12-21 10:30:41.695root 11241100x8000000000000000364268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.713599e5707299f62021-12-21 10:30:41.695root 11241100x8000000000000000364269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de8fa5646403e052021-12-21 10:30:41.695root 11241100x8000000000000000364270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365b50b7919de0292021-12-21 10:30:41.695root 11241100x8000000000000000364271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2588ed7dc8a4bb4f2021-12-21 10:30:41.695root 11241100x8000000000000000364272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffa3e9de72c253a2021-12-21 10:30:41.695root 11241100x8000000000000000364273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0146032b878ff542021-12-21 10:30:41.696root 11241100x8000000000000000364274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67c663d0380320102021-12-21 10:30:41.696root 11241100x8000000000000000364275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abcd0d2d388315ed2021-12-21 10:30:41.696root 11241100x8000000000000000364276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ba53194b59d21c82021-12-21 10:30:41.696root 11241100x8000000000000000364277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a53a654bcedf7592021-12-21 10:30:41.696root 11241100x8000000000000000364278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0705f2113fa5c1b12021-12-21 10:30:41.696root 11241100x8000000000000000364279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dccedce0ab55e0fb2021-12-21 10:30:41.697root 11241100x8000000000000000364280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdcf7a419d855c652021-12-21 10:30:41.697root 11241100x8000000000000000364281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d91d7608c0f425f2021-12-21 10:30:41.697root 11241100x8000000000000000364282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.331572e4477709572021-12-21 10:30:41.698root 11241100x8000000000000000364283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b969d235f9b79dc22021-12-21 10:30:41.698root 11241100x8000000000000000364284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.514e74493855614a2021-12-21 10:30:41.698root 11241100x8000000000000000364285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15490d1532d2478e2021-12-21 10:30:41.698root 11241100x8000000000000000364286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb8dc1b86ae13fa42021-12-21 10:30:41.698root 11241100x8000000000000000364287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eae66feb073aa1f12021-12-21 10:30:41.698root 11241100x8000000000000000364288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b9581a331406362021-12-21 10:30:41.698root 11241100x8000000000000000364289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6a0bda1b040c9492021-12-21 10:30:41.698root 11241100x8000000000000000364290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21e5491a5856ec782021-12-21 10:30:41.698root 11241100x8000000000000000364291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.347901ae9e95c3512021-12-21 10:30:41.699root 11241100x8000000000000000364292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:41.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d8e10cad2013fc2021-12-21 10:30:41.699root 11241100x8000000000000000364293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cf030fad1b069e2021-12-21 10:30:42.193root 11241100x8000000000000000364294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47c28f1dd90f66d72021-12-21 10:30:42.193root 11241100x8000000000000000364295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50605b0c39ca001f2021-12-21 10:30:42.193root 11241100x8000000000000000364296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b4210969851fcc72021-12-21 10:30:42.194root 11241100x8000000000000000364297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23deb4ebf3ca19442021-12-21 10:30:42.194root 11241100x8000000000000000364298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5626e8cccac77ce2021-12-21 10:30:42.194root 11241100x8000000000000000364299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c76700e289263872021-12-21 10:30:42.194root 11241100x8000000000000000364300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76ff2b815c2b3cb52021-12-21 10:30:42.194root 11241100x8000000000000000364301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68e0e9a892edb1072021-12-21 10:30:42.194root 11241100x8000000000000000364302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b974edda097592d42021-12-21 10:30:42.194root 11241100x8000000000000000364303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b821bb7956b1a632021-12-21 10:30:42.194root 11241100x8000000000000000364304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.788bee7faf1a25452021-12-21 10:30:42.194root 11241100x8000000000000000364305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ed13c83fb692e682021-12-21 10:30:42.195root 11241100x8000000000000000364306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73baeda8157ac4e72021-12-21 10:30:42.195root 11241100x8000000000000000364307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a0e464bf4425ad2021-12-21 10:30:42.195root 11241100x8000000000000000364308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77bc70d2f69f57852021-12-21 10:30:42.195root 11241100x8000000000000000364309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63efa4695e11ff9b2021-12-21 10:30:42.195root 11241100x8000000000000000364310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9332e35f42a7d4e92021-12-21 10:30:42.195root 11241100x8000000000000000364311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aae5c882dbed4b672021-12-21 10:30:42.195root 11241100x8000000000000000364312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4257cfb5ba8c20a2021-12-21 10:30:42.195root 11241100x8000000000000000364313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.993c5aff21ec9b802021-12-21 10:30:42.195root 11241100x8000000000000000364314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e4a2a7546d2e6492021-12-21 10:30:42.195root 11241100x8000000000000000364315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74e60bd8212875a42021-12-21 10:30:42.196root 11241100x8000000000000000364316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ff046e71037ee742021-12-21 10:30:42.196root 11241100x8000000000000000364317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b219e4f7f0418112021-12-21 10:30:42.196root 11241100x8000000000000000364318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae398670b67c57eb2021-12-21 10:30:42.196root 11241100x8000000000000000364319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.012a77c088c2a3df2021-12-21 10:30:42.196root 11241100x8000000000000000364320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03f516e0a44002502021-12-21 10:30:42.197root 11241100x8000000000000000364321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c106ada1b80f4a2021-12-21 10:30:42.197root 11241100x8000000000000000364322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7adca7c3b11054172021-12-21 10:30:42.197root 11241100x8000000000000000364323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf76a8548c28af72021-12-21 10:30:42.197root 11241100x8000000000000000364324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.983ee8ecb35da5df2021-12-21 10:30:42.197root 11241100x8000000000000000364325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.538ff37b396ab2be2021-12-21 10:30:42.197root 11241100x8000000000000000364326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ca615d7647da3742021-12-21 10:30:42.197root 11241100x8000000000000000364327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fc4e3e6a89010032021-12-21 10:30:42.693root 11241100x8000000000000000364328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1954f92a05a8dfdf2021-12-21 10:30:42.693root 11241100x8000000000000000364329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad55b8f38db0604f2021-12-21 10:30:42.693root 11241100x8000000000000000364330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3bec1e85a55ee42021-12-21 10:30:42.693root 11241100x8000000000000000364331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a92085b6d889ad822021-12-21 10:30:42.694root 11241100x8000000000000000364332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c9305cd0149fdb2021-12-21 10:30:42.694root 11241100x8000000000000000364333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b33a300264526cad2021-12-21 10:30:42.694root 11241100x8000000000000000364334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e47d87ea051ffd12021-12-21 10:30:42.694root 11241100x8000000000000000364335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce5e78fdf60c43932021-12-21 10:30:42.694root 11241100x8000000000000000364336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a7ac18c40e6b7282021-12-21 10:30:42.694root 11241100x8000000000000000364337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9baef14e6ecb9a2021-12-21 10:30:42.694root 11241100x8000000000000000364338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f209d2d8ec33c13a2021-12-21 10:30:42.695root 11241100x8000000000000000364339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9296fb44db68e4f02021-12-21 10:30:42.695root 11241100x8000000000000000364340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.080b0a0e66dc5c0a2021-12-21 10:30:42.695root 11241100x8000000000000000364341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b70a265b63f9cd32021-12-21 10:30:42.695root 11241100x8000000000000000364342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e404a8a84bbf0ed2021-12-21 10:30:42.695root 11241100x8000000000000000364343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c2f2445c9222502021-12-21 10:30:42.695root 11241100x8000000000000000364344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9cbd441a43f82462021-12-21 10:30:42.695root 11241100x8000000000000000364345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dec2169835460d3a2021-12-21 10:30:42.695root 11241100x8000000000000000364346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb07cb0286fd7502021-12-21 10:30:42.695root 11241100x8000000000000000364347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0606e8c6820a4aca2021-12-21 10:30:42.696root 11241100x8000000000000000364348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a31f02b6a53f152021-12-21 10:30:42.696root 11241100x8000000000000000364349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8686af55ad2186912021-12-21 10:30:42.696root 11241100x8000000000000000364350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8842b6360560e042021-12-21 10:30:42.696root 11241100x8000000000000000364351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3457eba431b503322021-12-21 10:30:42.696root 11241100x8000000000000000364352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40cd44a2782fb8582021-12-21 10:30:42.696root 11241100x8000000000000000364353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.072f290bd4e6b55f2021-12-21 10:30:42.696root 11241100x8000000000000000364354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23a4fbf99ff5035d2021-12-21 10:30:42.696root 11241100x8000000000000000364355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b6c50db82525c682021-12-21 10:30:42.696root 11241100x8000000000000000364356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24ff73e0272e72772021-12-21 10:30:42.696root 11241100x8000000000000000364357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:42.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cafd7f1882c40cb2021-12-21 10:30:42.697root 11241100x8000000000000000364358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95b76f7fb1b48ea92021-12-21 10:30:43.193root 11241100x8000000000000000364359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1a0752bbf2ea5ab2021-12-21 10:30:43.194root 11241100x8000000000000000364360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45ef7e7587080bbc2021-12-21 10:30:43.194root 11241100x8000000000000000364361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0e8af3639c6711f2021-12-21 10:30:43.194root 11241100x8000000000000000364362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d0253d792fa00742021-12-21 10:30:43.194root 11241100x8000000000000000364363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc739ed5561e2f112021-12-21 10:30:43.195root 11241100x8000000000000000364364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d230d5e5485ee6c2021-12-21 10:30:43.195root 11241100x8000000000000000364365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10db3f3f4302ca9c2021-12-21 10:30:43.195root 11241100x8000000000000000364366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9d9ece1a48ef9102021-12-21 10:30:43.195root 11241100x8000000000000000364367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.831fc76ee830d9462021-12-21 10:30:43.196root 11241100x8000000000000000364368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fa9a17d1081f8322021-12-21 10:30:43.196root 11241100x8000000000000000364369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.760776e47c98fb922021-12-21 10:30:43.196root 11241100x8000000000000000364370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32c6b88c304a828b2021-12-21 10:30:43.196root 11241100x8000000000000000364371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cbf634aed4b9bf02021-12-21 10:30:43.197root 11241100x8000000000000000364372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.574d881bb15bb9692021-12-21 10:30:43.197root 11241100x8000000000000000364373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58046876f9742a42021-12-21 10:30:43.197root 11241100x8000000000000000364374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7de1bbb44706d15a2021-12-21 10:30:43.197root 11241100x8000000000000000364375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91f41b650cb3fe872021-12-21 10:30:43.197root 11241100x8000000000000000364376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fc021bce76b71052021-12-21 10:30:43.198root 11241100x8000000000000000364377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db0263bc4a5a35a92021-12-21 10:30:43.198root 11241100x8000000000000000364378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a91620c278cb3ec2021-12-21 10:30:43.198root 11241100x8000000000000000364379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f185a77af12539e2021-12-21 10:30:43.198root 11241100x8000000000000000364380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9569feeb3dd1b43c2021-12-21 10:30:43.199root 11241100x8000000000000000364381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24be98b5b5fc6b52021-12-21 10:30:43.199root 11241100x8000000000000000364382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62c56e8f3e94881f2021-12-21 10:30:43.199root 11241100x8000000000000000364383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30f7db638afb4212021-12-21 10:30:43.199root 11241100x8000000000000000364384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f66ddce164674192021-12-21 10:30:43.199root 11241100x8000000000000000364385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7e14a4eac42b9b2021-12-21 10:30:43.199root 11241100x8000000000000000364386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c28c1cd373ffba2021-12-21 10:30:43.692root 11241100x8000000000000000364387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36258d650aa7bd722021-12-21 10:30:43.693root 11241100x8000000000000000364388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b707aff6b2fa912021-12-21 10:30:43.693root 11241100x8000000000000000364389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c42e80250d558d452021-12-21 10:30:43.693root 11241100x8000000000000000364390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365bd520b32b318e2021-12-21 10:30:43.693root 11241100x8000000000000000364391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cace54171a912a3b2021-12-21 10:30:43.693root 11241100x8000000000000000364392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93790975cc0f35062021-12-21 10:30:43.693root 11241100x8000000000000000364393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f450e810dcd27062021-12-21 10:30:43.693root 11241100x8000000000000000364394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.274e4c689ecd619a2021-12-21 10:30:43.693root 11241100x8000000000000000364395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.982404e56d86e4b62021-12-21 10:30:43.693root 11241100x8000000000000000364396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5b164565bc25a02021-12-21 10:30:43.694root 11241100x8000000000000000364397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.546dd1623270ed1b2021-12-21 10:30:43.694root 11241100x8000000000000000364398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b98e1ac02dcdce2021-12-21 10:30:43.694root 11241100x8000000000000000364399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd3e97f88344be2f2021-12-21 10:30:43.694root 11241100x8000000000000000364400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce32f618dcf97a472021-12-21 10:30:43.694root 11241100x8000000000000000364401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2afec00fe0e6899e2021-12-21 10:30:43.694root 11241100x8000000000000000364402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7996a0eab6567a42021-12-21 10:30:43.694root 11241100x8000000000000000364403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94503116eb18f5132021-12-21 10:30:43.694root 11241100x8000000000000000364404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fcfae94f093de652021-12-21 10:30:43.694root 11241100x8000000000000000364405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b85eb57533c4ec12021-12-21 10:30:43.694root 11241100x8000000000000000364406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc3a6f842b86700a2021-12-21 10:30:43.695root 11241100x8000000000000000364407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aef3b83eed6103382021-12-21 10:30:43.695root 11241100x8000000000000000364408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca79342c64428b72021-12-21 10:30:43.695root 11241100x8000000000000000364409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1aeacf71c8b778e2021-12-21 10:30:43.695root 11241100x8000000000000000364410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd1a669c82b6b6a32021-12-21 10:30:43.695root 11241100x8000000000000000364411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07577bd3b3653f822021-12-21 10:30:43.695root 11241100x8000000000000000364412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23dac3f8b4b7e8a02021-12-21 10:30:43.696root 11241100x8000000000000000364413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.177a6422b6135ce62021-12-21 10:30:43.696root 11241100x8000000000000000364414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed2caff304cf0632021-12-21 10:30:43.696root 11241100x8000000000000000364415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51b02bf37c9436d82021-12-21 10:30:43.696root 11241100x8000000000000000364416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768862863f6465442021-12-21 10:30:43.696root 11241100x8000000000000000364417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abf04a4465045ffa2021-12-21 10:30:43.696root 11241100x8000000000000000364418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6121c7bcdb72b20f2021-12-21 10:30:43.696root 11241100x8000000000000000364419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2573de8b549c56722021-12-21 10:30:43.696root 11241100x8000000000000000364420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec35e07d8e708ddc2021-12-21 10:30:43.697root 11241100x8000000000000000364421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b9807da908b27e82021-12-21 10:30:43.697root 11241100x8000000000000000364422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6591994112b6396b2021-12-21 10:30:43.697root 11241100x8000000000000000364423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fb035a61b8f66a02021-12-21 10:30:43.697root 11241100x8000000000000000364424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe02de9f82cb75a22021-12-21 10:30:43.697root 11241100x8000000000000000364425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95142997a97484a72021-12-21 10:30:43.697root 11241100x8000000000000000364426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f3a58b1f25368762021-12-21 10:30:43.697root 11241100x8000000000000000364427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7f2f639ae783fd42021-12-21 10:30:43.698root 11241100x8000000000000000364428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54caeaa0accc69d82021-12-21 10:30:43.698root 11241100x8000000000000000364429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e44c78af0040be2021-12-21 10:30:43.698root 11241100x8000000000000000364430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc0751ccf882a94e2021-12-21 10:30:43.698root 11241100x8000000000000000364431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0562c7c810221f2021-12-21 10:30:43.698root 11241100x8000000000000000364432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f8d49d4d56f2d2f2021-12-21 10:30:43.698root 11241100x8000000000000000364433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8420768a5ddd78692021-12-21 10:30:43.698root 11241100x8000000000000000364434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e8401d8989f4e9d2021-12-21 10:30:43.698root 11241100x8000000000000000364435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c5136394e5fc4d2021-12-21 10:30:43.699root 11241100x8000000000000000364436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e4a6c82dd969272021-12-21 10:30:43.699root 11241100x8000000000000000364437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada9b65c843570752021-12-21 10:30:43.699root 11241100x8000000000000000364438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b7e35682bbc356a2021-12-21 10:30:43.699root 11241100x8000000000000000364439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:43.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1a498f842c40d12021-12-21 10:30:43.699root 11241100x8000000000000000364440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8086b6b1607873e52021-12-21 10:30:44.193root 11241100x8000000000000000364441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dee802f4e5c69a82021-12-21 10:30:44.193root 11241100x8000000000000000364442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ea6195b2c821ad92021-12-21 10:30:44.193root 11241100x8000000000000000364443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.322d4fe288a79e992021-12-21 10:30:44.193root 11241100x8000000000000000364444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2a95be650b21286a2021-12-21 10:30:44.193root 11241100x8000000000000000364445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6b60dd2711abc9e2021-12-21 10:30:44.193root 11241100x8000000000000000364446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b79ba6fc0311b5a72021-12-21 10:30:44.193root 11241100x8000000000000000364447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a688ebd6eea32c282021-12-21 10:30:44.194root 11241100x8000000000000000364448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71ccb8d32c96437f2021-12-21 10:30:44.194root 11241100x8000000000000000364449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a9b3a521cc92f902021-12-21 10:30:44.194root 11241100x8000000000000000364450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3f568e7c0e57992021-12-21 10:30:44.194root 11241100x8000000000000000364451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f0d8cc90e26ae0c2021-12-21 10:30:44.194root 11241100x8000000000000000364452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02b84ce4931f92352021-12-21 10:30:44.194root 11241100x8000000000000000364453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d099312bfc129bf2021-12-21 10:30:44.194root 11241100x8000000000000000364454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4941fe4c7e5d362021-12-21 10:30:44.194root 11241100x8000000000000000364455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.136d90fd4015e7892021-12-21 10:30:44.194root 11241100x8000000000000000364456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18a2f418595025332021-12-21 10:30:44.195root 11241100x8000000000000000364457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b730a136577eb9f2021-12-21 10:30:44.195root 11241100x8000000000000000364458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28feb9bd1a247cc2021-12-21 10:30:44.195root 11241100x8000000000000000364459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4073f68bea74e0132021-12-21 10:30:44.195root 11241100x8000000000000000364460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60dd0282c9c0d2032021-12-21 10:30:44.195root 11241100x8000000000000000364461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984cb9da70efd9fa2021-12-21 10:30:44.195root 11241100x8000000000000000364462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7fc176c0e992c22021-12-21 10:30:44.195root 11241100x8000000000000000364463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fdb01b3a1c4c0f32021-12-21 10:30:44.195root 11241100x8000000000000000364464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.116331bfdc34d7342021-12-21 10:30:44.195root 11241100x8000000000000000364465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af1374c1f049bc8b2021-12-21 10:30:44.195root 11241100x8000000000000000364466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f28b5811d9ee119f2021-12-21 10:30:44.196root 11241100x8000000000000000364467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c9bd670c0762c3a2021-12-21 10:30:44.196root 11241100x8000000000000000364468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a06d63a9ecf2ac2021-12-21 10:30:44.196root 11241100x8000000000000000364469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f261e7a2e6b6fb72021-12-21 10:30:44.196root 11241100x8000000000000000364470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3b68c2c174b0c822021-12-21 10:30:44.196root 11241100x8000000000000000364471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617a34cde4b95b4a2021-12-21 10:30:44.196root 11241100x8000000000000000364472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcf7c3837eab25d2021-12-21 10:30:44.196root 11241100x8000000000000000364473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc281af589379f6b2021-12-21 10:30:44.196root 11241100x8000000000000000364474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94529963910a15652021-12-21 10:30:44.196root 11241100x8000000000000000364475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6b61fbca8d6ca1c2021-12-21 10:30:44.196root 11241100x8000000000000000364476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f586394031bda3ca2021-12-21 10:30:44.196root 11241100x8000000000000000364477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802932772f2f06952021-12-21 10:30:44.196root 11241100x8000000000000000364478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44078921ba5e1ddc2021-12-21 10:30:44.197root 11241100x8000000000000000364479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09fac9b36c4519a92021-12-21 10:30:44.197root 11241100x8000000000000000364480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.219f0a4fcab2690d2021-12-21 10:30:44.197root 11241100x8000000000000000364481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e315eb7f787713162021-12-21 10:30:44.197root 11241100x8000000000000000364482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc1665d0dcdea962021-12-21 10:30:44.197root 11241100x8000000000000000364483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16fecd3a9c8c73d72021-12-21 10:30:44.197root 11241100x8000000000000000364484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b924bc988d68a9912021-12-21 10:30:44.197root 11241100x8000000000000000364485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.708306a7e49856382021-12-21 10:30:44.197root 11241100x8000000000000000364486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26ae83fd564674752021-12-21 10:30:44.197root 11241100x8000000000000000364487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d94e280ca878d452021-12-21 10:30:44.197root 11241100x8000000000000000364488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c69e159ea1208c42021-12-21 10:30:44.197root 11241100x8000000000000000364489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0027203bcbca06d2021-12-21 10:30:44.693root 11241100x8000000000000000364490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.688316f470b686ff2021-12-21 10:30:44.693root 11241100x8000000000000000364491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.017ac59759d172be2021-12-21 10:30:44.694root 11241100x8000000000000000364492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5ee28aa9ac90deb2021-12-21 10:30:44.694root 11241100x8000000000000000364493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17d8168a8b21408c2021-12-21 10:30:44.694root 11241100x8000000000000000364494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f996f2f1ecbd93002021-12-21 10:30:44.694root 11241100x8000000000000000364495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41b34f7a4448a0272021-12-21 10:30:44.694root 11241100x8000000000000000364496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed5e1d8186d2afd12021-12-21 10:30:44.694root 11241100x8000000000000000364497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf5b1104c6d55ce42021-12-21 10:30:44.695root 11241100x8000000000000000364498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.334c721d1dd93e082021-12-21 10:30:44.695root 11241100x8000000000000000364499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe99f1762532c3d92021-12-21 10:30:44.695root 11241100x8000000000000000364500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead5f643b59ea3ed2021-12-21 10:30:44.695root 11241100x8000000000000000364501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a74b0f03e8bf3d72021-12-21 10:30:44.695root 11241100x8000000000000000364502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d155fcbe806aaf12021-12-21 10:30:44.695root 11241100x8000000000000000364503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaa367b51be0f8c92021-12-21 10:30:44.695root 11241100x8000000000000000364504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fe4e9c89fa48dcc2021-12-21 10:30:44.696root 11241100x8000000000000000364505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.413f29c45ca8662f2021-12-21 10:30:44.696root 11241100x8000000000000000364506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5691b7e1972eb0822021-12-21 10:30:44.696root 11241100x8000000000000000364507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abd476ef3bd6beac2021-12-21 10:30:44.696root 11241100x8000000000000000364508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a7679d72aae363a2021-12-21 10:30:44.696root 11241100x8000000000000000364509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9adeb3e035b6d4162021-12-21 10:30:44.696root 11241100x8000000000000000364510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02963708485992c12021-12-21 10:30:44.697root 11241100x8000000000000000364511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f6484e3587dd4442021-12-21 10:30:44.697root 11241100x8000000000000000364512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05d756d980e9afee2021-12-21 10:30:44.697root 11241100x8000000000000000364513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011ac10d7719e5682021-12-21 10:30:44.697root 11241100x8000000000000000364514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d80cc5375724211e2021-12-21 10:30:44.697root 11241100x8000000000000000364515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362016a3bfe0d8992021-12-21 10:30:44.697root 11241100x8000000000000000364516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:44.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3f3479ac949c7162021-12-21 10:30:44.697root 11241100x8000000000000000364517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.752a5d937e5dbc082021-12-21 10:30:45.193root 11241100x8000000000000000364518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1cb21c8e6d1cc2d2021-12-21 10:30:45.193root 11241100x8000000000000000364519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e642d40fdf49258e2021-12-21 10:30:45.193root 11241100x8000000000000000364520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa0ceb51580dbc2c2021-12-21 10:30:45.193root 11241100x8000000000000000364521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e843749082916562021-12-21 10:30:45.193root 11241100x8000000000000000364522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f66066e933080b632021-12-21 10:30:45.193root 11241100x8000000000000000364523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c15bde0280d8c5d2021-12-21 10:30:45.194root 11241100x8000000000000000364524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4723af7deb92d642021-12-21 10:30:45.194root 11241100x8000000000000000364525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8aab1ef91a6ef6a2021-12-21 10:30:45.194root 11241100x8000000000000000364526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16b4223c4053eff72021-12-21 10:30:45.194root 11241100x8000000000000000364527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9866190a34c083b2021-12-21 10:30:45.194root 11241100x8000000000000000364528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2cd17871e1ed4dc2021-12-21 10:30:45.194root 11241100x8000000000000000364529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a6d7187fc40a4e22021-12-21 10:30:45.194root 11241100x8000000000000000364530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2217c1ed3d9fc8b2021-12-21 10:30:45.194root 11241100x8000000000000000364531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a21f22fc6470b1c32021-12-21 10:30:45.194root 11241100x8000000000000000364532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a165851500035dfa2021-12-21 10:30:45.195root 11241100x8000000000000000364533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e94df6d65d03c9c92021-12-21 10:30:45.195root 11241100x8000000000000000364534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b802f6812cd688ce2021-12-21 10:30:45.195root 11241100x8000000000000000364535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bc2c4cbb3c919202021-12-21 10:30:45.195root 11241100x8000000000000000364536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b444b275bf98de62021-12-21 10:30:45.196root 11241100x8000000000000000364537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fbe12f3a0ae0eee12021-12-21 10:30:45.196root 11241100x8000000000000000364538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b503e8a772467ba2021-12-21 10:30:45.196root 11241100x8000000000000000364539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bda2a7d92577680c2021-12-21 10:30:45.196root 11241100x8000000000000000364540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab143618491ce142021-12-21 10:30:45.197root 11241100x8000000000000000364541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e2f96c1e743ed292021-12-21 10:30:45.197root 11241100x8000000000000000364542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd7ef2ff82813532021-12-21 10:30:45.198root 11241100x8000000000000000364543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8814000c59f8c15a2021-12-21 10:30:45.198root 11241100x8000000000000000364544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.235dffb2b01678d72021-12-21 10:30:45.198root 11241100x8000000000000000364545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47dcc0cddb7452e02021-12-21 10:30:45.198root 11241100x8000000000000000364546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9723898cf983ff2021-12-21 10:30:45.198root 11241100x8000000000000000364547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da17908d7b9eaf7a2021-12-21 10:30:45.199root 11241100x8000000000000000364548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2159d227fd37b642021-12-21 10:30:45.199root 11241100x8000000000000000364549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2020ec4b75f8182021-12-21 10:30:45.199root 11241100x8000000000000000364550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cac0ee3cf58f4892021-12-21 10:30:45.199root 11241100x8000000000000000364551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8485df412d88a3d2021-12-21 10:30:45.199root 11241100x8000000000000000364552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20b688f723fa46292021-12-21 10:30:45.200root 11241100x8000000000000000364553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b41844ed59c74d8d2021-12-21 10:30:45.200root 11241100x8000000000000000364554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b647220a7d31a9222021-12-21 10:30:45.200root 11241100x8000000000000000364555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a3806f9070c07f82021-12-21 10:30:45.200root 11241100x8000000000000000364556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e60127a0403cfb132021-12-21 10:30:45.200root 11241100x8000000000000000364557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e19a5fb6d369cc7f2021-12-21 10:30:45.201root 11241100x8000000000000000364558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.042c0d2e83192f432021-12-21 10:30:45.201root 11241100x8000000000000000364559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5ecef428eee93d42021-12-21 10:30:45.202root 11241100x8000000000000000364560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f4d83d9fbd407ea2021-12-21 10:30:45.202root 11241100x8000000000000000364561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.241da60ad00e1bc42021-12-21 10:30:45.202root 11241100x8000000000000000364562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e10718ea02cb5d92021-12-21 10:30:45.693root 11241100x8000000000000000364563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0285c3c1ab93f84b2021-12-21 10:30:45.693root 11241100x8000000000000000364564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2138fc441e536f822021-12-21 10:30:45.693root 11241100x8000000000000000364565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30907bdc9a104e6c2021-12-21 10:30:45.694root 11241100x8000000000000000364566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d975989dc3a7802021-12-21 10:30:45.694root 11241100x8000000000000000364567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b4cf62231177252021-12-21 10:30:45.694root 11241100x8000000000000000364568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.341481be5c6266642021-12-21 10:30:45.694root 11241100x8000000000000000364569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f4a795aa2f694082021-12-21 10:30:45.695root 11241100x8000000000000000364570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d987f93a3ab86632021-12-21 10:30:45.695root 11241100x8000000000000000364571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71818b9d8152d28f2021-12-21 10:30:45.695root 11241100x8000000000000000364572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd3157d5acb309f2021-12-21 10:30:45.695root 11241100x8000000000000000364573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e710d53861984562021-12-21 10:30:45.695root 11241100x8000000000000000364574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6cea8eef256e02a2021-12-21 10:30:45.696root 11241100x8000000000000000364575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d741632ce48648562021-12-21 10:30:45.696root 11241100x8000000000000000364576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d006d77c25044832021-12-21 10:30:45.696root 11241100x8000000000000000364577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4df1482623473ab2021-12-21 10:30:45.696root 11241100x8000000000000000364578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51dbaa8ef3076c9e2021-12-21 10:30:45.696root 11241100x8000000000000000364579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d67a1acfbef978762021-12-21 10:30:45.696root 11241100x8000000000000000364580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d4e45de0947cc52021-12-21 10:30:45.696root 11241100x8000000000000000364581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e93d5c831446b022021-12-21 10:30:45.696root 11241100x8000000000000000364582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e4b1ec3c23032e2021-12-21 10:30:45.696root 11241100x8000000000000000364583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16bcb0f9b845eef32021-12-21 10:30:45.696root 11241100x8000000000000000364584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06c38d0f3163d7d42021-12-21 10:30:45.696root 11241100x8000000000000000364585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9431693b3b18dcdb2021-12-21 10:30:45.696root 11241100x8000000000000000364586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113bd3ea6db5b5d82021-12-21 10:30:45.697root 11241100x8000000000000000364587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ead38243036a902021-12-21 10:30:45.697root 11241100x8000000000000000364588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c6687a7ec81c262021-12-21 10:30:45.697root 11241100x8000000000000000364589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ef68ce2efe2a922021-12-21 10:30:45.697root 11241100x8000000000000000364590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53bc85db908fd4002021-12-21 10:30:45.697root 11241100x8000000000000000364591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53a05e2a21c86a652021-12-21 10:30:45.697root 11241100x8000000000000000364592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6bf51103460c252021-12-21 10:30:45.697root 11241100x8000000000000000364593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:45.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557ff6181e1b4ea02021-12-21 10:30:45.697root 11241100x8000000000000000364594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7719b07f03d1e30e2021-12-21 10:30:46.193root 11241100x8000000000000000364595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452718b490946ee12021-12-21 10:30:46.194root 11241100x8000000000000000364596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc5a81c557f6191b2021-12-21 10:30:46.194root 11241100x8000000000000000364597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dba606855286e4b2021-12-21 10:30:46.194root 11241100x8000000000000000364598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3535f63dd4a398ee2021-12-21 10:30:46.194root 11241100x8000000000000000364599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0383b2d080d6d8a42021-12-21 10:30:46.194root 11241100x8000000000000000364600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faa5295d3eceebb52021-12-21 10:30:46.194root 11241100x8000000000000000364601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f5de00730bc3902021-12-21 10:30:46.194root 11241100x8000000000000000364602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87d1989f839056192021-12-21 10:30:46.194root 11241100x8000000000000000364603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdb2480d8bab82d12021-12-21 10:30:46.194root 11241100x8000000000000000364604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbc4b25482ce4c402021-12-21 10:30:46.194root 11241100x8000000000000000364605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.971bd22e77d1c72b2021-12-21 10:30:46.194root 11241100x8000000000000000364606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00585e73d22b89292021-12-21 10:30:46.194root 11241100x8000000000000000364607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6366d4c9960f42df2021-12-21 10:30:46.194root 11241100x8000000000000000364608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea49b9801f9718d2021-12-21 10:30:46.195root 11241100x8000000000000000364609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e2cc09cc62e6f972021-12-21 10:30:46.195root 11241100x8000000000000000364610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca50fe4af06b570a2021-12-21 10:30:46.195root 11241100x8000000000000000364611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.778cfd45a18966502021-12-21 10:30:46.195root 11241100x8000000000000000364612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45d8ad4fd690c3ca2021-12-21 10:30:46.195root 11241100x8000000000000000364613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb98b6289e48abe2021-12-21 10:30:46.195root 11241100x8000000000000000364614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93398cf4c6fb45c22021-12-21 10:30:46.195root 11241100x8000000000000000364615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6866ccca095588932021-12-21 10:30:46.195root 11241100x8000000000000000364616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b26334973f78822021-12-21 10:30:46.195root 11241100x8000000000000000364617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f59af4547184e372021-12-21 10:30:46.196root 11241100x8000000000000000364618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2daa71546576ba42021-12-21 10:30:46.196root 11241100x8000000000000000364619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae4a076f6d184d02021-12-21 10:30:46.196root 11241100x8000000000000000364620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7293186aa5d1b4f2021-12-21 10:30:46.196root 11241100x8000000000000000364621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d39ea0aa4dbeccc52021-12-21 10:30:46.197root 11241100x8000000000000000364622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac59c624024d42212021-12-21 10:30:46.692root 11241100x8000000000000000364623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88901f15f847855b2021-12-21 10:30:46.693root 11241100x8000000000000000364624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.433f998ffcf4ea052021-12-21 10:30:46.693root 11241100x8000000000000000364625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab1cc5008c8608f2021-12-21 10:30:46.693root 11241100x8000000000000000364626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b325720e63a6622021-12-21 10:30:46.693root 11241100x8000000000000000364627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dcaffe8b338dca42021-12-21 10:30:46.693root 11241100x8000000000000000364628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee35b5e9838f87a2021-12-21 10:30:46.693root 11241100x8000000000000000364629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5533b8edb4ff65cb2021-12-21 10:30:46.693root 11241100x8000000000000000364630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9901f8b72d08a5bc2021-12-21 10:30:46.693root 11241100x8000000000000000364631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24e467f45819a22b2021-12-21 10:30:46.693root 11241100x8000000000000000364632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373b9e6a1ea1f8a72021-12-21 10:30:46.694root 11241100x8000000000000000364633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e91cbd0ddcf49f72021-12-21 10:30:46.694root 11241100x8000000000000000364634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf6985687001f122021-12-21 10:30:46.694root 11241100x8000000000000000364635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8c3f63b6f32fcda2021-12-21 10:30:46.694root 11241100x8000000000000000364636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14547790912ac91a2021-12-21 10:30:46.695root 11241100x8000000000000000364637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d742a60631dedb9b2021-12-21 10:30:46.695root 11241100x8000000000000000364638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3931d92c6db79c022021-12-21 10:30:46.695root 11241100x8000000000000000364639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd953c237b55164a2021-12-21 10:30:46.695root 11241100x8000000000000000364640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d586002f536107c2021-12-21 10:30:46.695root 11241100x8000000000000000364641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a07e9109b75dcfe52021-12-21 10:30:46.695root 11241100x8000000000000000364642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a4659bf3338d8592021-12-21 10:30:46.696root 11241100x8000000000000000364643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4816d6aafdeb406d2021-12-21 10:30:46.696root 11241100x8000000000000000364644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c8e73934447136a2021-12-21 10:30:46.696root 11241100x8000000000000000364645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.528306f21d7d1d2f2021-12-21 10:30:46.696root 11241100x8000000000000000364646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.303f4b604b2fda7c2021-12-21 10:30:46.696root 11241100x8000000000000000364647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1709e69b5a4cfa142021-12-21 10:30:46.696root 11241100x8000000000000000364648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8babd35772dd4e72021-12-21 10:30:46.696root 11241100x8000000000000000364649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b875b9fdf2463732021-12-21 10:30:46.696root 11241100x8000000000000000364650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04465b7f016c0ad82021-12-21 10:30:46.696root 11241100x8000000000000000364651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d458ad6b8a797d82021-12-21 10:30:46.696root 11241100x8000000000000000364652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3020aeeff75e74dc2021-12-21 10:30:46.697root 11241100x8000000000000000364653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55c55dfb6ed28a942021-12-21 10:30:46.697root 11241100x8000000000000000364654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f8fec6aff80f49b2021-12-21 10:30:46.697root 11241100x8000000000000000364655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39c33451a18ca3222021-12-21 10:30:46.697root 11241100x8000000000000000364656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a4d03cb3c101b92021-12-21 10:30:46.698root 11241100x8000000000000000364657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a090b8010af90a92021-12-21 10:30:46.698root 11241100x8000000000000000364658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b87c393481bf1112021-12-21 10:30:46.698root 11241100x8000000000000000364659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edff1dd04dc2eb9b2021-12-21 10:30:46.698root 11241100x8000000000000000364660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9cf68b1eaee1ae2021-12-21 10:30:46.698root 11241100x8000000000000000364661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc2f0a967fb0e3c62021-12-21 10:30:46.699root 11241100x8000000000000000364662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a520b02bb6667c6c2021-12-21 10:30:46.699root 11241100x8000000000000000364663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d55ad2087775d6592021-12-21 10:30:46.699root 11241100x8000000000000000364664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7147f5f420c6af852021-12-21 10:30:46.699root 11241100x8000000000000000364665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:46.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95d941798d87c9592021-12-21 10:30:46.699root 354300x8000000000000000364666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.121{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47204-false10.0.1.12-8000- 11241100x8000000000000000364667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.087c160c5ebb653f2021-12-21 10:30:47.122root 11241100x8000000000000000364668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec341982f072f2b72021-12-21 10:30:47.122root 11241100x8000000000000000364669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8a7ef9b67363242021-12-21 10:30:47.122root 11241100x8000000000000000364670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.122{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e25eadeba8f4dc92021-12-21 10:30:47.122root 11241100x8000000000000000364671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9bec7686c427fa12021-12-21 10:30:47.123root 11241100x8000000000000000364672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70c78139f1b878252021-12-21 10:30:47.123root 11241100x8000000000000000364673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a01ee3f8b72dfd52021-12-21 10:30:47.123root 11241100x8000000000000000364674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.123{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db5e3cec4546735e2021-12-21 10:30:47.123root 11241100x8000000000000000364675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30822fcf6e901e8c2021-12-21 10:30:47.124root 11241100x8000000000000000364676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2310e9a4758f683e2021-12-21 10:30:47.124root 11241100x8000000000000000364677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1992028e8d14da9f2021-12-21 10:30:47.124root 11241100x8000000000000000364678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1af0b44a0899cd72021-12-21 10:30:47.124root 11241100x8000000000000000364679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df244da1702a0662021-12-21 10:30:47.124root 11241100x8000000000000000364680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46e855b9b58fa3982021-12-21 10:30:47.124root 11241100x8000000000000000364681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f40cd317230a6692021-12-21 10:30:47.124root 11241100x8000000000000000364682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.124{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c97fbf830a36942021-12-21 10:30:47.124root 11241100x8000000000000000364683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f18a2d2e903bc5c82021-12-21 10:30:47.125root 11241100x8000000000000000364684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.822a0c61d841f06f2021-12-21 10:30:47.125root 11241100x8000000000000000364685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f23d8907055d53c62021-12-21 10:30:47.125root 11241100x8000000000000000364686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dff20d97cd8116f92021-12-21 10:30:47.125root 11241100x8000000000000000364687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.afe1752459fce68c2021-12-21 10:30:47.125root 11241100x8000000000000000364688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f8ef8a8dfe87e172021-12-21 10:30:47.125root 11241100x8000000000000000364689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d756f12b1e4dc8e2021-12-21 10:30:47.125root 11241100x8000000000000000364690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654e9b26a5e1abdb2021-12-21 10:30:47.125root 11241100x8000000000000000364691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c2dd7de7bfbcbd2021-12-21 10:30:47.125root 11241100x8000000000000000364692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.125{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c17e974906c60a2021-12-21 10:30:47.125root 11241100x8000000000000000364693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e92f80e57f0b3982021-12-21 10:30:47.126root 11241100x8000000000000000364694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67bab5569c9a54212021-12-21 10:30:47.126root 11241100x8000000000000000364695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14c7138050322812021-12-21 10:30:47.126root 11241100x8000000000000000364696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c34b5b539072032021-12-21 10:30:47.126root 11241100x8000000000000000364697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d194ebaa528e56cd2021-12-21 10:30:47.126root 11241100x8000000000000000364698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d7bbc6e4cfd4c382021-12-21 10:30:47.126root 11241100x8000000000000000364699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8829be05f77393ee2021-12-21 10:30:47.126root 11241100x8000000000000000364700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13ce70bdd60f54e22021-12-21 10:30:47.126root 11241100x8000000000000000364701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.126{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98a3aa8569d5ccd12021-12-21 10:30:47.126root 11241100x8000000000000000364702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88a54086fd9636102021-12-21 10:30:47.443root 11241100x8000000000000000364703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184a0311e96b54452021-12-21 10:30:47.443root 11241100x8000000000000000364704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142083835a1f63382021-12-21 10:30:47.444root 11241100x8000000000000000364705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c55df0c3ed1cd1f22021-12-21 10:30:47.444root 11241100x8000000000000000364706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03d9835a88cdaf672021-12-21 10:30:47.444root 11241100x8000000000000000364707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92a7bbaa4ae6abc22021-12-21 10:30:47.445root 11241100x8000000000000000364708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d74e54ee47dbd222021-12-21 10:30:47.445root 11241100x8000000000000000364709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e43e4567eeede0ff2021-12-21 10:30:47.445root 11241100x8000000000000000364710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51080e9637b044422021-12-21 10:30:47.445root 11241100x8000000000000000364711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e954abc41d7a9b2021-12-21 10:30:47.446root 11241100x8000000000000000364712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8aee141940fb1252021-12-21 10:30:47.446root 11241100x8000000000000000364713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a791be3bc85bcd62021-12-21 10:30:47.446root 11241100x8000000000000000364714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ef6dce641f49f6b2021-12-21 10:30:47.446root 11241100x8000000000000000364715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71c0d9afcb31b1832021-12-21 10:30:47.446root 11241100x8000000000000000364716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1ce174be67d17d72021-12-21 10:30:47.446root 11241100x8000000000000000364717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74203cef424372912021-12-21 10:30:47.446root 11241100x8000000000000000364718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56341487f05d05402021-12-21 10:30:47.446root 11241100x8000000000000000364719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5747897276ec487e2021-12-21 10:30:47.446root 11241100x8000000000000000364720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.590ef98f74c449c52021-12-21 10:30:47.447root 11241100x8000000000000000364721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5be82dda911606fe2021-12-21 10:30:47.447root 11241100x8000000000000000364722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5cd113b3de6eab62021-12-21 10:30:47.447root 11241100x8000000000000000364723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.061b6825a267a8da2021-12-21 10:30:47.447root 11241100x8000000000000000364724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.951e886b4b0e7daf2021-12-21 10:30:47.447root 11241100x8000000000000000364725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f8c38278c6cf60e2021-12-21 10:30:47.447root 11241100x8000000000000000364726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821525ac223ee7a92021-12-21 10:30:47.447root 11241100x8000000000000000364727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b0a2b081ca22a5f72021-12-21 10:30:47.447root 11241100x8000000000000000364728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd261fd3aeebabae2021-12-21 10:30:47.447root 11241100x8000000000000000364729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acd6aeaf8624ece62021-12-21 10:30:47.448root 11241100x8000000000000000364730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1c39859ba1c11b22021-12-21 10:30:47.448root 11241100x8000000000000000364731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df59c1c106cf4e442021-12-21 10:30:47.448root 11241100x8000000000000000364732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4d83e0582608142021-12-21 10:30:47.448root 11241100x8000000000000000364733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbac68c25e60db652021-12-21 10:30:47.943root 11241100x8000000000000000364734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50be94d65d5697ba2021-12-21 10:30:47.943root 11241100x8000000000000000364735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5777575574b096002021-12-21 10:30:47.943root 11241100x8000000000000000364736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a20332052c39b612021-12-21 10:30:47.943root 11241100x8000000000000000364737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.467d77ca47b993cc2021-12-21 10:30:47.943root 11241100x8000000000000000364738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4c3e9e03a7c7d982021-12-21 10:30:47.943root 11241100x8000000000000000364739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec17dbf41ac2d6362021-12-21 10:30:47.943root 11241100x8000000000000000364740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18fac0a934d0b1702021-12-21 10:30:47.944root 11241100x8000000000000000364741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6ba70461fd445e62021-12-21 10:30:47.944root 11241100x8000000000000000364742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0992ffb6752bf8b12021-12-21 10:30:47.944root 11241100x8000000000000000364743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06b4adb17809a9c82021-12-21 10:30:47.944root 11241100x8000000000000000364744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39518339f2c5e9802021-12-21 10:30:47.944root 11241100x8000000000000000364745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f8b6d66632e2d972021-12-21 10:30:47.944root 11241100x8000000000000000364746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e26a23b0227da3d2021-12-21 10:30:47.944root 11241100x8000000000000000364747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d083b3377c119e2021-12-21 10:30:47.944root 11241100x8000000000000000364748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7a6b3ff6faed36d2021-12-21 10:30:47.944root 11241100x8000000000000000364749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23fb68502169b0422021-12-21 10:30:47.944root 11241100x8000000000000000364750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9152454817f268a82021-12-21 10:30:47.945root 11241100x8000000000000000364751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15a2132cfde391c42021-12-21 10:30:47.945root 11241100x8000000000000000364752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c75020f6284e3e52021-12-21 10:30:47.945root 11241100x8000000000000000364753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4094d10b5b95ee642021-12-21 10:30:47.945root 11241100x8000000000000000364754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b4fa39d091f8aa52021-12-21 10:30:47.945root 11241100x8000000000000000364755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.022675e6fdc2460f2021-12-21 10:30:47.945root 11241100x8000000000000000364756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd9ea0d7a7d8fe1d2021-12-21 10:30:47.945root 11241100x8000000000000000364757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03c1a5f6f121d86e2021-12-21 10:30:47.945root 11241100x8000000000000000364758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f0ee6c8a360f60a2021-12-21 10:30:47.945root 11241100x8000000000000000364759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f96dbdc468a4932021-12-21 10:30:47.945root 11241100x8000000000000000364760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df3f39346615ecf02021-12-21 10:30:47.946root 11241100x8000000000000000364761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:47.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf663ffacd15e07d2021-12-21 10:30:47.946root 11241100x8000000000000000364762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fdab32cdeae7ea272021-12-21 10:30:48.443root 11241100x8000000000000000364763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223f6a22614c26ac2021-12-21 10:30:48.443root 11241100x8000000000000000364764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9e88279b1609c12021-12-21 10:30:48.443root 11241100x8000000000000000364765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5602130f8abef1f22021-12-21 10:30:48.443root 11241100x8000000000000000364766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b30a8adfa9b3fc822021-12-21 10:30:48.444root 11241100x8000000000000000364767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d65391346a6e8be42021-12-21 10:30:48.444root 11241100x8000000000000000364768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf7eca3dde2abf092021-12-21 10:30:48.444root 11241100x8000000000000000364769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a8bf52f6281a132021-12-21 10:30:48.444root 11241100x8000000000000000364770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bedb16765652a9f2021-12-21 10:30:48.444root 11241100x8000000000000000364771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e849508d9b63bbe2021-12-21 10:30:48.444root 11241100x8000000000000000364772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4fb882025f410f42021-12-21 10:30:48.445root 11241100x8000000000000000364773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6877516e8848cc22021-12-21 10:30:48.445root 11241100x8000000000000000364774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2c4ef069313168e2021-12-21 10:30:48.445root 11241100x8000000000000000364775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c69c5e49fc5a7f0f2021-12-21 10:30:48.445root 11241100x8000000000000000364776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e14b9e63ed5d6c822021-12-21 10:30:48.445root 11241100x8000000000000000364777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc8acd219df11c262021-12-21 10:30:48.445root 11241100x8000000000000000364778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0058dd7e214fb92021-12-21 10:30:48.446root 11241100x8000000000000000364779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe1927a3b972e802021-12-21 10:30:48.446root 11241100x8000000000000000364780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4af30999a05c38142021-12-21 10:30:48.446root 11241100x8000000000000000364781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b329a520d200412021-12-21 10:30:48.446root 11241100x8000000000000000364782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024ba3ebb76dce912021-12-21 10:30:48.446root 11241100x8000000000000000364783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6508c25644c0d5982021-12-21 10:30:48.446root 11241100x8000000000000000364784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52dabba155b1bd3b2021-12-21 10:30:48.447root 11241100x8000000000000000364785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.424edca42022b2962021-12-21 10:30:48.447root 11241100x8000000000000000364786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f798d0da7eab9c82021-12-21 10:30:48.447root 11241100x8000000000000000364787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44f97586430483d02021-12-21 10:30:48.447root 11241100x8000000000000000364788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62d0fd34e8e779e42021-12-21 10:30:48.447root 11241100x8000000000000000364789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73bb370cb28c152a2021-12-21 10:30:48.448root 11241100x8000000000000000364790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb1122c27d402df12021-12-21 10:30:48.448root 11241100x8000000000000000364791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b030bef801cf7e1d2021-12-21 10:30:48.448root 11241100x8000000000000000364792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.652f911a6d898ed22021-12-21 10:30:48.943root 11241100x8000000000000000364793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2820b3ce2b561d82021-12-21 10:30:48.944root 11241100x8000000000000000364794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee7fa2dd746f10c2021-12-21 10:30:48.944root 11241100x8000000000000000364795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48404f7602a17b9f2021-12-21 10:30:48.944root 11241100x8000000000000000364796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75a29e7e57741b382021-12-21 10:30:48.944root 11241100x8000000000000000364797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e54dc7d8d112d12021-12-21 10:30:48.944root 11241100x8000000000000000364798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c15d60a7b0404c5c2021-12-21 10:30:48.944root 11241100x8000000000000000364799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7d8492c664503c92021-12-21 10:30:48.944root 11241100x8000000000000000364800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a23adae4a5ebc0602021-12-21 10:30:48.944root 11241100x8000000000000000364801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f399a313de7c7432021-12-21 10:30:48.945root 11241100x8000000000000000364802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ed8628bfe351d352021-12-21 10:30:48.945root 11241100x8000000000000000364803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee1c4ffc14364c02021-12-21 10:30:48.945root 11241100x8000000000000000364804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0423597fffcca19d2021-12-21 10:30:48.945root 11241100x8000000000000000364805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.300ef78ee2ca07e32021-12-21 10:30:48.945root 11241100x8000000000000000364806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed557f9405e05ad2021-12-21 10:30:48.945root 11241100x8000000000000000364807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c17b55327e7f54722021-12-21 10:30:48.945root 11241100x8000000000000000364808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fbc890ad09be4542021-12-21 10:30:48.945root 11241100x8000000000000000364809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f2bd6664eed06d02021-12-21 10:30:48.945root 11241100x8000000000000000364810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d97539c4bcd0ce52021-12-21 10:30:48.945root 11241100x8000000000000000364811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ad0fc9bd1b02302021-12-21 10:30:48.946root 11241100x8000000000000000364812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2daf11f4fff83a202021-12-21 10:30:48.946root 11241100x8000000000000000364813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fadfc32bcde52b7a2021-12-21 10:30:48.946root 11241100x8000000000000000364814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f17a1570e45d36a2021-12-21 10:30:48.947root 11241100x8000000000000000364815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a21c1060a1ad5092021-12-21 10:30:48.947root 11241100x8000000000000000364816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.965cd15583aedef62021-12-21 10:30:48.947root 11241100x8000000000000000364817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b012f08749f3ef2021-12-21 10:30:48.947root 11241100x8000000000000000364818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499960703f73fb1f2021-12-21 10:30:48.947root 11241100x8000000000000000364819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6732fb082ac742d22021-12-21 10:30:48.947root 11241100x8000000000000000364820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:48.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e216ca657ff7de52021-12-21 10:30:48.948root 11241100x8000000000000000364821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d87fa72acb82c902021-12-21 10:30:49.443root 11241100x8000000000000000364822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a5a0d64cba238992021-12-21 10:30:49.443root 11241100x8000000000000000364823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38989be5b8d4c3cd2021-12-21 10:30:49.443root 11241100x8000000000000000364824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f1e0c0b5240328d2021-12-21 10:30:49.443root 11241100x8000000000000000364825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ce19f13734319e2021-12-21 10:30:49.443root 11241100x8000000000000000364826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.719549fc5d6779e52021-12-21 10:30:49.444root 11241100x8000000000000000364827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ced9dd3393c5a7692021-12-21 10:30:49.444root 11241100x8000000000000000364828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d273fdf75136e6522021-12-21 10:30:49.444root 11241100x8000000000000000364829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd85ce05038139b62021-12-21 10:30:49.444root 11241100x8000000000000000364830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7aa8d7a49c7f18692021-12-21 10:30:49.444root 11241100x8000000000000000364831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9740f258d6f51f8d2021-12-21 10:30:49.444root 11241100x8000000000000000364832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b24b59f5a16e6f312021-12-21 10:30:49.444root 11241100x8000000000000000364833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1597dcdac42844e2021-12-21 10:30:49.444root 11241100x8000000000000000364834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ea7baf915251cb42021-12-21 10:30:49.444root 11241100x8000000000000000364835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2e29087bb1893722021-12-21 10:30:49.444root 11241100x8000000000000000364836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a78fe482a3b49302021-12-21 10:30:49.445root 11241100x8000000000000000364837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b1dac757d22b4bb2021-12-21 10:30:49.445root 11241100x8000000000000000364838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82136320e43b3c32021-12-21 10:30:49.445root 11241100x8000000000000000364839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06903ff7c948a7c32021-12-21 10:30:49.445root 11241100x8000000000000000364840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e589dc3f20cf06b72021-12-21 10:30:49.445root 11241100x8000000000000000364841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e26cc9a41186ba52021-12-21 10:30:49.445root 11241100x8000000000000000364842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a676b890c7ca913e2021-12-21 10:30:49.445root 11241100x8000000000000000364843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc7059ceab722a422021-12-21 10:30:49.445root 11241100x8000000000000000364844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa3576675eb01352021-12-21 10:30:49.445root 11241100x8000000000000000364845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5f76877b9680c272021-12-21 10:30:49.445root 11241100x8000000000000000364846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35ba7e936018b60b2021-12-21 10:30:49.446root 11241100x8000000000000000364847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5954c9e4ce3144082021-12-21 10:30:49.446root 11241100x8000000000000000364848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc225d29ca7864362021-12-21 10:30:49.446root 11241100x8000000000000000364849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9056e92568ad9c22021-12-21 10:30:49.446root 11241100x8000000000000000364850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2ca7ac90edaf94a2021-12-21 10:30:49.446root 11241100x8000000000000000364851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd60c7863a48aad82021-12-21 10:30:49.446root 11241100x8000000000000000364852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.090e659becedd7a32021-12-21 10:30:49.446root 11241100x8000000000000000364853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f0040ef0a96fa92021-12-21 10:30:49.943root 11241100x8000000000000000364854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72926810dc07946e2021-12-21 10:30:49.943root 11241100x8000000000000000364855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f5b610754a7de4c2021-12-21 10:30:49.943root 11241100x8000000000000000364856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2b79a76751fe932021-12-21 10:30:49.943root 11241100x8000000000000000364857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.323eb064123a73cf2021-12-21 10:30:49.943root 11241100x8000000000000000364858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acccbc861cb1ff372021-12-21 10:30:49.943root 11241100x8000000000000000364859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f36faf9508e79a42021-12-21 10:30:49.944root 11241100x8000000000000000364860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ef91cbda4a28ee52021-12-21 10:30:49.944root 11241100x8000000000000000364861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.995b297bbff240a32021-12-21 10:30:49.944root 11241100x8000000000000000364862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9b02016bf12498c2021-12-21 10:30:49.944root 11241100x8000000000000000364863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5e887872ef912632021-12-21 10:30:49.944root 11241100x8000000000000000364864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b980642c22eb7d2021-12-21 10:30:49.944root 11241100x8000000000000000364865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f58f74915458c2f2021-12-21 10:30:49.944root 11241100x8000000000000000364866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1c91f365926bd42021-12-21 10:30:49.944root 11241100x8000000000000000364867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2706fd3ab47cf862021-12-21 10:30:49.944root 11241100x8000000000000000364868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c50ad1cebd2cf0592021-12-21 10:30:49.945root 11241100x8000000000000000364869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef3e811942b75da52021-12-21 10:30:49.945root 11241100x8000000000000000364870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e50f8cfb2b22586a2021-12-21 10:30:49.945root 11241100x8000000000000000364871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa45223a9ec339db2021-12-21 10:30:49.945root 11241100x8000000000000000364872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4741a570f6497dd2021-12-21 10:30:49.945root 11241100x8000000000000000364873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52fe48716a55cea02021-12-21 10:30:49.945root 11241100x8000000000000000364874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46187ef96fa08c352021-12-21 10:30:49.945root 11241100x8000000000000000364875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.697d8688bca393742021-12-21 10:30:49.945root 11241100x8000000000000000364876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf2712701bbd79d32021-12-21 10:30:49.946root 11241100x8000000000000000364877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85aaedfa6d3a4e7d2021-12-21 10:30:49.946root 11241100x8000000000000000364878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8064b2ae532998ca2021-12-21 10:30:49.947root 11241100x8000000000000000364879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed77c2d0f24e9d112021-12-21 10:30:49.947root 11241100x8000000000000000364880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c48253b09301581e2021-12-21 10:30:49.947root 11241100x8000000000000000364881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f161d0aa16e224b2021-12-21 10:30:49.947root 11241100x8000000000000000364882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:49.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ba0969fadc6cf92021-12-21 10:30:49.950root 11241100x8000000000000000364883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606bf96884ea81d52021-12-21 10:30:50.443root 11241100x8000000000000000364884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195e916c2c21d75e2021-12-21 10:30:50.443root 11241100x8000000000000000364885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf198b7199c704592021-12-21 10:30:50.443root 11241100x8000000000000000364886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.748b1c5e487e23652021-12-21 10:30:50.443root 11241100x8000000000000000364887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.396f8d0f8bcee4ad2021-12-21 10:30:50.443root 11241100x8000000000000000364888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de74f9dfa37682b52021-12-21 10:30:50.444root 11241100x8000000000000000364889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9481c691a97f9342021-12-21 10:30:50.444root 11241100x8000000000000000364890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577d53fb0eb1ea302021-12-21 10:30:50.444root 11241100x8000000000000000364891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.551a294c41d3044f2021-12-21 10:30:50.444root 11241100x8000000000000000364892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2333e2a817d08c8f2021-12-21 10:30:50.444root 11241100x8000000000000000364893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.870c12024f9547d22021-12-21 10:30:50.444root 11241100x8000000000000000364894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea0a92c5db77eddb2021-12-21 10:30:50.444root 11241100x8000000000000000364895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178d5e869cb7dab52021-12-21 10:30:50.444root 11241100x8000000000000000364896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c58cb86f73c9c332021-12-21 10:30:50.444root 11241100x8000000000000000364897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d631e4a340b818b82021-12-21 10:30:50.444root 11241100x8000000000000000364898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6aa73e45eaeda7f2021-12-21 10:30:50.444root 11241100x8000000000000000364899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daa1c2318bb7c9c82021-12-21 10:30:50.444root 11241100x8000000000000000364900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7d2e8af1b1481542021-12-21 10:30:50.444root 11241100x8000000000000000364901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8dcdc7453a3b9c02021-12-21 10:30:50.445root 11241100x8000000000000000364902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a75a9ad4773fccc42021-12-21 10:30:50.445root 11241100x8000000000000000364903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae1d400697990f712021-12-21 10:30:50.445root 11241100x8000000000000000364904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57d6f8a0a6f01e722021-12-21 10:30:50.445root 11241100x8000000000000000364905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55014e47238b94572021-12-21 10:30:50.445root 11241100x8000000000000000364906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a094619d8a7fccc2021-12-21 10:30:50.445root 11241100x8000000000000000364907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9255ba6aaf9531d92021-12-21 10:30:50.445root 11241100x8000000000000000364908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5613d9806f6c3332021-12-21 10:30:50.445root 11241100x8000000000000000364909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7a131369ccfd46a2021-12-21 10:30:50.445root 11241100x8000000000000000364910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69fc86e4fee831b2021-12-21 10:30:50.445root 11241100x8000000000000000364911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fa07d350e6826522021-12-21 10:30:50.446root 11241100x8000000000000000364912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f90db3e16baa3bd42021-12-21 10:30:50.943root 11241100x8000000000000000364913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac942166123eb9f2021-12-21 10:30:50.943root 11241100x8000000000000000364914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe18b7a4c8edb582021-12-21 10:30:50.944root 11241100x8000000000000000364915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.744122bac0d01c2d2021-12-21 10:30:50.944root 11241100x8000000000000000364916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce70f4734f8c41342021-12-21 10:30:50.944root 11241100x8000000000000000364917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec1bd3a2a8503fd32021-12-21 10:30:50.944root 11241100x8000000000000000364918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d26b6d4942749c72021-12-21 10:30:50.945root 11241100x8000000000000000364919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a96eea7fa9e221812021-12-21 10:30:50.945root 11241100x8000000000000000364920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb3a28f6ee8fa7d2021-12-21 10:30:50.945root 11241100x8000000000000000364921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.527ef5dd6882668d2021-12-21 10:30:50.945root 11241100x8000000000000000364922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d25976078e292a3d2021-12-21 10:30:50.945root 11241100x8000000000000000364923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a324ac526c9681ef2021-12-21 10:30:50.945root 11241100x8000000000000000364924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf765347f635e2982021-12-21 10:30:50.945root 11241100x8000000000000000364925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e30e13146ee4eff2021-12-21 10:30:50.945root 11241100x8000000000000000364926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c85ff184496d7c242021-12-21 10:30:50.945root 11241100x8000000000000000364927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac71eed77078ebfb2021-12-21 10:30:50.945root 11241100x8000000000000000364928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a9071c980e5f202021-12-21 10:30:50.946root 11241100x8000000000000000364929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.695da743a635d63f2021-12-21 10:30:50.946root 11241100x8000000000000000364930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.394475b190fe26802021-12-21 10:30:50.946root 11241100x8000000000000000364931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eafec9cbea0487ea2021-12-21 10:30:50.946root 11241100x8000000000000000364932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c091097b2e2f09a2021-12-21 10:30:50.946root 11241100x8000000000000000364933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.850d31d41df01a722021-12-21 10:30:50.946root 11241100x8000000000000000364934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f86eeb589d6c28f32021-12-21 10:30:50.946root 11241100x8000000000000000364935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c485d7aeca01d92021-12-21 10:30:50.946root 11241100x8000000000000000364936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3fe50bf5619c5d2021-12-21 10:30:50.946root 11241100x8000000000000000364937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74d74dbcd3e3f9f12021-12-21 10:30:50.946root 11241100x8000000000000000364938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3dfa2cd690c66c22021-12-21 10:30:50.947root 11241100x8000000000000000364939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.757527f9cc488bef2021-12-21 10:30:50.947root 11241100x8000000000000000364940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba1d09690745ff02021-12-21 10:30:50.947root 11241100x8000000000000000364941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7bfc05982e84dc42021-12-21 10:30:50.947root 11241100x8000000000000000364942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:50.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95353bad1d8622822021-12-21 10:30:50.947root 11241100x8000000000000000364943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45270cb60fcc0ff2021-12-21 10:30:51.443root 11241100x8000000000000000364944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47f0a6b6105e48db2021-12-21 10:30:51.443root 11241100x8000000000000000364945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d32ba89a29b3cc8d2021-12-21 10:30:51.443root 11241100x8000000000000000364946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9db36e38ea1ca32e2021-12-21 10:30:51.444root 11241100x8000000000000000364947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80b043a343552c0e2021-12-21 10:30:51.444root 11241100x8000000000000000364948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c10e7d37d809b71b2021-12-21 10:30:51.444root 11241100x8000000000000000364949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0369e3cacd445bdf2021-12-21 10:30:51.444root 11241100x8000000000000000364950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.794cd17262fd31a32021-12-21 10:30:51.444root 11241100x8000000000000000364951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8eacd386bd34952021-12-21 10:30:51.444root 11241100x8000000000000000364952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0334cd16990bbed2021-12-21 10:30:51.444root 11241100x8000000000000000364953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee812c0bc61d6d02021-12-21 10:30:51.444root 11241100x8000000000000000364954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234c72d4df3e531b2021-12-21 10:30:51.444root 11241100x8000000000000000364955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1b1baf222a62c12021-12-21 10:30:51.444root 11241100x8000000000000000364956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3698a45f85cb48ec2021-12-21 10:30:51.444root 11241100x8000000000000000364957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42791be21b83c6982021-12-21 10:30:51.445root 11241100x8000000000000000364958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd88332b9d29ef72021-12-21 10:30:51.445root 11241100x8000000000000000364959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f7b417a6b998ab2021-12-21 10:30:51.445root 11241100x8000000000000000364960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.025fd0c6cff721d32021-12-21 10:30:51.445root 11241100x8000000000000000364961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9d0cca8df973d82021-12-21 10:30:51.445root 11241100x8000000000000000364962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44565c750f66b7112021-12-21 10:30:51.445root 11241100x8000000000000000364963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8675a36323363d272021-12-21 10:30:51.445root 11241100x8000000000000000364964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da13428d4569843a2021-12-21 10:30:51.445root 11241100x8000000000000000364965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.710cff44804bf5f62021-12-21 10:30:51.445root 11241100x8000000000000000364966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2d6a111461a42e82021-12-21 10:30:51.446root 11241100x8000000000000000364967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dfb60dfff30dbd72021-12-21 10:30:51.446root 11241100x8000000000000000364968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae182f1db69c18292021-12-21 10:30:51.446root 11241100x8000000000000000364969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a87e93d196461de72021-12-21 10:30:51.446root 11241100x8000000000000000364970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0d5ed0efa76b0752021-12-21 10:30:51.446root 11241100x8000000000000000364971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f397162626be36be2021-12-21 10:30:51.446root 154100x8000000000000000364972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.790{ec2b6afe-acdb-61c1-68c2-5142f0550000}5738/bin/dash-----sh ./mod_sudoer.sh/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{00000000-0000-0000-0000-000000000000}5737--- 534500x8000000000000000364973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.791{ec2b6afe-acdb-61c1-68c2-5142f0550000}5738/bin/dashubuntu 534500x8000000000000000364974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.792{00000000-0000-0000-0000-000000000000}5737<unknown process>ubuntu 11241100x8000000000000000364975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.792{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9472d20e2a13dce2021-12-21 10:30:51.792root 11241100x8000000000000000364976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.792{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.772ed4ffbcc6ec362021-12-21 10:30:51.792root 11241100x8000000000000000364977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.792{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b375ae9c862a7112021-12-21 10:30:51.792root 11241100x8000000000000000364978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.792{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f09fcc0fb051571e2021-12-21 10:30:51.792root 11241100x8000000000000000364979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.792{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c18f25bf66cc732021-12-21 10:30:51.792root 11241100x8000000000000000364980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.792{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb7e91dbc1fc0e1f2021-12-21 10:30:51.792root 11241100x8000000000000000364981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.792{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ad6f53e8be9d2bb2021-12-21 10:30:51.792root 11241100x8000000000000000364982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.792{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3fdbbe5e7c91bde2021-12-21 10:30:51.792root 11241100x8000000000000000364983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.792{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.629a22af31116b2d2021-12-21 10:30:51.792root 11241100x8000000000000000364984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.792{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e4540c86b51f8982021-12-21 10:30:51.792root 11241100x8000000000000000364985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.792{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d52910a3242e4ca82021-12-21 10:30:51.792root 11241100x8000000000000000364986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.793{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d88db7d538471a22021-12-21 10:30:51.793root 11241100x8000000000000000364987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.793{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36234efdee2f24c2021-12-21 10:30:51.793root 11241100x8000000000000000364988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.793{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9255ad5d673fab02021-12-21 10:30:51.793root 11241100x8000000000000000364989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.793{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425f2445712e21e42021-12-21 10:30:51.793root 11241100x8000000000000000364990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.793{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8926f2c2a3769c442021-12-21 10:30:51.793root 11241100x8000000000000000364991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.793{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69da8ccf018826d52021-12-21 10:30:51.793root 11241100x8000000000000000364992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.794{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e44db1aff5f8d0952021-12-21 10:30:51.794root 11241100x8000000000000000364993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.794{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab9f2bda894666e2021-12-21 10:30:51.794root 11241100x8000000000000000364994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.794{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9da1727cc7b0ef242021-12-21 10:30:51.794root 11241100x8000000000000000364995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.794{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6023f4c70922cb42021-12-21 10:30:51.794root 11241100x8000000000000000364996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.794{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3706eefce6660d772021-12-21 10:30:51.794root 11241100x8000000000000000364997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.794{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ced971f9e8610982021-12-21 10:30:51.794root 11241100x8000000000000000364998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.794{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5037c79c7947b1672021-12-21 10:30:51.794root 11241100x8000000000000000364999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.794{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b8e49fc66df1f782021-12-21 10:30:51.794root 11241100x8000000000000000365000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.794{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e890526e9bd6f6f2021-12-21 10:30:51.794root 11241100x8000000000000000365001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.794{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3d61472fb830e72021-12-21 10:30:51.794root 11241100x8000000000000000365002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.795{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77601f4590c87f882021-12-21 10:30:51.795root 11241100x8000000000000000365003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.795{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25667db5907c6a5b2021-12-21 10:30:51.795root 11241100x8000000000000000365004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.795{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a297f84166edcc2021-12-21 10:30:51.795root 11241100x8000000000000000365005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.795{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b033aac829c81b92021-12-21 10:30:51.795root 11241100x8000000000000000365006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.795{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7c0d70add23c08b2021-12-21 10:30:51.795root 11241100x8000000000000000365007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.795{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf110d08f29dd302021-12-21 10:30:51.795root 11241100x8000000000000000365008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.795{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.661e48e23f7ea0d02021-12-21 10:30:51.795root 11241100x8000000000000000365009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.795{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2d4602517cc43322021-12-21 10:30:51.795root 11241100x8000000000000000365010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:51.795{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bce04c491818ec42021-12-21 10:30:51.795root 11241100x8000000000000000365011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1022703be53b19092021-12-21 10:30:52.192root 11241100x8000000000000000365012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cac86aeaa551671d2021-12-21 10:30:52.193root 11241100x8000000000000000365013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83d87d8a12761c9b2021-12-21 10:30:52.193root 11241100x8000000000000000365014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0895dd4da8ed6ee2021-12-21 10:30:52.193root 11241100x8000000000000000365015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7244fd1aea099c52021-12-21 10:30:52.193root 11241100x8000000000000000365016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccd47ead72ba4d7e2021-12-21 10:30:52.193root 11241100x8000000000000000365017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5a05e9dfcf230352021-12-21 10:30:52.193root 11241100x8000000000000000365018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2b33205357f20522021-12-21 10:30:52.194root 11241100x8000000000000000365019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5e8c7e202c991f2021-12-21 10:30:52.194root 11241100x8000000000000000365020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2301881d829b5b502021-12-21 10:30:52.194root 11241100x8000000000000000365021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb7d77e0874595062021-12-21 10:30:52.194root 11241100x8000000000000000365022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efeec54684daae7e2021-12-21 10:30:52.194root 11241100x8000000000000000365023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab07e91c2347f2412021-12-21 10:30:52.194root 11241100x8000000000000000365024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30843a54d4bcd0d12021-12-21 10:30:52.194root 11241100x8000000000000000365025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b68f6422150f6ed32021-12-21 10:30:52.194root 11241100x8000000000000000365026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b6ceec039ddbafc2021-12-21 10:30:52.195root 11241100x8000000000000000365027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ec0330ef031ef0a2021-12-21 10:30:52.195root 11241100x8000000000000000365028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7681db313a5cac002021-12-21 10:30:52.195root 11241100x8000000000000000365029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63575dc2c0d5a00b2021-12-21 10:30:52.195root 11241100x8000000000000000365030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fef8d21bc2e02d62021-12-21 10:30:52.195root 11241100x8000000000000000365031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73da4b64eca7a86e2021-12-21 10:30:52.195root 11241100x8000000000000000365032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6279eb10564eab72021-12-21 10:30:52.195root 11241100x8000000000000000365033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0dbde256312ac3432021-12-21 10:30:52.196root 11241100x8000000000000000365034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4fe6b0dd6d5c09d2021-12-21 10:30:52.196root 11241100x8000000000000000365035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5f17c31b4d0b2c42021-12-21 10:30:52.196root 11241100x8000000000000000365036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0323e530962d57f52021-12-21 10:30:52.196root 11241100x8000000000000000365037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fc863069cc025d2021-12-21 10:30:52.196root 11241100x8000000000000000365038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5de59995737008912021-12-21 10:30:52.196root 11241100x8000000000000000365039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470f5d341dda87502021-12-21 10:30:52.196root 11241100x8000000000000000365040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f77777a7272c13112021-12-21 10:30:52.196root 11241100x8000000000000000365041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73db1052b2427872021-12-21 10:30:52.197root 11241100x8000000000000000365042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.890ee78d416c760b2021-12-21 10:30:52.197root 11241100x8000000000000000365043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2c61dd18350218a2021-12-21 10:30:52.197root 11241100x8000000000000000365044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df21a86fcff966de2021-12-21 10:30:52.197root 11241100x8000000000000000365045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26d8d52e55523d002021-12-21 10:30:52.197root 11241100x8000000000000000365046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4d945f3a1ee47e2021-12-21 10:30:52.197root 11241100x8000000000000000365047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebda102650c2352c2021-12-21 10:30:52.198root 11241100x8000000000000000365048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e92a7f12fe81abe2021-12-21 10:30:52.198root 11241100x8000000000000000365049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c8ec49db5a5f7a32021-12-21 10:30:52.198root 11241100x8000000000000000365050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12e4976b2a2d0f912021-12-21 10:30:52.199root 11241100x8000000000000000365051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d491c146484a0252021-12-21 10:30:52.199root 11241100x8000000000000000365052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.095d9f7183104a562021-12-21 10:30:52.200root 11241100x8000000000000000365053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bfabf6e7a396dbb2021-12-21 10:30:52.200root 11241100x8000000000000000365054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.731d1d69c08c8fef2021-12-21 10:30:52.201root 11241100x8000000000000000365055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58cab3876583c602021-12-21 10:30:52.201root 11241100x8000000000000000365056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.620f4331f118a6fb2021-12-21 10:30:52.202root 11241100x8000000000000000365057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf3f5a3e3b1838f22021-12-21 10:30:52.202root 11241100x8000000000000000365058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d288d2e6dee1e152021-12-21 10:30:52.202root 11241100x8000000000000000365059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b420fbddc6ba2ea92021-12-21 10:30:52.203root 11241100x8000000000000000365060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4236805ce48f1ff92021-12-21 10:30:52.203root 11241100x8000000000000000365061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e45188bd037dcbd62021-12-21 10:30:52.203root 11241100x8000000000000000365062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14d381a54d72f5f52021-12-21 10:30:52.203root 11241100x8000000000000000365063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbd6b45e3f5abc022021-12-21 10:30:52.203root 11241100x8000000000000000365064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.249ae3cd040ab11a2021-12-21 10:30:52.204root 11241100x8000000000000000365065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.847e1d60bf1719392021-12-21 10:30:52.204root 11241100x8000000000000000365066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71f49fd6b9aa32ae2021-12-21 10:30:52.204root 11241100x8000000000000000365067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.290e9fc57ceabe522021-12-21 10:30:52.204root 11241100x8000000000000000365068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebc2e2ca8719e3672021-12-21 10:30:52.204root 11241100x8000000000000000365069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32ad3fd86742684f2021-12-21 10:30:52.204root 11241100x8000000000000000365070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10696e91fe5363eb2021-12-21 10:30:52.204root 11241100x8000000000000000365071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bca3b7a9137bc7fd2021-12-21 10:30:52.204root 11241100x8000000000000000365072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac6efb5d83cb7892021-12-21 10:30:52.204root 11241100x8000000000000000365073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05be0e51e154bbc52021-12-21 10:30:52.204root 11241100x8000000000000000365074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb69f27375b637382021-12-21 10:30:52.204root 11241100x8000000000000000365075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a95b95e38ae79d2021-12-21 10:30:52.204root 11241100x8000000000000000365076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80221c3527158c762021-12-21 10:30:52.205root 11241100x8000000000000000365077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d1e254af2f788652021-12-21 10:30:52.205root 11241100x8000000000000000365078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9501e918660216632021-12-21 10:30:52.205root 11241100x8000000000000000365079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d778f988055e5e2021-12-21 10:30:52.205root 11241100x8000000000000000365080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4471298efed2fa62021-12-21 10:30:52.205root 11241100x8000000000000000365081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8adcd7473bdbdbd72021-12-21 10:30:52.205root 11241100x8000000000000000365082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cab619adbfd9f75d2021-12-21 10:30:52.205root 11241100x8000000000000000365083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd9824cf50d165642021-12-21 10:30:52.205root 11241100x8000000000000000365084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a29edba77164aff82021-12-21 10:30:52.205root 11241100x8000000000000000365085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49700d47d623ef132021-12-21 10:30:52.205root 11241100x8000000000000000365086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8366cbd064af7a8b2021-12-21 10:30:52.205root 11241100x8000000000000000365087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e9b88c08b9851d2021-12-21 10:30:52.205root 11241100x8000000000000000365088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167119346248c24b2021-12-21 10:30:52.692root 11241100x8000000000000000365089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e49a9ea1f13da732021-12-21 10:30:52.693root 11241100x8000000000000000365090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b38057a719d772c02021-12-21 10:30:52.693root 11241100x8000000000000000365091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9943e08cad072e342021-12-21 10:30:52.693root 11241100x8000000000000000365092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfe1f579c5f456812021-12-21 10:30:52.693root 11241100x8000000000000000365093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8fcab3ec8d7e862021-12-21 10:30:52.693root 11241100x8000000000000000365094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38f6ae979ae73fb52021-12-21 10:30:52.693root 11241100x8000000000000000365095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed32ff7478ef9ba32021-12-21 10:30:52.693root 11241100x8000000000000000365096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da3d6dea2a8e09f2021-12-21 10:30:52.693root 11241100x8000000000000000365097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.987ef895f3fdcf442021-12-21 10:30:52.693root 11241100x8000000000000000365098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78e73ceeaaa6ddf22021-12-21 10:30:52.693root 11241100x8000000000000000365099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.def0001f86c262422021-12-21 10:30:52.693root 11241100x8000000000000000365100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cd2545765d0fdb92021-12-21 10:30:52.693root 11241100x8000000000000000365101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be015d0b1b0ae1a42021-12-21 10:30:52.693root 11241100x8000000000000000365102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04230f114cb862572021-12-21 10:30:52.694root 11241100x8000000000000000365103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e7146a3e32e4f442021-12-21 10:30:52.694root 11241100x8000000000000000365104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6404737baf447b7e2021-12-21 10:30:52.694root 11241100x8000000000000000365105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5735726ec194b8e82021-12-21 10:30:52.694root 11241100x8000000000000000365106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3738d19eac895e002021-12-21 10:30:52.694root 11241100x8000000000000000365107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d674b13b0cef0102021-12-21 10:30:52.694root 11241100x8000000000000000365108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d477230efbee94602021-12-21 10:30:52.694root 11241100x8000000000000000365109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c504864f7a956a122021-12-21 10:30:52.694root 11241100x8000000000000000365110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e82d072b311b1c62021-12-21 10:30:52.694root 11241100x8000000000000000365111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041953a0092c0f762021-12-21 10:30:52.694root 11241100x8000000000000000365112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd66af13f32f75012021-12-21 10:30:52.694root 11241100x8000000000000000365113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbbfbe21a6608ccb2021-12-21 10:30:52.694root 11241100x8000000000000000365114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b92e5671c7ed6f0b2021-12-21 10:30:52.694root 11241100x8000000000000000365115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75af1be93ede19d82021-12-21 10:30:52.694root 11241100x8000000000000000365116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1084f624558d032d2021-12-21 10:30:52.694root 11241100x8000000000000000365117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de0d4337bcdcc2f02021-12-21 10:30:52.695root 11241100x8000000000000000365118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2bb8906646fc2a02021-12-21 10:30:52.695root 11241100x8000000000000000365119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3e79fdbe8c1f152021-12-21 10:30:52.695root 11241100x8000000000000000365120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.121decb9a409a6142021-12-21 10:30:52.695root 11241100x8000000000000000365121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab27da7f2b45287c2021-12-21 10:30:52.695root 11241100x8000000000000000365122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbab355c68d05a7f2021-12-21 10:30:52.695root 11241100x8000000000000000365123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63ef350c0d3434a12021-12-21 10:30:52.695root 11241100x8000000000000000365124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c7f37b8851471412021-12-21 10:30:52.695root 11241100x8000000000000000365125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bafad310bd86838d2021-12-21 10:30:52.695root 11241100x8000000000000000365126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:52.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.174e91b65cf344302021-12-21 10:30:52.695root 354300x8000000000000000365127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.033{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47206-false10.0.1.12-8000- 11241100x8000000000000000365128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.033{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d19f53b058b0b5832021-12-21 10:30:53.033root 11241100x8000000000000000365129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.033{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb6a5d7e1e31e6f2021-12-21 10:30:53.033root 11241100x8000000000000000365130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52e7aacd85dff8b42021-12-21 10:30:53.034root 11241100x8000000000000000365131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02d35464b0f4a7d82021-12-21 10:30:53.034root 11241100x8000000000000000365132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d26c8d38cbc59552021-12-21 10:30:53.034root 11241100x8000000000000000365133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.509fe4ed060316d12021-12-21 10:30:53.034root 11241100x8000000000000000365134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.034{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99524352489d65f62021-12-21 10:30:53.034root 11241100x8000000000000000365135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.035{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b1c241f7a001452021-12-21 10:30:53.035root 11241100x8000000000000000365136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.035{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc2f1f503a884922021-12-21 10:30:53.035root 11241100x8000000000000000365137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.035{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3d4de8d80ded13e2021-12-21 10:30:53.035root 11241100x8000000000000000365138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.035{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a3c9ba514e87ad2021-12-21 10:30:53.035root 11241100x8000000000000000365139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.035{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988505b81b2aa4182021-12-21 10:30:53.035root 11241100x8000000000000000365140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.036{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9657cda4944b1ea82021-12-21 10:30:53.036root 11241100x8000000000000000365141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.036{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aec48fa3abde60952021-12-21 10:30:53.036root 11241100x8000000000000000365142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.036{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39111e28b18c6cc02021-12-21 10:30:53.036root 11241100x8000000000000000365143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.036{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08d866e96443c9bc2021-12-21 10:30:53.036root 11241100x8000000000000000365144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.036{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e70bfce9ac2b2c42021-12-21 10:30:53.036root 11241100x8000000000000000365145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6019832494a82d82021-12-21 10:30:53.037root 11241100x8000000000000000365146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f4ca03aef2a126d2021-12-21 10:30:53.037root 11241100x8000000000000000365147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4223c50aa548cd962021-12-21 10:30:53.037root 11241100x8000000000000000365148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660e8675d6278c152021-12-21 10:30:53.037root 11241100x8000000000000000365149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57607a3e2dd32e32021-12-21 10:30:53.037root 11241100x8000000000000000365150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859418e7f002061d2021-12-21 10:30:53.037root 11241100x8000000000000000365151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.037{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf80a9adba3696f82021-12-21 10:30:53.037root 11241100x8000000000000000365152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34fb9e88c74cf0e72021-12-21 10:30:53.038root 11241100x8000000000000000365153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758cceb5fe9d8aeb2021-12-21 10:30:53.038root 11241100x8000000000000000365154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.860010bedf6e815a2021-12-21 10:30:53.038root 11241100x8000000000000000365155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c1d5d76156491402021-12-21 10:30:53.038root 11241100x8000000000000000365156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.038{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ed55461d8cc94182021-12-21 10:30:53.038root 11241100x8000000000000000365157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.039{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2349e050ba42350f2021-12-21 10:30:53.039root 11241100x8000000000000000365158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.039{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.796d97bbea2f7c5f2021-12-21 10:30:53.039root 11241100x8000000000000000365159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.039{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cec387474a38b1762021-12-21 10:30:53.039root 11241100x8000000000000000365160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.039{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cab981c612f0b962021-12-21 10:30:53.039root 11241100x8000000000000000365161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.039{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f1e6bf3893f2e422021-12-21 10:30:53.039root 11241100x8000000000000000365162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.040{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6c4367f552187662021-12-21 10:30:53.040root 11241100x8000000000000000365163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.040{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edb3f665d4af4502021-12-21 10:30:53.040root 11241100x8000000000000000365164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.040{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0731aa9fcda89392021-12-21 10:30:53.040root 11241100x8000000000000000365165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.040{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.811769610d23c3352021-12-21 10:30:53.040root 11241100x8000000000000000365166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.040{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a651a0bc7ba40182021-12-21 10:30:53.040root 11241100x8000000000000000365167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.040{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35a03a39957863182021-12-21 10:30:53.040root 11241100x8000000000000000365168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.041{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0803d2f810e39bfa2021-12-21 10:30:53.041root 11241100x8000000000000000365169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.041{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3cf63816b0925e6c2021-12-21 10:30:53.041root 11241100x8000000000000000365170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.041{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a8f69300c257f3f2021-12-21 10:30:53.041root 11241100x8000000000000000365171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.042{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d92d8d1986316e32021-12-21 10:30:53.042root 11241100x8000000000000000365172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.042{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af84d0d5df484e3c2021-12-21 10:30:53.042root 11241100x8000000000000000365173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.042{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8d7aca70b1b1e522021-12-21 10:30:53.042root 11241100x8000000000000000365174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.042{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d51f4f4c18a664a62021-12-21 10:30:53.042root 11241100x8000000000000000365175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edc55934b99b246e2021-12-21 10:30:53.043root 11241100x8000000000000000365176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2d1eef5e893a4ff2021-12-21 10:30:53.043root 11241100x8000000000000000365177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.043{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c445a0da1a9b74e82021-12-21 10:30:53.043root 11241100x8000000000000000365178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.131bf62a399784232021-12-21 10:30:53.044root 11241100x8000000000000000365179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2019e172ba8625812021-12-21 10:30:53.044root 11241100x8000000000000000365180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dccf6119d332cf772021-12-21 10:30:53.044root 11241100x8000000000000000365181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.044{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79756f728b2d7e22021-12-21 10:30:53.044root 11241100x8000000000000000365182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9cdff9212dd37772021-12-21 10:30:53.045root 11241100x8000000000000000365183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dfe9158ff3ca90b2021-12-21 10:30:53.045root 11241100x8000000000000000365184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71db570429536d562021-12-21 10:30:53.045root 11241100x8000000000000000365185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.045{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa4e83da6a87cfc32021-12-21 10:30:53.045root 11241100x8000000000000000365186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fd8d16d9f0c335ee2021-12-21 10:30:53.046root 11241100x8000000000000000365187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9b1bb989a40764b2021-12-21 10:30:53.046root 11241100x8000000000000000365188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a36bda7cbe35b7ad2021-12-21 10:30:53.046root 11241100x8000000000000000365189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ded2c0f1af3ddf262021-12-21 10:30:53.046root 11241100x8000000000000000365190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e18b61cbeeb9332021-12-21 10:30:53.046root 11241100x8000000000000000365191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.046{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.592033553cead4cc2021-12-21 10:30:53.046root 11241100x8000000000000000365192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.047{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2132933317e463792021-12-21 10:30:53.047root 11241100x8000000000000000365193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.047{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1153eaaf640de4022021-12-21 10:30:53.047root 11241100x8000000000000000365194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.047{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89eb909b73598dba2021-12-21 10:30:53.047root 11241100x8000000000000000365195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.047{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.204bd261b5b596dd2021-12-21 10:30:53.047root 11241100x8000000000000000365196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.047{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde739ff0fae6c212021-12-21 10:30:53.047root 11241100x8000000000000000365197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.047{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48b8a0e9641d42ac2021-12-21 10:30:53.047root 11241100x8000000000000000365198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.047{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f79171887b906232021-12-21 10:30:53.047root 11241100x8000000000000000365199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98bfe370c00cf55f2021-12-21 10:30:53.443root 11241100x8000000000000000365200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2aa96978fcae5ba2021-12-21 10:30:53.443root 11241100x8000000000000000365201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f32ebdf6655d81b2021-12-21 10:30:53.443root 11241100x8000000000000000365202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73f44dc3479d843a2021-12-21 10:30:53.443root 11241100x8000000000000000365203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e88174fa16503e082021-12-21 10:30:53.444root 11241100x8000000000000000365204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f37b7639324f8082021-12-21 10:30:53.444root 11241100x8000000000000000365205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c471899f41e73f2e2021-12-21 10:30:53.444root 11241100x8000000000000000365206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3342f2729375bd192021-12-21 10:30:53.444root 11241100x8000000000000000365207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0179010ace6f01942021-12-21 10:30:53.444root 11241100x8000000000000000365208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e610c9436f191372021-12-21 10:30:53.444root 11241100x8000000000000000365209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bb572998e2beb3e2021-12-21 10:30:53.444root 11241100x8000000000000000365210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a09467da86365f872021-12-21 10:30:53.444root 11241100x8000000000000000365211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.117e846d86b04d2a2021-12-21 10:30:53.444root 11241100x8000000000000000365212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd07d713bf4d3db2021-12-21 10:30:53.444root 11241100x8000000000000000365213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e465442ef8872272021-12-21 10:30:53.445root 11241100x8000000000000000365214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ae34a3aae3640cb2021-12-21 10:30:53.445root 11241100x8000000000000000365215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36102c83b8ce83b52021-12-21 10:30:53.445root 11241100x8000000000000000365216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb81e92b7d9b50f62021-12-21 10:30:53.445root 11241100x8000000000000000365217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ff5834857107072021-12-21 10:30:53.445root 11241100x8000000000000000365218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f5fdc8fa7076002021-12-21 10:30:53.445root 11241100x8000000000000000365219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62dab2723775d5542021-12-21 10:30:53.445root 11241100x8000000000000000365220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.654cb067669c3b3c2021-12-21 10:30:53.445root 11241100x8000000000000000365221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c42cc1805d049552021-12-21 10:30:53.445root 11241100x8000000000000000365222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbeeaf1c70e5fefe2021-12-21 10:30:53.445root 11241100x8000000000000000365223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9302cf9303284f2021-12-21 10:30:53.445root 11241100x8000000000000000365224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1607627d7a3aa8792021-12-21 10:30:53.446root 11241100x8000000000000000365225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf9cff4263da0c652021-12-21 10:30:53.446root 11241100x8000000000000000365226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e8390aa3a9260472021-12-21 10:30:53.446root 11241100x8000000000000000365227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b515e86b62480bf72021-12-21 10:30:53.446root 11241100x8000000000000000365228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6f496e1391d6a892021-12-21 10:30:53.446root 11241100x8000000000000000365229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00548b6beb88694f2021-12-21 10:30:53.446root 11241100x8000000000000000365230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37c9876b37d133522021-12-21 10:30:53.446root 11241100x8000000000000000365231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.499bada6fa8d5e3c2021-12-21 10:30:53.447root 11241100x8000000000000000365232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1faef3ab780f4f42021-12-21 10:30:53.447root 11241100x8000000000000000365233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6768ab0acc3079bb2021-12-21 10:30:53.447root 11241100x8000000000000000365234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4131592c693d8ad52021-12-21 10:30:53.447root 11241100x8000000000000000365235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9984b72109f40ec62021-12-21 10:30:53.447root 11241100x8000000000000000365236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2850ca7e325d64932021-12-21 10:30:53.447root 11241100x8000000000000000365237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84c6684a213c419e2021-12-21 10:30:53.448root 11241100x8000000000000000365238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c319fc0d61cee6e42021-12-21 10:30:53.448root 11241100x8000000000000000365239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b39f08545619ddce2021-12-21 10:30:53.448root 11241100x8000000000000000365240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad1a59c21d9a15122021-12-21 10:30:53.448root 11241100x8000000000000000365241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.104ea2074822fa3e2021-12-21 10:30:53.449root 11241100x8000000000000000365242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e5217a67b7582112021-12-21 10:30:53.449root 11241100x8000000000000000365243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d11c2db63e427d82021-12-21 10:30:53.449root 11241100x8000000000000000365244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f19d91fe9f583d262021-12-21 10:30:53.449root 11241100x8000000000000000365245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba5ad4d9bc2afa4f2021-12-21 10:30:53.449root 11241100x8000000000000000365246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4357c2dcb2b84acf2021-12-21 10:30:53.449root 11241100x8000000000000000365247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.266883378234affe2021-12-21 10:30:53.450root 11241100x8000000000000000365248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4449875cccb512412021-12-21 10:30:53.450root 11241100x8000000000000000365249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.823a04654387fe812021-12-21 10:30:53.450root 11241100x8000000000000000365250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d82fa436c50dde4d2021-12-21 10:30:53.450root 11241100x8000000000000000365251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7699a43dc7244ee2021-12-21 10:30:53.450root 11241100x8000000000000000365252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.762bf74ba20b6b1b2021-12-21 10:30:53.450root 11241100x8000000000000000365253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.211790063e0c7b912021-12-21 10:30:53.943root 11241100x8000000000000000365254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8edac0e301e2ee632021-12-21 10:30:53.943root 11241100x8000000000000000365255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f6caabd96793f52021-12-21 10:30:53.943root 11241100x8000000000000000365256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76d8dc51d03b0f652021-12-21 10:30:53.943root 11241100x8000000000000000365257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f403bc7e79086542021-12-21 10:30:53.943root 11241100x8000000000000000365258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50078aa7caffae192021-12-21 10:30:53.943root 11241100x8000000000000000365259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d94809710ea519f72021-12-21 10:30:53.943root 11241100x8000000000000000365260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82bb0c593dcbf6f12021-12-21 10:30:53.943root 11241100x8000000000000000365261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27fde46a761512c52021-12-21 10:30:53.944root 11241100x8000000000000000365262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a0463383df38432021-12-21 10:30:53.944root 11241100x8000000000000000365263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199dfd1f3964e55c2021-12-21 10:30:53.944root 11241100x8000000000000000365264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83281face87249172021-12-21 10:30:53.944root 11241100x8000000000000000365265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2988c53956f2b2992021-12-21 10:30:53.944root 11241100x8000000000000000365266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.660928a350492b362021-12-21 10:30:53.944root 11241100x8000000000000000365267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06cf806fe1ba1e702021-12-21 10:30:53.944root 11241100x8000000000000000365268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc1ae4388aba49782021-12-21 10:30:53.944root 11241100x8000000000000000365269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3c614a7d39d56542021-12-21 10:30:53.944root 11241100x8000000000000000365270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493c8879393207f62021-12-21 10:30:53.945root 11241100x8000000000000000365271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b7705b10db9d7c982021-12-21 10:30:53.945root 11241100x8000000000000000365272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72f894b07d1659d52021-12-21 10:30:53.945root 11241100x8000000000000000365273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9eac7812a7a9f0182021-12-21 10:30:53.945root 11241100x8000000000000000365274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352058c6a12422772021-12-21 10:30:53.945root 11241100x8000000000000000365275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cedb2be4f5d62cf12021-12-21 10:30:53.945root 11241100x8000000000000000365276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5678ffc990dd9f22021-12-21 10:30:53.945root 11241100x8000000000000000365277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e840f3e402b853fb2021-12-21 10:30:53.945root 11241100x8000000000000000365278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3649844479e299d02021-12-21 10:30:53.945root 11241100x8000000000000000365279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3762099871fe98752021-12-21 10:30:53.945root 11241100x8000000000000000365280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2eb2e6bb00e2f01f2021-12-21 10:30:53.946root 11241100x8000000000000000365281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.364882c7acefa9b22021-12-21 10:30:53.946root 11241100x8000000000000000365282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79c3594855c4f232021-12-21 10:30:53.946root 11241100x8000000000000000365283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd527e9c81b6f072021-12-21 10:30:53.946root 11241100x8000000000000000365284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc8b837a063c4b92021-12-21 10:30:53.946root 11241100x8000000000000000365285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7949cd32efa273fa2021-12-21 10:30:53.946root 11241100x8000000000000000365286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49838e3ab09efb462021-12-21 10:30:53.946root 11241100x8000000000000000365287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fec2f89a8d862d42021-12-21 10:30:53.946root 11241100x8000000000000000365288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c6f8bcd389d79122021-12-21 10:30:53.947root 11241100x8000000000000000365289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af53519a723a53f42021-12-21 10:30:53.947root 11241100x8000000000000000365290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff5bffb96a75a84c2021-12-21 10:30:53.948root 11241100x8000000000000000365291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5092ba302801763d2021-12-21 10:30:53.948root 11241100x8000000000000000365292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b4e0b4743d9f3122021-12-21 10:30:53.948root 11241100x8000000000000000365293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33915fbc3f4df1c32021-12-21 10:30:53.948root 11241100x8000000000000000365294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.015d87c4664840a62021-12-21 10:30:53.948root 11241100x8000000000000000365295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20bea25b62766b412021-12-21 10:30:53.948root 11241100x8000000000000000365296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1fd7f82b71c6b5b2021-12-21 10:30:53.948root 11241100x8000000000000000365297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68d69c20768b791c2021-12-21 10:30:53.948root 11241100x8000000000000000365298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e428add689f074622021-12-21 10:30:53.949root 11241100x8000000000000000365299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7d5f983e4f88afe2021-12-21 10:30:53.949root 11241100x8000000000000000365300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81a377ddf9e50c562021-12-21 10:30:53.949root 11241100x8000000000000000365301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d721a25bc9ce4fe2021-12-21 10:30:53.949root 11241100x8000000000000000365302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec4e03962049de832021-12-21 10:30:53.949root 11241100x8000000000000000365303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98464e582e0dcdc12021-12-21 10:30:53.949root 11241100x8000000000000000365304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49b3c59eff3c097e2021-12-21 10:30:53.949root 11241100x8000000000000000365305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.861728f890a179272021-12-21 10:30:53.949root 11241100x8000000000000000365306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d8b4d45c1244d1c2021-12-21 10:30:53.949root 11241100x8000000000000000365307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1da02255f92d6f92021-12-21 10:30:53.949root 11241100x8000000000000000365308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa48941568e45ab62021-12-21 10:30:53.949root 11241100x8000000000000000365309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dc132e3167137022021-12-21 10:30:53.950root 11241100x8000000000000000365310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40cf055bbcef02332021-12-21 10:30:53.950root 11241100x8000000000000000365311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768604feda4dfcd32021-12-21 10:30:53.950root 11241100x8000000000000000365312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffe66b40f59269b2021-12-21 10:30:53.950root 11241100x8000000000000000365313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd2924f2211f72762021-12-21 10:30:53.950root 11241100x8000000000000000365314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e94129eeed535e2021-12-21 10:30:53.950root 11241100x8000000000000000365315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:53.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7454ba53efa55ea22021-12-21 10:30:53.950root 11241100x8000000000000000365316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955a3b590d1134a42021-12-21 10:30:54.443root 11241100x8000000000000000365317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1188f83d85d362852021-12-21 10:30:54.443root 11241100x8000000000000000365318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adeaa2680ce6b91d2021-12-21 10:30:54.443root 11241100x8000000000000000365319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.391bdeb6db6d28132021-12-21 10:30:54.444root 11241100x8000000000000000365320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e67372e20c507f2021-12-21 10:30:54.444root 11241100x8000000000000000365321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ad762c76b59aa982021-12-21 10:30:54.444root 11241100x8000000000000000365322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b93d9bcdb703d792021-12-21 10:30:54.444root 11241100x8000000000000000365323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f7b9670a3d867522021-12-21 10:30:54.444root 11241100x8000000000000000365324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd36d0dcbabdd972021-12-21 10:30:54.444root 11241100x8000000000000000365325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed431298210113b12021-12-21 10:30:54.445root 11241100x8000000000000000365326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b65741ac2458e32021-12-21 10:30:54.445root 11241100x8000000000000000365327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0c9ee783d48f14a2021-12-21 10:30:54.445root 11241100x8000000000000000365328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72ea90c523e9f302021-12-21 10:30:54.445root 11241100x8000000000000000365329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95c532f13f7e4ec72021-12-21 10:30:54.445root 11241100x8000000000000000365330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6d0dfe2e7432cb72021-12-21 10:30:54.445root 11241100x8000000000000000365331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c567eb3ab554324b2021-12-21 10:30:54.445root 11241100x8000000000000000365332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.975bd4d1cb577b942021-12-21 10:30:54.445root 11241100x8000000000000000365333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ce9e91decfb0ad2021-12-21 10:30:54.445root 11241100x8000000000000000365334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48ab1b6c8e6d88f22021-12-21 10:30:54.445root 11241100x8000000000000000365335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1da8dbb30c810622021-12-21 10:30:54.445root 11241100x8000000000000000365336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62da58d06131b4802021-12-21 10:30:54.446root 11241100x8000000000000000365337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37b470013d7b518a2021-12-21 10:30:54.446root 11241100x8000000000000000365338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7cf8db340f40272021-12-21 10:30:54.446root 11241100x8000000000000000365339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f91cabc0b77ca7ed2021-12-21 10:30:54.446root 11241100x8000000000000000365340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd78ee60c0ad2c502021-12-21 10:30:54.446root 11241100x8000000000000000365341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d126e3e71ce639d92021-12-21 10:30:54.446root 11241100x8000000000000000365342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6bd261ea13638042021-12-21 10:30:54.446root 11241100x8000000000000000365343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e809e7bdabd7edad2021-12-21 10:30:54.446root 11241100x8000000000000000365344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1464bdedaa3203162021-12-21 10:30:54.447root 11241100x8000000000000000365345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bfb49beaab14dea2021-12-21 10:30:54.447root 11241100x8000000000000000365346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92ec98087ce191d42021-12-21 10:30:54.447root 11241100x8000000000000000365347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6e60de97823467d2021-12-21 10:30:54.447root 11241100x8000000000000000365348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dc259ae7a6639a32021-12-21 10:30:54.447root 11241100x8000000000000000365349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da0fa9badc585d3b2021-12-21 10:30:54.447root 11241100x8000000000000000365350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603a930e9732c2792021-12-21 10:30:54.448root 11241100x8000000000000000365351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.030927308d7ab2d62021-12-21 10:30:54.448root 11241100x8000000000000000365352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eefe381bcb78e202021-12-21 10:30:54.448root 11241100x8000000000000000365353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9b61b999d9fdc302021-12-21 10:30:54.943root 11241100x8000000000000000365354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe5e835a15be8622021-12-21 10:30:54.943root 11241100x8000000000000000365355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b02acb1ae3a39d9a2021-12-21 10:30:54.944root 11241100x8000000000000000365356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36f1e5618e7734d32021-12-21 10:30:54.944root 11241100x8000000000000000365357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f162d245484607bc2021-12-21 10:30:54.944root 11241100x8000000000000000365358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8a9a135ca2869e72021-12-21 10:30:54.945root 11241100x8000000000000000365359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e473f5610590a72021-12-21 10:30:54.945root 11241100x8000000000000000365360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82b6e4021d901482021-12-21 10:30:54.945root 11241100x8000000000000000365361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723b955be499ec8d2021-12-21 10:30:54.945root 11241100x8000000000000000365362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cb7662576f89e0a2021-12-21 10:30:54.945root 11241100x8000000000000000365363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72e5415bcb97f7f02021-12-21 10:30:54.946root 11241100x8000000000000000365364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77883525f2efaeeb2021-12-21 10:30:54.946root 11241100x8000000000000000365365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b7347da8405811f2021-12-21 10:30:54.946root 11241100x8000000000000000365366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.63dc751e2d926c682021-12-21 10:30:54.946root 11241100x8000000000000000365367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8ffaeb06d4020ed2021-12-21 10:30:54.947root 11241100x8000000000000000365368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.927d155b1db1f6602021-12-21 10:30:54.947root 11241100x8000000000000000365369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf43941f12c66772021-12-21 10:30:54.947root 11241100x8000000000000000365370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc684c581a71d772021-12-21 10:30:54.948root 11241100x8000000000000000365371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23cecf0bce2a28ce2021-12-21 10:30:54.948root 11241100x8000000000000000365372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bbffa80d8589dd82021-12-21 10:30:54.948root 11241100x8000000000000000365373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f317620242b90fe62021-12-21 10:30:54.948root 11241100x8000000000000000365374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f6208b1e767c182021-12-21 10:30:54.949root 11241100x8000000000000000365375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cd520bcfc5c253d2021-12-21 10:30:54.949root 11241100x8000000000000000365376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c05fe7307c33492021-12-21 10:30:54.949root 11241100x8000000000000000365377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7475dfd0e055dcc2021-12-21 10:30:54.949root 11241100x8000000000000000365378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b77753b89875a1ac2021-12-21 10:30:54.949root 11241100x8000000000000000365379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2f9a2af2cac00852021-12-21 10:30:54.949root 11241100x8000000000000000365380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5ed5b24eb05ea352021-12-21 10:30:54.950root 11241100x8000000000000000365381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3646f8865315bb7d2021-12-21 10:30:54.950root 11241100x8000000000000000365382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b1b3481a395966a2021-12-21 10:30:54.950root 11241100x8000000000000000365383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92d8dbea9d7105702021-12-21 10:30:54.950root 11241100x8000000000000000365384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce685374dc63d182021-12-21 10:30:54.950root 11241100x8000000000000000365385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8f3844c4a95bb432021-12-21 10:30:54.950root 11241100x8000000000000000365386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ec3d5736f0f110f2021-12-21 10:30:54.951root 11241100x8000000000000000365387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1a3dbbf2fe06d412021-12-21 10:30:54.951root 11241100x8000000000000000365388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca0a6082d61ac0662021-12-21 10:30:54.951root 11241100x8000000000000000365389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9bf47738a142bebc2021-12-21 10:30:54.951root 11241100x8000000000000000365390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:54.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.024ff62b91c109752021-12-21 10:30:54.951root 11241100x8000000000000000365391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8fd23d7b1d8bd0b2021-12-21 10:30:55.443root 11241100x8000000000000000365392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27839151d95d5ab92021-12-21 10:30:55.443root 11241100x8000000000000000365393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36ad1875cd8a848f2021-12-21 10:30:55.443root 11241100x8000000000000000365394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4266e657da4d2c02021-12-21 10:30:55.444root 11241100x8000000000000000365395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff1b5d6b79d055e2021-12-21 10:30:55.444root 11241100x8000000000000000365396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03a9aa4e202cdace2021-12-21 10:30:55.444root 11241100x8000000000000000365397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f334095e5d5e1c62021-12-21 10:30:55.444root 11241100x8000000000000000365398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.149124954becc9ba2021-12-21 10:30:55.445root 11241100x8000000000000000365399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee7e9b6b5e09dfb2021-12-21 10:30:55.445root 11241100x8000000000000000365400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3dd41a25b7a1b0fe2021-12-21 10:30:55.445root 11241100x8000000000000000365401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25f36cd009012a402021-12-21 10:30:55.445root 11241100x8000000000000000365402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e7241dc60bc440f2021-12-21 10:30:55.445root 11241100x8000000000000000365403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.821f6986bac3d8392021-12-21 10:30:55.445root 11241100x8000000000000000365404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5e51339117dd37f2021-12-21 10:30:55.445root 11241100x8000000000000000365405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3e78d73cbfe38d92021-12-21 10:30:55.445root 11241100x8000000000000000365406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4063424bc20f47a2021-12-21 10:30:55.445root 11241100x8000000000000000365407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e195a35a8800d12021-12-21 10:30:55.445root 11241100x8000000000000000365408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d01ea146b239782021-12-21 10:30:55.446root 11241100x8000000000000000365409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3335a826c8f8c3a82021-12-21 10:30:55.446root 11241100x8000000000000000365410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3adbf46e4c137ea52021-12-21 10:30:55.446root 11241100x8000000000000000365411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57c42d9b4a99bf582021-12-21 10:30:55.446root 11241100x8000000000000000365412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbfbf863707a73112021-12-21 10:30:55.447root 11241100x8000000000000000365413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e148ab19189af6da2021-12-21 10:30:55.447root 11241100x8000000000000000365414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37e90e99729eb42a2021-12-21 10:30:55.447root 11241100x8000000000000000365415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940c2944763f7a4e2021-12-21 10:30:55.447root 11241100x8000000000000000365416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e9e9fa4b2629be92021-12-21 10:30:55.447root 11241100x8000000000000000365417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e914f501333913262021-12-21 10:30:55.447root 11241100x8000000000000000365418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49f7e902276667332021-12-21 10:30:55.448root 11241100x8000000000000000365419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.020aa76df19695bc2021-12-21 10:30:55.448root 11241100x8000000000000000365420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d28a59962cd67cf42021-12-21 10:30:55.448root 11241100x8000000000000000365421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7512a12285b9efbb2021-12-21 10:30:55.448root 11241100x8000000000000000365422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf1a95bb3a3becd42021-12-21 10:30:55.448root 11241100x8000000000000000365423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7dad1e1a79d49f992021-12-21 10:30:55.448root 11241100x8000000000000000365424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6615800d73765712021-12-21 10:30:55.448root 11241100x8000000000000000365425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c935f884f528c4112021-12-21 10:30:55.449root 11241100x8000000000000000365426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bb78dc0999860352021-12-21 10:30:55.449root 11241100x8000000000000000365427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d551d8553380c7072021-12-21 10:30:55.449root 11241100x8000000000000000365428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4230fedea82ddf1c2021-12-21 10:30:55.449root 11241100x8000000000000000365429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ef00df76ca63c82021-12-21 10:30:55.449root 11241100x8000000000000000365430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea2226ec7d07ba1a2021-12-21 10:30:55.449root 11241100x8000000000000000365431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c72185187ed4e0bf2021-12-21 10:30:55.450root 11241100x8000000000000000365432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c44fb995bd263bd2021-12-21 10:30:55.450root 11241100x8000000000000000365433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e300ba98c7cd977c2021-12-21 10:30:55.450root 11241100x8000000000000000365434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64313aaa3a55fb282021-12-21 10:30:55.450root 11241100x8000000000000000365435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9062bb648856384e2021-12-21 10:30:55.451root 11241100x8000000000000000365436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30599f5af19eebbd2021-12-21 10:30:55.451root 11241100x8000000000000000365437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73e910c1f1c36b192021-12-21 10:30:55.451root 11241100x8000000000000000365438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b718441fc39f9f112021-12-21 10:30:55.451root 11241100x8000000000000000365439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a72bc30450563de82021-12-21 10:30:55.452root 11241100x8000000000000000365440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21fd4d22a34364582021-12-21 10:30:55.452root 11241100x8000000000000000365441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e4c558481789c472021-12-21 10:30:55.452root 11241100x8000000000000000365442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.405fb2626517bfd72021-12-21 10:30:55.452root 11241100x8000000000000000365443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.556055e567c943982021-12-21 10:30:55.452root 11241100x8000000000000000365444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1e0cd74310182e2021-12-21 10:30:55.452root 11241100x8000000000000000365445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.452{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c60b5b4490c65a72021-12-21 10:30:55.452root 11241100x8000000000000000365446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c14ff0bd3a574b562021-12-21 10:30:55.453root 11241100x8000000000000000365447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.874efbf7f262fa5e2021-12-21 10:30:55.453root 11241100x8000000000000000365448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8e6610ec786c7702021-12-21 10:30:55.453root 11241100x8000000000000000365449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.627cca58365ea4d62021-12-21 10:30:55.453root 11241100x8000000000000000365450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.453{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a2947e7b45743f2021-12-21 10:30:55.453root 11241100x8000000000000000365451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aefecb8efd95225a2021-12-21 10:30:55.454root 11241100x8000000000000000365452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.454{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe806cb695f75a12021-12-21 10:30:55.454root 11241100x8000000000000000365453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0df5f6d22915613a2021-12-21 10:30:55.943root 11241100x8000000000000000365454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b379623d10ffbd42021-12-21 10:30:55.943root 11241100x8000000000000000365455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6aa7432ef0b7e42021-12-21 10:30:55.943root 11241100x8000000000000000365456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792d203b4aa164c62021-12-21 10:30:55.943root 11241100x8000000000000000365457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7e96ae707344fd72021-12-21 10:30:55.943root 11241100x8000000000000000365458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98ff14f95ccdf7fd2021-12-21 10:30:55.944root 11241100x8000000000000000365459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c7263d545909f012021-12-21 10:30:55.944root 11241100x8000000000000000365460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc8dfb2a257301162021-12-21 10:30:55.944root 11241100x8000000000000000365461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4732d0989b9c5eba2021-12-21 10:30:55.944root 11241100x8000000000000000365462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0977591c18acc542021-12-21 10:30:55.944root 11241100x8000000000000000365463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d6bf212813b152b2021-12-21 10:30:55.944root 11241100x8000000000000000365464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.453a94e8b86108612021-12-21 10:30:55.945root 11241100x8000000000000000365465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29a523bce3da7b712021-12-21 10:30:55.945root 11241100x8000000000000000365466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.205f9341fd2f02272021-12-21 10:30:55.945root 11241100x8000000000000000365467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67a49722525e39ef2021-12-21 10:30:55.945root 11241100x8000000000000000365468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ff66ea3c469bff2021-12-21 10:30:55.945root 11241100x8000000000000000365469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ccf598ac9cb71b22021-12-21 10:30:55.946root 11241100x8000000000000000365470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c5b794c20bbe8562021-12-21 10:30:55.946root 11241100x8000000000000000365471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2da6efe5bec2f5fb2021-12-21 10:30:55.946root 11241100x8000000000000000365472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f728465193661a82021-12-21 10:30:55.946root 11241100x8000000000000000365473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b3ef6bf1d80f0ea2021-12-21 10:30:55.946root 11241100x8000000000000000365474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eadb745166fa8aa62021-12-21 10:30:55.947root 11241100x8000000000000000365475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2224772b9db34d5b2021-12-21 10:30:55.947root 11241100x8000000000000000365476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2d0f7c07ed43e312021-12-21 10:30:55.947root 11241100x8000000000000000365477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a92e1050eab86252021-12-21 10:30:55.947root 11241100x8000000000000000365478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ab560eac5c188532021-12-21 10:30:55.948root 11241100x8000000000000000365479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d14b0682742af02021-12-21 10:30:55.948root 11241100x8000000000000000365480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf38b2da7d304f552021-12-21 10:30:55.948root 11241100x8000000000000000365481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a0551781fc2a7432021-12-21 10:30:55.948root 11241100x8000000000000000365482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3040ba56ccdf69312021-12-21 10:30:55.948root 11241100x8000000000000000365483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26b562650066ddf92021-12-21 10:30:55.948root 11241100x8000000000000000365484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c76bf779fb624a1d2021-12-21 10:30:55.949root 11241100x8000000000000000365485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47582e551e45abe52021-12-21 10:30:55.949root 11241100x8000000000000000365486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c3609761716a892021-12-21 10:30:55.949root 11241100x8000000000000000365487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d70e70b1114e1fcc2021-12-21 10:30:55.949root 11241100x8000000000000000365488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41a74cdd347e2b22021-12-21 10:30:55.949root 11241100x8000000000000000365489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e5ecda19d7150932021-12-21 10:30:55.950root 11241100x8000000000000000365490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:55.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fd2f19a355e972e2021-12-21 10:30:55.950root 11241100x8000000000000000365491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d69a304f6733347e2021-12-21 10:30:56.443root 11241100x8000000000000000365492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99fc10c34be416452021-12-21 10:30:56.443root 11241100x8000000000000000365493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.996a5cbad358dfad2021-12-21 10:30:56.443root 11241100x8000000000000000365494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba20e02472d8ce22021-12-21 10:30:56.443root 11241100x8000000000000000365495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b38e834d1b3ba8d32021-12-21 10:30:56.444root 11241100x8000000000000000365496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a4c978e8449ca402021-12-21 10:30:56.444root 11241100x8000000000000000365497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0950449e1404ba72021-12-21 10:30:56.444root 11241100x8000000000000000365498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66852a1f41d5807a2021-12-21 10:30:56.444root 11241100x8000000000000000365499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099f92d12f5484cb2021-12-21 10:30:56.444root 11241100x8000000000000000365500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1596571775b49c572021-12-21 10:30:56.444root 11241100x8000000000000000365501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de756c4505ddd2422021-12-21 10:30:56.445root 11241100x8000000000000000365502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42b395b19a21a5412021-12-21 10:30:56.445root 11241100x8000000000000000365503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f3c9ecadecc5cd2021-12-21 10:30:56.445root 11241100x8000000000000000365504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07c8d3d794d679402021-12-21 10:30:56.445root 11241100x8000000000000000365505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add596e98b8cce7b2021-12-21 10:30:56.445root 11241100x8000000000000000365506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fc2bc9936c842622021-12-21 10:30:56.445root 11241100x8000000000000000365507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c3759d80efc54b32021-12-21 10:30:56.445root 11241100x8000000000000000365508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ab462dde698a7f2021-12-21 10:30:56.446root 11241100x8000000000000000365509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23771e50d71f6e452021-12-21 10:30:56.446root 11241100x8000000000000000365510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3da2a20dd2cfa4d52021-12-21 10:30:56.446root 11241100x8000000000000000365511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e232034d2a2ddabd2021-12-21 10:30:56.446root 11241100x8000000000000000365512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b83066c71b3ac8062021-12-21 10:30:56.446root 11241100x8000000000000000365513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e8ff2bae9e19c5d2021-12-21 10:30:56.446root 11241100x8000000000000000365514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61f70de6c099516d2021-12-21 10:30:56.447root 11241100x8000000000000000365515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0620465297d4b12021-12-21 10:30:56.447root 11241100x8000000000000000365516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc8de5a8700ffd82021-12-21 10:30:56.447root 11241100x8000000000000000365517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3279d266170ab8e72021-12-21 10:30:56.447root 11241100x8000000000000000365518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9de84ca9af11692021-12-21 10:30:56.447root 11241100x8000000000000000365519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76397e321809cc892021-12-21 10:30:56.447root 11241100x8000000000000000365520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ccc880a3d1afb8932021-12-21 10:30:56.448root 11241100x8000000000000000365521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7fec535fc732f552021-12-21 10:30:56.448root 11241100x8000000000000000365522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9e8a7dcd7508952021-12-21 10:30:56.448root 11241100x8000000000000000365523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44ddc57226bcf2522021-12-21 10:30:56.448root 11241100x8000000000000000365524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c03b973aa780fb1a2021-12-21 10:30:56.448root 11241100x8000000000000000365525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ee963b5193fbfa62021-12-21 10:30:56.448root 11241100x8000000000000000365526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b71e3077f2b19af92021-12-21 10:30:56.448root 11241100x8000000000000000365527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97098779a1a750dd2021-12-21 10:30:56.448root 11241100x8000000000000000365528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.970841dc6555363f2021-12-21 10:30:56.448root 11241100x8000000000000000365529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df357ad390ef4d4a2021-12-21 10:30:56.449root 11241100x8000000000000000365530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8afe98a298439ee22021-12-21 10:30:56.449root 11241100x8000000000000000365531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af75a3c0b9b3e8452021-12-21 10:30:56.943root 11241100x8000000000000000365532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68ba9d04219022942021-12-21 10:30:56.943root 11241100x8000000000000000365533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.925c02d9949737e32021-12-21 10:30:56.943root 11241100x8000000000000000365534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4facf63f254395052021-12-21 10:30:56.943root 11241100x8000000000000000365535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78aa7455c2ffaf412021-12-21 10:30:56.944root 11241100x8000000000000000365536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee43cab1347c17292021-12-21 10:30:56.944root 11241100x8000000000000000365537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.edec00f97cab2dd82021-12-21 10:30:56.944root 11241100x8000000000000000365538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1eac276214e27b02021-12-21 10:30:56.944root 11241100x8000000000000000365539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8edb25c795597982021-12-21 10:30:56.944root 11241100x8000000000000000365540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dd3ff9a7f1769a72021-12-21 10:30:56.945root 11241100x8000000000000000365541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca523f78e63e94fd2021-12-21 10:30:56.945root 11241100x8000000000000000365542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ee354803a457f82021-12-21 10:30:56.945root 11241100x8000000000000000365543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adc810a00bf9fa672021-12-21 10:30:56.945root 11241100x8000000000000000365544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35b8e616ebe6e6a2021-12-21 10:30:56.945root 11241100x8000000000000000365545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68257c4356cf4eee2021-12-21 10:30:56.946root 11241100x8000000000000000365546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97ec5e23c5e3b09f2021-12-21 10:30:56.946root 11241100x8000000000000000365547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66bb7d16a6ac0ecd2021-12-21 10:30:56.946root 11241100x8000000000000000365548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2eb7bbc07dc4ef42021-12-21 10:30:56.946root 11241100x8000000000000000365549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45915db9918561a2021-12-21 10:30:56.947root 11241100x8000000000000000365550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cfc60e6068e8fbd2021-12-21 10:30:56.947root 11241100x8000000000000000365551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86dcba598a1cf93b2021-12-21 10:30:56.947root 11241100x8000000000000000365552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45996e4a95618fae2021-12-21 10:30:56.947root 11241100x8000000000000000365553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c12dc2b9126634952021-12-21 10:30:56.947root 11241100x8000000000000000365554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e4f57b92e7cdf92021-12-21 10:30:56.947root 11241100x8000000000000000365555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561415dcb83f38b92021-12-21 10:30:56.948root 11241100x8000000000000000365556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13f4130476335ea92021-12-21 10:30:56.948root 11241100x8000000000000000365557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51d675ff3f7f07bf2021-12-21 10:30:56.948root 11241100x8000000000000000365558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51a4c95e2d9519282021-12-21 10:30:56.948root 11241100x8000000000000000365559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d1110ee444b25702021-12-21 10:30:56.948root 11241100x8000000000000000365560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5415b09b2c43cd392021-12-21 10:30:56.948root 11241100x8000000000000000365561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.217158cc825950772021-12-21 10:30:56.948root 11241100x8000000000000000365562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7eb7bde4ee5dfae72021-12-21 10:30:56.948root 11241100x8000000000000000365563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9fd967146fc01b12021-12-21 10:30:56.949root 11241100x8000000000000000365564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38effb65f412ae3e2021-12-21 10:30:56.949root 11241100x8000000000000000365565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e332bb0a99cb0b162021-12-21 10:30:56.949root 11241100x8000000000000000365566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:56.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b13e16f635a1d66a2021-12-21 10:30:56.949root 11241100x8000000000000000365567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2fce1979d41b51a2021-12-21 10:30:57.443root 11241100x8000000000000000365568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaf4738b9aee84e42021-12-21 10:30:57.443root 11241100x8000000000000000365569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c91770f4c6149a2021-12-21 10:30:57.444root 11241100x8000000000000000365570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bba4edb149abd682021-12-21 10:30:57.444root 11241100x8000000000000000365571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e167976d327353f2021-12-21 10:30:57.444root 11241100x8000000000000000365572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e30a30d96cb0d2422021-12-21 10:30:57.444root 11241100x8000000000000000365573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973d8515a86e92402021-12-21 10:30:57.444root 11241100x8000000000000000365574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed0c02d1834e4e6e2021-12-21 10:30:57.444root 11241100x8000000000000000365575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73a1e8eadd249c92021-12-21 10:30:57.445root 11241100x8000000000000000365576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41fe425285c111242021-12-21 10:30:57.445root 11241100x8000000000000000365577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c265fbc0725532b62021-12-21 10:30:57.445root 11241100x8000000000000000365578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ec94ba108fdb0c2021-12-21 10:30:57.445root 11241100x8000000000000000365579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0913771da079d2e92021-12-21 10:30:57.445root 11241100x8000000000000000365580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88bc6a4e72b669212021-12-21 10:30:57.445root 11241100x8000000000000000365581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d71e58532c16ffe2021-12-21 10:30:57.445root 11241100x8000000000000000365582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9da1c01b8a103192021-12-21 10:30:57.446root 11241100x8000000000000000365583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07b9044eea63dd212021-12-21 10:30:57.446root 11241100x8000000000000000365584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20d3be674b0883c42021-12-21 10:30:57.446root 11241100x8000000000000000365585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11fa4c2341b9a8022021-12-21 10:30:57.446root 11241100x8000000000000000365586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd8b99aac27c8ebe2021-12-21 10:30:57.446root 11241100x8000000000000000365587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f947fb3c703abff2021-12-21 10:30:57.446root 11241100x8000000000000000365588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.603420b09fbd60552021-12-21 10:30:57.446root 11241100x8000000000000000365589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7944f1c0324bf9e32021-12-21 10:30:57.447root 11241100x8000000000000000365590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3b6baea21e6cbc52021-12-21 10:30:57.447root 11241100x8000000000000000365591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42ed7d2c55732fae2021-12-21 10:30:57.447root 11241100x8000000000000000365592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e41fef979aa839122021-12-21 10:30:57.447root 11241100x8000000000000000365593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.994c6f3f93b96b182021-12-21 10:30:57.447root 11241100x8000000000000000365594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5094dc5bca6408e2021-12-21 10:30:57.447root 11241100x8000000000000000365595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab314565c8cc430a2021-12-21 10:30:57.448root 11241100x8000000000000000365596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96ff1eb11b14074d2021-12-21 10:30:57.448root 11241100x8000000000000000365597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cacdc17551481f172021-12-21 10:30:57.448root 11241100x8000000000000000365598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82788ae708a6ff4d2021-12-21 10:30:57.448root 11241100x8000000000000000365599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d41ac2a9d4d463592021-12-21 10:30:57.448root 11241100x8000000000000000365600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd5620d80a1242932021-12-21 10:30:57.448root 11241100x8000000000000000365601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f793438f8422dc432021-12-21 10:30:57.943root 11241100x8000000000000000365602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdccb7bc6dcd683a2021-12-21 10:30:57.943root 11241100x8000000000000000365603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f6cc4eb565f7dd82021-12-21 10:30:57.943root 11241100x8000000000000000365604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d71b75be29a103e2021-12-21 10:30:57.943root 11241100x8000000000000000365605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f1fd22298572ba42021-12-21 10:30:57.944root 11241100x8000000000000000365606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26f50a139b09cd242021-12-21 10:30:57.944root 11241100x8000000000000000365607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ffddf3ae395f22e2021-12-21 10:30:57.944root 11241100x8000000000000000365608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09831957fb71e2c02021-12-21 10:30:57.944root 11241100x8000000000000000365609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c414e30a31f37102021-12-21 10:30:57.944root 11241100x8000000000000000365610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ffed9d4b2b852212021-12-21 10:30:57.945root 11241100x8000000000000000365611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.939a41773265e3252021-12-21 10:30:57.945root 11241100x8000000000000000365612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6831d5e75533016e2021-12-21 10:30:57.945root 11241100x8000000000000000365613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9e1aff0e1598582021-12-21 10:30:57.945root 11241100x8000000000000000365614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9461ff0c0284182021-12-21 10:30:57.945root 11241100x8000000000000000365615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e464c5afd4734d2021-12-21 10:30:57.946root 11241100x8000000000000000365616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e13839670b8c5fa02021-12-21 10:30:57.946root 11241100x8000000000000000365617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.958499217332e5842021-12-21 10:30:57.946root 11241100x8000000000000000365618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.188ed8af877175ec2021-12-21 10:30:57.947root 11241100x8000000000000000365619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf3ce231cbee209e2021-12-21 10:30:57.947root 11241100x8000000000000000365620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fc6c614c7a3b7c02021-12-21 10:30:57.947root 11241100x8000000000000000365621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.947{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2752f276c82d4af2021-12-21 10:30:57.947root 11241100x8000000000000000365622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcacb6170ea6e36a2021-12-21 10:30:57.948root 11241100x8000000000000000365623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.948{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97a5b57cb39c28ee2021-12-21 10:30:57.948root 11241100x8000000000000000365624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ec4a2f0fd896db2021-12-21 10:30:57.949root 11241100x8000000000000000365625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.949{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4d58eeedbb77e92021-12-21 10:30:57.949root 11241100x8000000000000000365626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d8c5a89bd568cb02021-12-21 10:30:57.950root 11241100x8000000000000000365627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d59c805c1030272021-12-21 10:30:57.950root 11241100x8000000000000000365628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.950{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac67d4a3db4480e12021-12-21 10:30:57.950root 11241100x8000000000000000365629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30fb3d4b61c2d7922021-12-21 10:30:57.951root 11241100x8000000000000000365630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.951{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a197e7afad69e0012021-12-21 10:30:57.951root 11241100x8000000000000000365631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c864d2a152f011562021-12-21 10:30:57.952root 11241100x8000000000000000365632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.952{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a97176dbe94e6a22021-12-21 10:30:57.952root 11241100x8000000000000000365633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.953{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf6514c316bb82f02021-12-21 10:30:57.953root 11241100x8000000000000000365634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50db0e8342e5eb162021-12-21 10:30:57.954root 11241100x8000000000000000365635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.295faa87bda484982021-12-21 10:30:57.954root 11241100x8000000000000000365636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.954{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53831e6cb5cc68212021-12-21 10:30:57.954root 11241100x8000000000000000365637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bd68cdeec8d7a962021-12-21 10:30:57.955root 11241100x8000000000000000365638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758046cdc8f2530b2021-12-21 10:30:57.955root 11241100x8000000000000000365639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d1c080f314d0482021-12-21 10:30:57.955root 11241100x8000000000000000365640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98863ecd18d796732021-12-21 10:30:57.955root 11241100x8000000000000000365641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46f8741191e87e572021-12-21 10:30:57.955root 11241100x8000000000000000365642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9197ab7a67ac42a22021-12-21 10:30:57.955root 11241100x8000000000000000365643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.955{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b447c4eae65c57782021-12-21 10:30:57.955root 11241100x8000000000000000365644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8522975c840446d2021-12-21 10:30:57.956root 11241100x8000000000000000365645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:57.956{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba30c8fb847d35d02021-12-21 10:30:57.956root 354300x8000000000000000365646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.104{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47208-false10.0.1.12-8000- 534500x8000000000000000365647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.186{00000000-0000-0000-0000-000000000000}5739<unknown process>ubuntu 11241100x8000000000000000365648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21086fb4154a3f182021-12-21 10:30:58.443root 11241100x8000000000000000365649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32bc8031e53210462021-12-21 10:30:58.443root 11241100x8000000000000000365650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93ef3d84f0dec0232021-12-21 10:30:58.443root 11241100x8000000000000000365651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc18c4572a1e26882021-12-21 10:30:58.443root 11241100x8000000000000000365652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b9913d7dcdded462021-12-21 10:30:58.443root 11241100x8000000000000000365653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9459e8bd1f44372021-12-21 10:30:58.443root 11241100x8000000000000000365654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57b830ed2fd436422021-12-21 10:30:58.443root 11241100x8000000000000000365655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d1d1ee13c833642021-12-21 10:30:58.444root 11241100x8000000000000000365656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6e4887f7810bc1d2021-12-21 10:30:58.444root 11241100x8000000000000000365657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.271b69461103ef1b2021-12-21 10:30:58.444root 11241100x8000000000000000365658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e69f48b8d1d8ed502021-12-21 10:30:58.444root 11241100x8000000000000000365659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24cd4439b558fc8b2021-12-21 10:30:58.444root 11241100x8000000000000000365660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32f7c4d8de87471c2021-12-21 10:30:58.444root 11241100x8000000000000000365661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f60874498923b022021-12-21 10:30:58.444root 11241100x8000000000000000365662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ae647e2aeec4df02021-12-21 10:30:58.444root 11241100x8000000000000000365663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be721bb607064c732021-12-21 10:30:58.444root 11241100x8000000000000000365664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723a9c0128adc0dd2021-12-21 10:30:58.444root 11241100x8000000000000000365665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d84bdc5ce278fe932021-12-21 10:30:58.445root 11241100x8000000000000000365666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.457ec2c568223eb42021-12-21 10:30:58.445root 11241100x8000000000000000365667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c22500ef42222bdb2021-12-21 10:30:58.445root 11241100x8000000000000000365668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b0801788fff405a2021-12-21 10:30:58.445root 11241100x8000000000000000365669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e670ebb7a26c5d3c2021-12-21 10:30:58.445root 11241100x8000000000000000365670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d089efd8a6d8f7b2021-12-21 10:30:58.445root 11241100x8000000000000000365671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ba1549c3c529a22021-12-21 10:30:58.445root 11241100x8000000000000000365672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.445{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1053d628900d31e2021-12-21 10:30:58.445root 11241100x8000000000000000365673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36717c2bd2591a142021-12-21 10:30:58.446root 11241100x8000000000000000365674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d74f84f29e9e82a2021-12-21 10:30:58.446root 11241100x8000000000000000365675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bf244c181c8ea202021-12-21 10:30:58.446root 11241100x8000000000000000365676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a680ef5c3b42f8b72021-12-21 10:30:58.446root 11241100x8000000000000000365677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25e91c71cd5c7dbd2021-12-21 10:30:58.446root 11241100x8000000000000000365678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.446{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c0d35ece32a1ef52021-12-21 10:30:58.446root 11241100x8000000000000000365679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f41f14350a72fc2021-12-21 10:30:58.447root 11241100x8000000000000000365680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61c6d45ce8fd44462021-12-21 10:30:58.447root 11241100x8000000000000000365681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e071a51cdf52a9a2021-12-21 10:30:58.447root 11241100x8000000000000000365682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.493a638e88add2562021-12-21 10:30:58.447root 11241100x8000000000000000365683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19d74e771eaee5172021-12-21 10:30:58.447root 11241100x8000000000000000365684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.447{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c445f6f8b83df2c2021-12-21 10:30:58.447root 11241100x8000000000000000365685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f4f030ff43a5aa12021-12-21 10:30:58.448root 11241100x8000000000000000365686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f155aed4fedfc6d2021-12-21 10:30:58.448root 11241100x8000000000000000365687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80c6370bd910f1712021-12-21 10:30:58.448root 11241100x8000000000000000365688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acc97c84e4cd24702021-12-21 10:30:58.448root 11241100x8000000000000000365689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa67cf9c077f10c2021-12-21 10:30:58.448root 11241100x8000000000000000365690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38ea8a4cf7f4ca332021-12-21 10:30:58.448root 11241100x8000000000000000365691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.448{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d81da5c1decf2eb22021-12-21 10:30:58.448root 11241100x8000000000000000365692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6da4c7b5ff7be9392021-12-21 10:30:58.449root 11241100x8000000000000000365693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b01c8d38d35705f92021-12-21 10:30:58.449root 11241100x8000000000000000365694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26a7c70fcf29d9ca2021-12-21 10:30:58.449root 11241100x8000000000000000365695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5472287bd801d0c72021-12-21 10:30:58.449root 11241100x8000000000000000365696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddfe1f7ddcde76bb2021-12-21 10:30:58.449root 11241100x8000000000000000365697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b1afeaba15c5f302021-12-21 10:30:58.449root 11241100x8000000000000000365698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5dd802c03a535592021-12-21 10:30:58.449root 11241100x8000000000000000365699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66402f76c107b03e2021-12-21 10:30:58.449root 11241100x8000000000000000365700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.449{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eab06bb59c2021a2021-12-21 10:30:58.449root 11241100x8000000000000000365701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a8fb00689732cf2021-12-21 10:30:58.450root 11241100x8000000000000000365702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9962f27060f7c802021-12-21 10:30:58.450root 11241100x8000000000000000365703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3f3fe02cb8bf5e92021-12-21 10:30:58.450root 11241100x8000000000000000365704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc16eea5a5feda542021-12-21 10:30:58.450root 11241100x8000000000000000365705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.319aea41098dfc9c2021-12-21 10:30:58.450root 11241100x8000000000000000365706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.547401eff25228d92021-12-21 10:30:58.450root 11241100x8000000000000000365707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b88fe0073b43cbc52021-12-21 10:30:58.450root 11241100x8000000000000000365708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06944473321a31a22021-12-21 10:30:58.450root 11241100x8000000000000000365709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ffbe70b03900875b2021-12-21 10:30:58.450root 11241100x8000000000000000365710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.450{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.035d54a7bd2325972021-12-21 10:30:58.450root 11241100x8000000000000000365711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65c4cd1d652ca1b82021-12-21 10:30:58.451root 11241100x8000000000000000365712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f25e0663e53f8e42021-12-21 10:30:58.451root 11241100x8000000000000000365713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.451{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaf505693f6dfb572021-12-21 10:30:58.451root 154100x8000000000000000365714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.678{ec2b6afe-ace2-61c1-080e-e4b5bf550000}5740/usr/bin/sudo-----sudo ./run_mod.sh/home/ubuntuubuntu{ec2b6afe-aacb-61c1-e803-000000000000}10006no level-{ec2b6afe-aacb-61c1-0834-fdd63c560000}5677/bin/bash-bashubuntu 354300x8000000000000000365715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.683{ec2b6afe-ace2-61c1-080e-e4b5bf550000}5740/usr/bin/sudoubuntuudptruefalse127.0.0.1-43988-false127.0.0.53-53- 354300x8000000000000000365716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.684{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudpfalsefalse0.0.0.0-0-false127.0.0.53-53- 354300x8000000000000000365717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.684{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-43002-false10.0.0.2-53- 354300x8000000000000000365718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.684{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-55127-false10.0.0.2-53- 354300x8000000000000000365719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.685{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudpfalsefalse10.0.0.2-53-false10.0.1.25-55127- 354300x8000000000000000365720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.685{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-43988- 354300x8000000000000000365721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.685{ec2b6afe-ace2-61c1-080e-e4b5bf550000}5740/usr/bin/sudoubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-43988- 354300x8000000000000000365722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.696{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudpfalsefalse10.0.0.2-53-false10.0.1.25-43002- 354300x8000000000000000365723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.696{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-54304- 354300x8000000000000000365724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.696{ec2b6afe-ace2-61c1-080e-e4b5bf550000}5740/usr/bin/sudoubuntuudptruefalse127.0.0.1-54304-false127.0.0.53-53- 11241100x8000000000000000365725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e933f94c1a46ff02021-12-21 10:30:58.697root 11241100x8000000000000000365726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f531b3b912f51f432021-12-21 10:30:58.697root 11241100x8000000000000000365727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb333bb22da641582021-12-21 10:30:58.697root 11241100x8000000000000000365728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b841162ea0d0a6972021-12-21 10:30:58.697root 11241100x8000000000000000365729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91b52abc7aeac7f32021-12-21 10:30:58.697root 11241100x8000000000000000365730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7fb957a2eec48492021-12-21 10:30:58.697root 11241100x8000000000000000365731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ff49c146c5a794e2021-12-21 10:30:58.697root 11241100x8000000000000000365732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f8aeacf293863e32021-12-21 10:30:58.697root 11241100x8000000000000000365733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3573c06e26c97ee72021-12-21 10:30:58.697root 11241100x8000000000000000365734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d848bfe92a35f82021-12-21 10:30:58.698root 11241100x8000000000000000365735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3435cbd619da2902021-12-21 10:30:58.698root 11241100x8000000000000000365736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a863091e5cb686352021-12-21 10:30:58.698root 11241100x8000000000000000365737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7710fed6bdc32c72021-12-21 10:30:58.698root 11241100x8000000000000000365738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8820f0e3cf9464312021-12-21 10:30:58.698root 11241100x8000000000000000365739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45164969b226007a2021-12-21 10:30:58.698root 11241100x8000000000000000365740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7cc6479face1c9a2021-12-21 10:30:58.699root 11241100x8000000000000000365741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99485a176da46a7e2021-12-21 10:30:58.699root 11241100x8000000000000000365742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1582b9c23d52f71f2021-12-21 10:30:58.699root 11241100x8000000000000000365743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.234d24a24c0ec3ba2021-12-21 10:30:58.699root 11241100x8000000000000000365744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70cf25c121f336172021-12-21 10:30:58.699root 154100x8000000000000000365745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.699{ec2b6afe-ace2-61c1-68e2-1c7b29560000}5741/bin/dash-----sh ./run_mod.sh/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-ace2-61c1-080e-e4b5bf550000}5740/usr/bin/sudosudoubuntu 11241100x8000000000000000365746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d92106821ad1c12021-12-21 10:30:58.700root 11241100x8000000000000000365747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d125e47ee028f62a2021-12-21 10:30:58.700root 11241100x8000000000000000365748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56410456d4fdd7392021-12-21 10:30:58.700root 11241100x8000000000000000365749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c92e7d0528ed302f2021-12-21 10:30:58.700root 11241100x8000000000000000365750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e09e2af495ec9fc22021-12-21 10:30:58.701root 11241100x8000000000000000365751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d93fabe6e73dc7e52021-12-21 10:30:58.701root 154100x8000000000000000365752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.700{ec2b6afe-ace2-61c1-6882-34a126560000}5742/bin/dash-----sh ./mod_sudoer.sh/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-ace2-61c1-68e2-1c7b29560000}5741/bin/dashshroot 11241100x8000000000000000365753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.488efb8ee3d699f02021-12-21 10:30:58.701root 11241100x8000000000000000365754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdbb45f64ed597f42021-12-21 10:30:58.701root 11241100x8000000000000000365755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d37e5767313b23552021-12-21 10:30:58.701root 11241100x8000000000000000365756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f5949e8717e4e412021-12-21 10:30:58.701root 11241100x8000000000000000365757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3cf8d63d4e028c12021-12-21 10:30:58.701root 11241100x8000000000000000365758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e988ff977f62c3c2021-12-21 10:30:58.701root 11241100x8000000000000000365759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3569cf32c1b6c0872021-12-21 10:30:58.702root 154100x8000000000000000365760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.701{ec2b6afe-ace2-61c1-083e-be9f37560000}5743/usr/bin/sudo-----sudo echo evil_user ALL=(ALL) NOPASSWD: ALL/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-ace2-61c1-6882-34a126560000}5742/bin/dashshroot 11241100x8000000000000000365761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d24bba5bf0182b992021-12-21 10:30:58.702root 11241100x8000000000000000365762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14db92e3610ede232021-12-21 10:30:58.702root 11241100x8000000000000000365763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91c95feb238ce01d2021-12-21 10:30:58.702root 11241100x8000000000000000365764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92edfda15f49d6522021-12-21 10:30:58.702root 11241100x8000000000000000365765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a74e4bdfe619b8a82021-12-21 10:30:58.702root 11241100x8000000000000000365766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105e3e54be7868252021-12-21 10:30:58.702root 11241100x8000000000000000365767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9952b0ae0035b1692021-12-21 10:30:58.703root 11241100x8000000000000000365768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28dcd254717ff6962021-12-21 10:30:58.703root 11241100x8000000000000000365769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a0c62baa8052ef92021-12-21 10:30:58.703root 11241100x8000000000000000365770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d79f2e80cfaa38ac2021-12-21 10:30:58.703root 11241100x8000000000000000365771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.02136df582c0291f2021-12-21 10:30:58.703root 11241100x8000000000000000365772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2be492aad0db914b2021-12-21 10:30:58.703root 11241100x8000000000000000365773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1791d56856a71e642021-12-21 10:30:58.703root 11241100x8000000000000000365774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3822a275b6a5b9732021-12-21 10:30:58.704root 11241100x8000000000000000365775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bccf35766d476c12021-12-21 10:30:58.704root 11241100x8000000000000000365776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.834b0a6a4a689a402021-12-21 10:30:58.704root 11241100x8000000000000000365777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad22fc81b9df103d2021-12-21 10:30:58.704root 11241100x8000000000000000365778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a69088cdd725f53e2021-12-21 10:30:58.705root 11241100x8000000000000000365779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e5878a537618e502021-12-21 10:30:58.705root 11241100x8000000000000000365780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.071d25acf8243dfc2021-12-21 10:30:58.705root 11241100x8000000000000000365781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.675643779b3ef4fc2021-12-21 10:30:58.705root 11241100x8000000000000000365782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9694e006671f53722021-12-21 10:30:58.705root 11241100x8000000000000000365783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47dd760047cffc792021-12-21 10:30:58.705root 354300x8000000000000000365784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.705{ec2b6afe-ace2-61c1-083e-be9f37560000}5743/usr/bin/sudorootudptruefalse127.0.0.1-53687-false127.0.0.53-53- 354300x8000000000000000365785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.706{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-42987-false10.0.0.2-53- 354300x8000000000000000365786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.706{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-44847-false10.0.0.2-53- 354300x8000000000000000365787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.706{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-53687- 11241100x8000000000000000365788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.050bd798e038fab92021-12-21 10:30:58.706root 11241100x8000000000000000365789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a47105d3cfb693392021-12-21 10:30:58.706root 11241100x8000000000000000365790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7e60a85684477d2021-12-21 10:30:58.706root 354300x8000000000000000365791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.706{ec2b6afe-ace2-61c1-083e-be9f37560000}5743/usr/bin/sudorootudpfalsefalse127.0.0.53-53-false127.0.0.1-49901- 354300x8000000000000000365792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.706{ec2b6afe-ace2-61c1-083e-be9f37560000}5743/usr/bin/sudorootudptruefalse127.0.0.1-49901-false127.0.0.53-53- 354300x8000000000000000365793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.706{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-49901- 11241100x8000000000000000365794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03830b6d5297e8512021-12-21 10:30:58.706root 11241100x8000000000000000365795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3fe42661a0ad52f52021-12-21 10:30:58.707root 11241100x8000000000000000365796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1efb286fa70b3cab2021-12-21 10:30:58.707root 11241100x8000000000000000365797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f749f9bd4b51bf2021-12-21 10:30:58.707root 11241100x8000000000000000365798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.223becbcfcfe167a2021-12-21 10:30:58.707root 11241100x8000000000000000365799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96cdfcdccbaea4472021-12-21 10:30:58.707root 11241100x8000000000000000365800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.558de2e91a65b19c2021-12-21 10:30:58.708root 11241100x8000000000000000365801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab54770a6af8d70b2021-12-21 10:30:58.708root 11241100x8000000000000000365802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.786b6f95ab118ceb2021-12-21 10:30:58.708root 11241100x8000000000000000365803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c54df3019b5a7d762021-12-21 10:30:58.708root 11241100x8000000000000000365804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be0a394a81f7acfd2021-12-21 10:30:58.708root 11241100x8000000000000000365805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.babe24ff284d294c2021-12-21 10:30:58.708root 11241100x8000000000000000365806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14a1b55812fb42822021-12-21 10:30:58.709root 11241100x8000000000000000365807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bb44c25708565722021-12-21 10:30:58.709root 11241100x8000000000000000365808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.105c0884fff2c71d2021-12-21 10:30:58.709root 11241100x8000000000000000365809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc2b8e80d31d51a52021-12-21 10:30:58.709root 11241100x8000000000000000365810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6005f4bb0f1fbeef2021-12-21 10:30:58.709root 11241100x8000000000000000365811Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d489ec491729d5832021-12-21 10:30:58.709root 11241100x8000000000000000365812Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fef1ed496992fcb2021-12-21 10:30:58.709root 11241100x8000000000000000365813Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0fc1455ba7df11c2021-12-21 10:30:58.709root 11241100x8000000000000000365814Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2647dcbe27d42df2021-12-21 10:30:58.710root 11241100x8000000000000000365815Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e234c5ba04f415a2021-12-21 10:30:58.710root 11241100x8000000000000000365816Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.23e9924640c0a4562021-12-21 10:30:58.710root 11241100x8000000000000000365817Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c5b1db6d42f66f92021-12-21 10:30:58.710root 11241100x8000000000000000365818Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d63676d65a8f832021-12-21 10:30:58.710root 11241100x8000000000000000365819Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bcf52f106ec74ff2021-12-21 10:30:58.710root 11241100x8000000000000000365820Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2b7776f3c80d75f2021-12-21 10:30:58.710root 11241100x8000000000000000365821Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f3b87f9238ecf302021-12-21 10:30:58.710root 11241100x8000000000000000365822Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d3634bca7a5e8832021-12-21 10:30:58.710root 11241100x8000000000000000365823Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f257351244e56b62021-12-21 10:30:58.710root 11241100x8000000000000000365824Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18d6d7e2ccfb03b62021-12-21 10:30:58.711root 11241100x8000000000000000365825Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950695117ed502482021-12-21 10:30:58.711root 154100x8000000000000000365826Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.709{ec2b6afe-ace2-61c1-d8fd-03ff39560000}5744/bin/echo-----echo evil_user ALL=(ALL) NOPASSWD: ALL/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-ace2-61c1-083e-be9f37560000}5743/usr/bin/sudosudoroot 534500x8000000000000000365827Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.712{ec2b6afe-ace2-61c1-d8fd-03ff39560000}5744/bin/echoroot 11241100x8000000000000000365828Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f55429f6387e55c62021-12-21 10:30:58.711root 11241100x8000000000000000365829Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b97886ec72ea9eb2021-12-21 10:30:58.711root 11241100x8000000000000000365830Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f66d7cbe22dc862021-12-21 10:30:58.712root 11241100x8000000000000000365831Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ca295cb83a25c8c2021-12-21 10:30:58.712root 11241100x8000000000000000365832Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b786b2a78c26367e2021-12-21 10:30:58.713root 11241100x8000000000000000365833Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8483bc1c362fad792021-12-21 10:30:58.713root 534500x8000000000000000365834Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.713{ec2b6afe-ace2-61c1-083e-be9f37560000}5743/usr/bin/sudoroot 11241100x8000000000000000365835Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a2d2c19611811932021-12-21 10:30:58.713root 11241100x8000000000000000365836Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2291e7c762cc8892021-12-21 10:30:58.713root 11241100x8000000000000000365837Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711882635bd84d782021-12-21 10:30:58.713root 11241100x8000000000000000365838Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf158870f0cf06e22021-12-21 10:30:58.713root 154100x8000000000000000365839Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.713{ec2b6afe-ace2-61c1-085e-979262550000}5745/usr/bin/sudo-----sudo echo root ALL=(ALL) NOPASSWD: ALL/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-ace2-61c1-6882-34a126560000}5742/bin/dashshroot 11241100x8000000000000000365840Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fe7260ec6cb46e42021-12-21 10:30:58.714root 11241100x8000000000000000365841Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8c07d17732910f92021-12-21 10:30:58.714root 11241100x8000000000000000365842Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75d2b8aa8fe6bd5e2021-12-21 10:30:58.714root 11241100x8000000000000000365843Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cccc99dd1bc4c21b2021-12-21 10:30:58.714root 11241100x8000000000000000365844Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9427239159364b72021-12-21 10:30:58.714root 11241100x8000000000000000365845Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d58dc8b6674bbaa2021-12-21 10:30:58.714root 11241100x8000000000000000365846Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.092050b1a1d34c742021-12-21 10:30:58.715root 11241100x8000000000000000365847Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.040d487016946a4c2021-12-21 10:30:58.715root 11241100x8000000000000000365848Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92c0c9ecade1d76c2021-12-21 10:30:58.715root 11241100x8000000000000000365849Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bce4da11d3a8f2682021-12-21 10:30:58.715root 11241100x8000000000000000365850Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e16d25a15e5c77c2021-12-21 10:30:58.715root 11241100x8000000000000000365851Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a73a1057a7c8a7662021-12-21 10:30:58.715root 11241100x8000000000000000365852Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8b4b64617f808292021-12-21 10:30:58.715root 11241100x8000000000000000365853Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d1c905858decad42021-12-21 10:30:58.715root 11241100x8000000000000000365854Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58c81e5d1c94f5b02021-12-21 10:30:58.716root 11241100x8000000000000000365855Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f629fbad76d41762021-12-21 10:30:58.716root 11241100x8000000000000000365856Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfc043d22c9f57a22021-12-21 10:30:58.716root 11241100x8000000000000000365857Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d07134a4bbc1a1c02021-12-21 10:30:58.716root 11241100x8000000000000000365858Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a2016fae73d50a2021-12-21 10:30:58.716root 354300x8000000000000000365859Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.718{ec2b6afe-ace2-61c1-085e-979262550000}5745/usr/bin/sudorootudptruefalse127.0.0.1-37782-false127.0.0.53-53- 354300x8000000000000000365860Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.719{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-43319-false10.0.0.2-53- 354300x8000000000000000365861Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.719{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.25-56496-false10.0.0.2-53- 354300x8000000000000000365862Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.719{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-37782- 354300x8000000000000000365863Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.719{ec2b6afe-ace2-61c1-085e-979262550000}5745/usr/bin/sudorootudpfalsefalse127.0.0.53-53-false127.0.0.1-37782- 354300x8000000000000000365864Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.719{ec2b6afe-ace2-61c1-085e-979262550000}5745/usr/bin/sudorootudptruefalse127.0.0.1-43260-false127.0.0.53-53- 354300x8000000000000000365865Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.720{ec2b6afe-9247-61c1-c097-2e4cb4550000}2604/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-43260- 154100x8000000000000000365866Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.723{ec2b6afe-ace2-61c1-d87d-83b39c550000}5746/bin/echo-----echo root ALL=(ALL) NOPASSWD: ALL/home/ubunturoot{ec2b6afe-0000-0000-0000-000000000000}06no level-{ec2b6afe-ace2-61c1-085e-979262550000}5745/usr/bin/sudosudoroot 534500x8000000000000000365867Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.724{ec2b6afe-ace2-61c1-d87d-83b39c550000}5746/bin/echoroot 534500x8000000000000000365868Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.725{ec2b6afe-ace2-61c1-085e-979262550000}5745/usr/bin/sudoroot 534500x8000000000000000365869Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.725{ec2b6afe-ace2-61c1-6882-34a126560000}5742/bin/dashroot 534500x8000000000000000365870Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.725{ec2b6afe-ace2-61c1-68e2-1c7b29560000}5741/bin/dashroot 534500x8000000000000000365871Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:58.727{ec2b6afe-ace2-61c1-080e-e4b5bf550000}5740/usr/bin/sudoroot 11241100x8000000000000000365872Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c06e64f1409e09f52021-12-21 10:30:59.192root 11241100x8000000000000000365873Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.068171a5979a37042021-12-21 10:30:59.193root 11241100x8000000000000000365874Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b3de7fb8a1f94682021-12-21 10:30:59.193root 11241100x8000000000000000365875Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.122cfcd83a22a4e42021-12-21 10:30:59.193root 11241100x8000000000000000365876Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fb2d027b05c92f2021-12-21 10:30:59.193root 11241100x8000000000000000365877Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70fa912f0ba309922021-12-21 10:30:59.193root 11241100x8000000000000000365878Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c79f91c63742368b2021-12-21 10:30:59.193root 11241100x8000000000000000365879Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68caec21b85de21d2021-12-21 10:30:59.193root 11241100x8000000000000000365880Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9129fd50c2822f802021-12-21 10:30:59.193root 11241100x8000000000000000365881Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1fe7a0e57bcfe02021-12-21 10:30:59.193root 11241100x8000000000000000365882Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b1b912a9a9922c2021-12-21 10:30:59.194root 11241100x8000000000000000365883Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354354caaef573382021-12-21 10:30:59.194root 11241100x8000000000000000365884Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ee63b8ed2f67e322021-12-21 10:30:59.194root 11241100x8000000000000000365885Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68f54728d3c90cfa2021-12-21 10:30:59.194root 11241100x8000000000000000365886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff8e67d4a2777c712021-12-21 10:30:59.194root 11241100x8000000000000000365887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abb0680905f895652021-12-21 10:30:59.194root 11241100x8000000000000000365888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.747da285eb36d1ec2021-12-21 10:30:59.194root 11241100x8000000000000000365889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ae04ead80bf791a2021-12-21 10:30:59.194root 11241100x8000000000000000365890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54fff1007cb6e99e2021-12-21 10:30:59.194root 11241100x8000000000000000365891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2339f9017485b06a2021-12-21 10:30:59.195root 11241100x8000000000000000365892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.955391effbc4b5302021-12-21 10:30:59.195root 11241100x8000000000000000365893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1599e747da16aa5f2021-12-21 10:30:59.195root 11241100x8000000000000000365894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5cfda2e8daf3c8d2021-12-21 10:30:59.195root 11241100x8000000000000000365895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38a6dc0415cbb4c22021-12-21 10:30:59.195root 11241100x8000000000000000365896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b9de7774042d52e2021-12-21 10:30:59.195root 11241100x8000000000000000365897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca7c36325fb217e32021-12-21 10:30:59.196root 11241100x8000000000000000365898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c6508d2f88494c102021-12-21 10:30:59.196root 11241100x8000000000000000365899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f02c5b7490892582021-12-21 10:30:59.196root 11241100x8000000000000000365900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb5a7cb7d0d050652021-12-21 10:30:59.197root 11241100x8000000000000000365901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d47c17c494acd32021-12-21 10:30:59.197root 11241100x8000000000000000365902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abf20fabbf01c9a2021-12-21 10:30:59.197root 11241100x8000000000000000365903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.293d1e15609932b52021-12-21 10:30:59.198root 11241100x8000000000000000365904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.318f4f1e0ff3e3b12021-12-21 10:30:59.198root 11241100x8000000000000000365905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f4ff0b5bd8acf2d2021-12-21 10:30:59.198root 11241100x8000000000000000365906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2931425acb3838242021-12-21 10:30:59.199root 11241100x8000000000000000365907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c929818c6556eb2021-12-21 10:30:59.199root 11241100x8000000000000000365908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e887a4e03cfa5512021-12-21 10:30:59.199root 11241100x8000000000000000365909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad09b43a2c16af572021-12-21 10:30:59.199root 11241100x8000000000000000365910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a620e728df2e3e2021-12-21 10:30:59.200root 11241100x8000000000000000365911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c6041ae5d2eae22021-12-21 10:30:59.200root 11241100x8000000000000000365912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10238bc58388af8d2021-12-21 10:30:59.200root 11241100x8000000000000000365913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99b25845a5b4c7742021-12-21 10:30:59.201root 11241100x8000000000000000365914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279312b190e340382021-12-21 10:30:59.201root 11241100x8000000000000000365915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e26be82cb6a281652021-12-21 10:30:59.201root 11241100x8000000000000000365916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da42c754e720e16c2021-12-21 10:30:59.201root 11241100x8000000000000000365917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d01743986135f452021-12-21 10:30:59.202root 11241100x8000000000000000365918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8383cee54b2cb082021-12-21 10:30:59.202root 11241100x8000000000000000365919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ae5271d4273e82e2021-12-21 10:30:59.203root 11241100x8000000000000000365920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3ddbe74db12fcf52021-12-21 10:30:59.203root 11241100x8000000000000000365921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a623f59ada47e7f2021-12-21 10:30:59.203root 11241100x8000000000000000365922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17e59a322ec7eaf32021-12-21 10:30:59.204root 11241100x8000000000000000365923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8474ee88012f557c2021-12-21 10:30:59.204root 11241100x8000000000000000365924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea9c4d1bf1c0946a2021-12-21 10:30:59.204root 11241100x8000000000000000365925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22977999f742a8ec2021-12-21 10:30:59.205root 11241100x8000000000000000365926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a66561c58d151282021-12-21 10:30:59.205root 11241100x8000000000000000365927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.acbfbef15c7690382021-12-21 10:30:59.205root 11241100x8000000000000000365928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a45df57451f6f7ab2021-12-21 10:30:59.205root 11241100x8000000000000000365929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a5ee66fb91362c2021-12-21 10:30:59.205root 11241100x8000000000000000365930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a337595d7694c40b2021-12-21 10:30:59.206root 11241100x8000000000000000365931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.148592f1051116b42021-12-21 10:30:59.206root 11241100x8000000000000000365932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25a02ddba41ac6b02021-12-21 10:30:59.206root 11241100x8000000000000000365933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2428ec77f03303c32021-12-21 10:30:59.206root 11241100x8000000000000000365934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8c1a8023cd6fc2a2021-12-21 10:30:59.206root 11241100x8000000000000000365935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ee9dfbca94fe4ed2021-12-21 10:30:59.206root 11241100x8000000000000000365936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.869bd1a8027d79742021-12-21 10:30:59.207root 11241100x8000000000000000365937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4dbc06bb0d1862632021-12-21 10:30:59.207root 11241100x8000000000000000365938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075c6195ffeb274e2021-12-21 10:30:59.207root 11241100x8000000000000000365939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25dffca03ce598162021-12-21 10:30:59.207root 11241100x8000000000000000365940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0ffc1134bc128622021-12-21 10:30:59.207root 11241100x8000000000000000365941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0be7365ca78128f62021-12-21 10:30:59.207root 11241100x8000000000000000365942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac69e375bf8c239e2021-12-21 10:30:59.208root 11241100x8000000000000000365943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58df65ac189f8aa02021-12-21 10:30:59.208root 11241100x8000000000000000365944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.934408f7505b678e2021-12-21 10:30:59.208root 11241100x8000000000000000365945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a190021e240bac112021-12-21 10:30:59.208root 11241100x8000000000000000365946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9372f97fdeb5e02021-12-21 10:30:59.208root 11241100x8000000000000000365947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.faf896551f963da82021-12-21 10:30:59.208root 11241100x8000000000000000365948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4c005e62c89e2a2021-12-21 10:30:59.208root 11241100x8000000000000000365949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd38ea1d987ff0c02021-12-21 10:30:59.208root 11241100x8000000000000000365950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc1245d9da8747f2021-12-21 10:30:59.209root 11241100x8000000000000000365951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9773112f59637822021-12-21 10:30:59.209root 11241100x8000000000000000365952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dcdbef4d99be8332021-12-21 10:30:59.209root 11241100x8000000000000000365953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ecaabfa1b0692992021-12-21 10:30:59.209root 11241100x8000000000000000365954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4401475142fa3aa2021-12-21 10:30:59.209root 11241100x8000000000000000365955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c8f1d90ec2836f82021-12-21 10:30:59.209root 11241100x8000000000000000365956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.726af5eccceebe732021-12-21 10:30:59.209root 11241100x8000000000000000365957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea71f448bb9eca172021-12-21 10:30:59.209root 11241100x8000000000000000365958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9c088c390f6eb562021-12-21 10:30:59.209root 11241100x8000000000000000365959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c10fe058870d27e2021-12-21 10:30:59.209root 11241100x8000000000000000365960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946a171af1acb5de2021-12-21 10:30:59.210root 11241100x8000000000000000365961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4737dc9bccb9e1782021-12-21 10:30:59.210root 11241100x8000000000000000365962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f24cb1ea70d439f2021-12-21 10:30:59.210root 11241100x8000000000000000365963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa7a54cd99fd90fb2021-12-21 10:30:59.210root 11241100x8000000000000000365964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07314067bbc7920e2021-12-21 10:30:59.210root 11241100x8000000000000000365965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2d150100e87caa82021-12-21 10:30:59.210root 11241100x8000000000000000365966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a440ae4bfd0382192021-12-21 10:30:59.210root 11241100x8000000000000000365967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fe8a26fc3207d362021-12-21 10:30:59.210root 11241100x8000000000000000365968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f4903256a5659132021-12-21 10:30:59.210root 11241100x8000000000000000365969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c95659b94d53b8192021-12-21 10:30:59.211root 11241100x8000000000000000365970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.922ab623b5b19e292021-12-21 10:30:59.211root 11241100x8000000000000000365971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a1dfa8d3c009872021-12-21 10:30:59.211root 11241100x8000000000000000365972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56d737e05b1e984f2021-12-21 10:30:59.211root 11241100x8000000000000000365973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93b0dd2dc7809a492021-12-21 10:30:59.211root 11241100x8000000000000000365974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9d5e87b7f3734e42021-12-21 10:30:59.211root 11241100x8000000000000000365975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a67441e4dcb10d542021-12-21 10:30:59.211root 11241100x8000000000000000365976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8715f0eba85c88422021-12-21 10:30:59.211root 11241100x8000000000000000365977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c500573b052ba42021-12-21 10:30:59.211root 11241100x8000000000000000365978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e86e5c1c4bd3f0722021-12-21 10:30:59.211root 11241100x8000000000000000365979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30beab42f0da17e22021-12-21 10:30:59.211root 11241100x8000000000000000365980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb2a7044943d93572021-12-21 10:30:59.212root 11241100x8000000000000000365981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf9ce996ae739112021-12-21 10:30:59.212root 11241100x8000000000000000365982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6714602dcc6631752021-12-21 10:30:59.212root 11241100x8000000000000000365983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4ffb4f8d3bd9b22021-12-21 10:30:59.212root 11241100x8000000000000000365984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5110b6e6946577172021-12-21 10:30:59.212root 11241100x8000000000000000365985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6d8a0f0b86ae692021-12-21 10:30:59.212root 11241100x8000000000000000365986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6f59daebbc077c02021-12-21 10:30:59.212root 11241100x8000000000000000365987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f38d8d236e2b6ab82021-12-21 10:30:59.212root 11241100x8000000000000000365988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c307c14705e471cb2021-12-21 10:30:59.212root 11241100x8000000000000000365989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7313886d5278a0f62021-12-21 10:30:59.212root 11241100x8000000000000000365990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d82ed1553987bdf2021-12-21 10:30:59.212root 11241100x8000000000000000365991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6e948afb396ada42021-12-21 10:30:59.212root 11241100x8000000000000000365992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd274d39ca78a9f2021-12-21 10:30:59.213root 11241100x8000000000000000365993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c67805071b5db65e2021-12-21 10:30:59.213root 11241100x8000000000000000365994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ffca0439d0f42662021-12-21 10:30:59.213root 11241100x8000000000000000365995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984d4ee6ac89370e2021-12-21 10:30:59.213root 11241100x8000000000000000365996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.479bb90efa8452382021-12-21 10:30:59.214root 11241100x8000000000000000365997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b95914505e43c0cd2021-12-21 10:30:59.214root 11241100x8000000000000000365998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6513a099bdba58de2021-12-21 10:30:59.214root 11241100x8000000000000000365999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2400f62ee15e39e12021-12-21 10:30:59.214root 11241100x8000000000000000366000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d40449cabd6500f12021-12-21 10:30:59.214root 11241100x8000000000000000366001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22e28ee014d8a5ee2021-12-21 10:30:59.214root 11241100x8000000000000000366002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e16cc8329d31fe682021-12-21 10:30:59.214root 11241100x8000000000000000366003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38e8b07a79f9ce512021-12-21 10:30:59.214root 11241100x8000000000000000366004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a91f0ac745f85e422021-12-21 10:30:59.214root 11241100x8000000000000000366005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04335b0460d2c94f2021-12-21 10:30:59.214root 11241100x8000000000000000366006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c476d812f134b8f32021-12-21 10:30:59.214root 11241100x8000000000000000366007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a6020b97562c6252021-12-21 10:30:59.214root 11241100x8000000000000000366008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be2bd1f1ab6881782021-12-21 10:30:59.214root 11241100x8000000000000000366009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.214{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c87ec8a172c58e32021-12-21 10:30:59.214root 11241100x8000000000000000366010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f588a8cfda972da92021-12-21 10:30:59.215root 11241100x8000000000000000366011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8da45e8cb93be1012021-12-21 10:30:59.215root 11241100x8000000000000000366012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6cbec498ca99a5e2021-12-21 10:30:59.215root 11241100x8000000000000000366013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.335b9b54b179323a2021-12-21 10:30:59.215root 11241100x8000000000000000366014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62145d40643950bd2021-12-21 10:30:59.215root 11241100x8000000000000000366015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.209d297e3d4349042021-12-21 10:30:59.215root 11241100x8000000000000000366016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0198b071acd0f1942021-12-21 10:30:59.215root 11241100x8000000000000000366017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9122d038f1f85ea72021-12-21 10:30:59.215root 11241100x8000000000000000366018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2915951809df1ba52021-12-21 10:30:59.215root 11241100x8000000000000000366019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8492188bda079ce2021-12-21 10:30:59.215root 11241100x8000000000000000366020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fea4e1804dc9284d2021-12-21 10:30:59.215root 11241100x8000000000000000366021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81cb1c10c5294d162021-12-21 10:30:59.215root 11241100x8000000000000000366022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.215{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d3cc582b8bc33062021-12-21 10:30:59.215root 11241100x8000000000000000366023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ea92cf784bb382e2021-12-21 10:30:59.216root 11241100x8000000000000000366024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a325c6ebcf308dd2021-12-21 10:30:59.216root 11241100x8000000000000000366025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87110f699e4617c2021-12-21 10:30:59.216root 11241100x8000000000000000366026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a1d858c9319e5512021-12-21 10:30:59.216root 11241100x8000000000000000366027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03829b6e95ac378b2021-12-21 10:30:59.216root 11241100x8000000000000000366028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8a750ebdc1967452021-12-21 10:30:59.216root 11241100x8000000000000000366029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdb31c5a221961a62021-12-21 10:30:59.216root 11241100x8000000000000000366030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8df58b0ce48611d2021-12-21 10:30:59.216root 11241100x8000000000000000366031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d34a0c212a907192021-12-21 10:30:59.216root 11241100x8000000000000000366032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1660085e32b631582021-12-21 10:30:59.216root 11241100x8000000000000000366033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b04b5cf84b72aa82021-12-21 10:30:59.216root 11241100x8000000000000000366034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3688373e09c41e812021-12-21 10:30:59.216root 11241100x8000000000000000366035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.216{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87f6cee52768f5a72021-12-21 10:30:59.216root 11241100x8000000000000000366036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b1396d04bbe53012021-12-21 10:30:59.217root 11241100x8000000000000000366037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b47f998352ffb4f2021-12-21 10:30:59.217root 11241100x8000000000000000366038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d74c15030ebd59f12021-12-21 10:30:59.217root 11241100x8000000000000000366039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cc0c107bf38fb882021-12-21 10:30:59.217root 11241100x8000000000000000366040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8164d053677716882021-12-21 10:30:59.217root 11241100x8000000000000000366041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f0efb632a21a9002021-12-21 10:30:59.217root 11241100x8000000000000000366042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b73bba941f933cd2021-12-21 10:30:59.217root 11241100x8000000000000000366043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed7483f236ab2372021-12-21 10:30:59.217root 11241100x8000000000000000366044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82cdea0fb35e537f2021-12-21 10:30:59.217root 11241100x8000000000000000366045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eec396db7335bf932021-12-21 10:30:59.217root 11241100x8000000000000000366046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f053d9fd73018b442021-12-21 10:30:59.217root 11241100x8000000000000000366047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83be7c3a1d4ed4602021-12-21 10:30:59.218root 11241100x8000000000000000366048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18652687e9e95ee82021-12-21 10:30:59.218root 11241100x8000000000000000366049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8860ca2a33aca7352021-12-21 10:30:59.218root 11241100x8000000000000000366050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9922ec1ef8a039452021-12-21 10:30:59.218root 11241100x8000000000000000366051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9650ae91c7eab8112021-12-21 10:30:59.693root 11241100x8000000000000000366052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9ab22d7f6aab05a2021-12-21 10:30:59.693root 11241100x8000000000000000366053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eddc9995744c4472021-12-21 10:30:59.693root 11241100x8000000000000000366054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aa46dfc4f511fe22021-12-21 10:30:59.693root 11241100x8000000000000000366055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1236d9e6a4774be2021-12-21 10:30:59.694root 11241100x8000000000000000366056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39ed47bd504013bb2021-12-21 10:30:59.694root 11241100x8000000000000000366057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9c61ebc9fdb98fa2021-12-21 10:30:59.694root 11241100x8000000000000000366058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31a7734f350f9d642021-12-21 10:30:59.694root 11241100x8000000000000000366059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d63c9ecd0572dd82021-12-21 10:30:59.694root 11241100x8000000000000000366060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99a2bb6c5b936f9e2021-12-21 10:30:59.695root 11241100x8000000000000000366061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e38c90630ed5ddb52021-12-21 10:30:59.695root 11241100x8000000000000000366062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eccb53d6671dd1d22021-12-21 10:30:59.695root 11241100x8000000000000000366063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0888db8f252941c2021-12-21 10:30:59.695root 11241100x8000000000000000366064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e370f735cdd113a72021-12-21 10:30:59.695root 11241100x8000000000000000366065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.496aaff0609b090c2021-12-21 10:30:59.695root 11241100x8000000000000000366066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.868af062f54aa58c2021-12-21 10:30:59.696root 11241100x8000000000000000366067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b513ff8db6007092021-12-21 10:30:59.696root 11241100x8000000000000000366068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f17723b649dd31a2021-12-21 10:30:59.696root 11241100x8000000000000000366069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0c305f9c6b545c92021-12-21 10:30:59.696root 11241100x8000000000000000366070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83fc687cb74a83ac2021-12-21 10:30:59.696root 11241100x8000000000000000366071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9b790c903aedbd02021-12-21 10:30:59.696root 11241100x8000000000000000366072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.167b6fe781a3ddf82021-12-21 10:30:59.696root 11241100x8000000000000000366073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.896db65bc2b1f7352021-12-21 10:30:59.696root 11241100x8000000000000000366074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9b0cf29340d38cdd2021-12-21 10:30:59.696root 11241100x8000000000000000366075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9015903931fa8502021-12-21 10:30:59.696root 11241100x8000000000000000366076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3458566a411856262021-12-21 10:30:59.696root 11241100x8000000000000000366077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4eff36c3da40c8362021-12-21 10:30:59.697root 11241100x8000000000000000366078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbf284e034c43422021-12-21 10:30:59.697root 11241100x8000000000000000366079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dba94b4aa5603ca2021-12-21 10:30:59.697root 11241100x8000000000000000366080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b04a5d45bf6cc5082021-12-21 10:30:59.697root 11241100x8000000000000000366081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f677c0c1a17e75632021-12-21 10:30:59.697root 11241100x8000000000000000366082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.534ef4251414dd2b2021-12-21 10:30:59.697root 11241100x8000000000000000366083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc51f0489ebd85c82021-12-21 10:30:59.697root 11241100x8000000000000000366084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51be8df64e6c6ed12021-12-21 10:30:59.697root 11241100x8000000000000000366085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5d5a9fce0a2531a2021-12-21 10:30:59.697root 11241100x8000000000000000366086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7eb1dc7609a2cd82021-12-21 10:30:59.697root 11241100x8000000000000000366087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48236496ba1dbb6e2021-12-21 10:30:59.698root 11241100x8000000000000000366088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8590c5be2192f932021-12-21 10:30:59.698root 11241100x8000000000000000366089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d77c77d767c47edd2021-12-21 10:30:59.698root 11241100x8000000000000000366090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.711645778d18ae242021-12-21 10:30:59.698root 11241100x8000000000000000366091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade2c5aa7063174b2021-12-21 10:30:59.698root 11241100x8000000000000000366092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.093cd74c3de4e5902021-12-21 10:30:59.698root 11241100x8000000000000000366093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b6ed0f15c57b2412021-12-21 10:30:59.698root 11241100x8000000000000000366094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8549d80770770fcb2021-12-21 10:30:59.698root 11241100x8000000000000000366095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ef2a0d4950105e2021-12-21 10:30:59.698root 11241100x8000000000000000366096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.daf647e51cc110152021-12-21 10:30:59.698root 11241100x8000000000000000366097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e6dcd37895f7d332021-12-21 10:30:59.698root 11241100x8000000000000000366098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.685aaa244ec554972021-12-21 10:30:59.699root 11241100x8000000000000000366099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd7a5f87aa2a8822021-12-21 10:30:59.699root 11241100x8000000000000000366100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b140d8fca9f4b12021-12-21 10:30:59.699root 11241100x8000000000000000366101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.91d6562e3b92fdc02021-12-21 10:30:59.699root 11241100x8000000000000000366102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54996d1f130de5ae2021-12-21 10:30:59.699root 11241100x8000000000000000366103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8ed4cb06c5e25aa2021-12-21 10:30:59.699root 11241100x8000000000000000366104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33071d8ffa760c132021-12-21 10:30:59.699root 11241100x8000000000000000366105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc096ff4779c38e32021-12-21 10:30:59.699root 11241100x8000000000000000366106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8d37a39f188ed6e2021-12-21 10:30:59.699root 11241100x8000000000000000366107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fffe089e89a13bd62021-12-21 10:30:59.700root 11241100x8000000000000000366108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c09d3d0df22a69b2021-12-21 10:30:59.700root 11241100x8000000000000000366109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e8450f1017a7212021-12-21 10:30:59.700root 11241100x8000000000000000366110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.142925fceec081102021-12-21 10:30:59.700root 11241100x8000000000000000366111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.326c9bbb0a1cfdb72021-12-21 10:30:59.700root 11241100x8000000000000000366112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2c13ba8b3d577ae2021-12-21 10:30:59.700root 11241100x8000000000000000366113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ed7a864abea342b2021-12-21 10:30:59.700root 11241100x8000000000000000366114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feaef90627cf7e062021-12-21 10:30:59.700root 11241100x8000000000000000366115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5dba559729b01f2021-12-21 10:30:59.700root 11241100x8000000000000000366116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d6c9bf2ce360fd2021-12-21 10:30:59.700root 11241100x8000000000000000366117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ac41494c2235332021-12-21 10:30:59.701root 11241100x8000000000000000366118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4f9774c6befee142021-12-21 10:30:59.701root 11241100x8000000000000000366119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fca3240facdc151a2021-12-21 10:30:59.701root 11241100x8000000000000000366120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2504bc0012783fd2021-12-21 10:30:59.701root 11241100x8000000000000000366121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265a3a42dfc2ac012021-12-21 10:30:59.701root 11241100x8000000000000000366122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af635d8bcdb3cce2021-12-21 10:30:59.701root 11241100x8000000000000000366123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5e95758191550462021-12-21 10:30:59.701root 11241100x8000000000000000366124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76e30f89d3a1482a2021-12-21 10:30:59.701root 11241100x8000000000000000366125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e238fff3ecbbf0a2021-12-21 10:30:59.701root 11241100x8000000000000000366126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f82b66b513541bbf2021-12-21 10:30:59.701root 11241100x8000000000000000366127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.327f57fe810252642021-12-21 10:30:59.701root 11241100x8000000000000000366128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd47ed7f362cab72021-12-21 10:30:59.702root 11241100x8000000000000000366129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.362a488d32a738912021-12-21 10:30:59.702root 11241100x8000000000000000366130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfba8d42ae449ba12021-12-21 10:30:59.702root 11241100x8000000000000000366131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f30f2d4a271db67d2021-12-21 10:30:59.702root 11241100x8000000000000000366132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d566d25f1f0206a32021-12-21 10:30:59.702root 11241100x8000000000000000366133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b1e08d32bc6f6282021-12-21 10:30:59.702root 11241100x8000000000000000366134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e179433df25be82021-12-21 10:30:59.702root 11241100x8000000000000000366135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8546ff9e14c91f1f2021-12-21 10:30:59.702root 11241100x8000000000000000366136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eed5494bc9bf5f272021-12-21 10:30:59.702root 11241100x8000000000000000366137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6cedf2daed16ec32021-12-21 10:30:59.702root 11241100x8000000000000000366138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c1b5784613291652021-12-21 10:30:59.702root 11241100x8000000000000000366139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5a2113cd6eff0d62021-12-21 10:30:59.703root 11241100x8000000000000000366140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.33563eb60f5406b92021-12-21 10:30:59.703root 11241100x8000000000000000366141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b22e6a90dadc73af2021-12-21 10:30:59.703root 11241100x8000000000000000366142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f35c30bbae4add72021-12-21 10:30:59.703root 11241100x8000000000000000366143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.12fa1ae521ff068a2021-12-21 10:30:59.703root 11241100x8000000000000000366144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b078600fa63b810c2021-12-21 10:30:59.703root 11241100x8000000000000000366145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8280969eac32b6bf2021-12-21 10:30:59.703root 11241100x8000000000000000366146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.593a829f7ab5fcfe2021-12-21 10:30:59.703root 11241100x8000000000000000366147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ac3fcbbfed74c912021-12-21 10:30:59.703root 11241100x8000000000000000366148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5319fbf51d8a22132021-12-21 10:30:59.703root 11241100x8000000000000000366149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.863809d43c2c1e9e2021-12-21 10:30:59.704root 11241100x8000000000000000366150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90c1cbe8d3a7e6aa2021-12-21 10:30:59.704root 11241100x8000000000000000366151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80dd5b8baad1838f2021-12-21 10:30:59.704root 11241100x8000000000000000366152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16ae21055aee5a002021-12-21 10:30:59.704root 11241100x8000000000000000366153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dbdefd8cbf07b83b2021-12-21 10:30:59.704root 11241100x8000000000000000366154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c97583c2c04053e12021-12-21 10:30:59.704root 11241100x8000000000000000366155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:30:59.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7154cc31a4a1986f2021-12-21 10:30:59.704root 11241100x8000000000000000366156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f98b04ddcd5cbef2021-12-21 10:31:00.192root 11241100x8000000000000000366157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3ee95b77f6c2a692021-12-21 10:31:00.193root 11241100x8000000000000000366158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5660a6438133233e2021-12-21 10:31:00.193root 11241100x8000000000000000366159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac1dc7225dafc2da2021-12-21 10:31:00.193root 11241100x8000000000000000366160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c936a7fea534ad3b2021-12-21 10:31:00.193root 11241100x8000000000000000366161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f0c54ee4fc6e7f182021-12-21 10:31:00.193root 11241100x8000000000000000366162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87130e0ca2c02fed2021-12-21 10:31:00.193root 11241100x8000000000000000366163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e08bfd7eef8f33fb2021-12-21 10:31:00.193root 11241100x8000000000000000366164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6863a8a13d56882b2021-12-21 10:31:00.193root 11241100x8000000000000000366165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96fd135e5c0da6212021-12-21 10:31:00.193root 11241100x8000000000000000366166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c94ca4b0ea01118d2021-12-21 10:31:00.193root 11241100x8000000000000000366167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd919c46160b2e892021-12-21 10:31:00.193root 11241100x8000000000000000366168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c44d05c9f6dfa1a2021-12-21 10:31:00.193root 11241100x8000000000000000366169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e83a532e66da1fe2021-12-21 10:31:00.194root 11241100x8000000000000000366170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1514d2da04e8d0e62021-12-21 10:31:00.194root 11241100x8000000000000000366171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d15f7342ce5c39e2021-12-21 10:31:00.194root 11241100x8000000000000000366172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d674975c227d59482021-12-21 10:31:00.194root 11241100x8000000000000000366173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7b775427a9c51cd22021-12-21 10:31:00.195root 11241100x8000000000000000366174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.265bbdbb5aa620cd2021-12-21 10:31:00.195root 11241100x8000000000000000366175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4a25d0664de8d5c2021-12-21 10:31:00.195root 11241100x8000000000000000366176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40e152e9778e54082021-12-21 10:31:00.195root 11241100x8000000000000000366177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62362131061432432021-12-21 10:31:00.195root 11241100x8000000000000000366178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d72da8b178e322a42021-12-21 10:31:00.195root 11241100x8000000000000000366179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758474674d8aa9bd2021-12-21 10:31:00.195root 11241100x8000000000000000366180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca93e528df31182b2021-12-21 10:31:00.195root 11241100x8000000000000000366181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c3c988e114e13bf2021-12-21 10:31:00.195root 11241100x8000000000000000366182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c07ee6d3507b5502021-12-21 10:31:00.195root 11241100x8000000000000000366183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6302289f4d7365c42021-12-21 10:31:00.196root 11241100x8000000000000000366184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.477ddafeb000065e2021-12-21 10:31:00.196root 11241100x8000000000000000366185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2d65667261a11d2021-12-21 10:31:00.196root 11241100x8000000000000000366186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de93bc50483e9b402021-12-21 10:31:00.196root 11241100x8000000000000000366187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.06ff68ce35caa3842021-12-21 10:31:00.196root 11241100x8000000000000000366188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.250fd598a553f6af2021-12-21 10:31:00.196root 11241100x8000000000000000366189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f1c2fea9611b0a82021-12-21 10:31:00.196root 11241100x8000000000000000366190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a51fec2e87687852021-12-21 10:31:00.196root 11241100x8000000000000000366191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429bef1196e7cc0b2021-12-21 10:31:00.196root 11241100x8000000000000000366192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c7d5d329fd310c2021-12-21 10:31:00.196root 11241100x8000000000000000366193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bccafa0118b06a72021-12-21 10:31:00.197root 11241100x8000000000000000366194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.601c358d45ae674f2021-12-21 10:31:00.197root 11241100x8000000000000000366195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b2f939e5a2538212021-12-21 10:31:00.197root 11241100x8000000000000000366196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab92709a5323b5432021-12-21 10:31:00.197root 11241100x8000000000000000366197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50824cf4a6f319e52021-12-21 10:31:00.197root 11241100x8000000000000000366198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c053fd1a5ecebc52021-12-21 10:31:00.197root 11241100x8000000000000000366199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c05942c15d74c8a82021-12-21 10:31:00.198root 11241100x8000000000000000366200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89cb70cec17113972021-12-21 10:31:00.198root 11241100x8000000000000000366201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e8ca69bcb7fe5422021-12-21 10:31:00.198root 11241100x8000000000000000366202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1859221077f9313d2021-12-21 10:31:00.198root 11241100x8000000000000000366203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e3707b13bea56132021-12-21 10:31:00.198root 11241100x8000000000000000366204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fcb096eeee3b8b52021-12-21 10:31:00.198root 11241100x8000000000000000366205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1840f9f593376c82021-12-21 10:31:00.198root 11241100x8000000000000000366206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.213b81d62265dc342021-12-21 10:31:00.198root 11241100x8000000000000000366207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35649a1fd7f89992021-12-21 10:31:00.198root 11241100x8000000000000000366208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c650c0207b017ab2021-12-21 10:31:00.199root 11241100x8000000000000000366209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0a32ca2b0b7e0212021-12-21 10:31:00.199root 11241100x8000000000000000366210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e64b8a5cd523488a2021-12-21 10:31:00.199root 11241100x8000000000000000366211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8010f2b6ded66f022021-12-21 10:31:00.199root 11241100x8000000000000000366212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4d57a3c45ed210e2021-12-21 10:31:00.199root 11241100x8000000000000000366213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4791a69ad039bd02021-12-21 10:31:00.199root 11241100x8000000000000000366214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ab7010eb35bd9782021-12-21 10:31:00.199root 11241100x8000000000000000366215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.768329f9b20cbbf72021-12-21 10:31:00.199root 11241100x8000000000000000366216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c3d92ba8b6a96edf2021-12-21 10:31:00.200root 11241100x8000000000000000366217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.297059c66deae35a2021-12-21 10:31:00.200root 11241100x8000000000000000366218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d74439f6cc1f83d2021-12-21 10:31:00.200root 11241100x8000000000000000366219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.785c06422e79f4702021-12-21 10:31:00.200root 11241100x8000000000000000366220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d36aed9432706662021-12-21 10:31:00.200root 11241100x8000000000000000366221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ddac2ce401f662a2021-12-21 10:31:00.200root 11241100x8000000000000000366222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf20b80c1045ddc2021-12-21 10:31:00.200root 11241100x8000000000000000366223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ea48aed0bc3a3a822021-12-21 10:31:00.200root 11241100x8000000000000000366224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bdf20f79767682b52021-12-21 10:31:00.200root 11241100x8000000000000000366225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a875b4fb655bf132021-12-21 10:31:00.200root 11241100x8000000000000000366226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77266cd69b4a57832021-12-21 10:31:00.200root 11241100x8000000000000000366227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a8dac2084106482021-12-21 10:31:00.201root 11241100x8000000000000000366228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.765f4e08e16e96922021-12-21 10:31:00.201root 11241100x8000000000000000366229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.963264304afb8d372021-12-21 10:31:00.201root 11241100x8000000000000000366230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e15f4be9ae088d62021-12-21 10:31:00.201root 11241100x8000000000000000366231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a67cad91a3ca4602021-12-21 10:31:00.201root 11241100x8000000000000000366232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037db15db4ea43842021-12-21 10:31:00.201root 11241100x8000000000000000366233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eacdd15d812d80192021-12-21 10:31:00.201root 11241100x8000000000000000366234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fbdefb87a0eefed2021-12-21 10:31:00.201root 11241100x8000000000000000366235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a1c80c29c5da15612021-12-21 10:31:00.201root 11241100x8000000000000000366236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cf32c305a72fc472021-12-21 10:31:00.201root 11241100x8000000000000000366237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f9742773b664fe82021-12-21 10:31:00.201root 11241100x8000000000000000366238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.777a01af65b3002b2021-12-21 10:31:00.201root 11241100x8000000000000000366239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f783af9cf23a12a52021-12-21 10:31:00.201root 11241100x8000000000000000366240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5197097fcb1442382021-12-21 10:31:00.201root 11241100x8000000000000000366241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1938d563d074fc32021-12-21 10:31:00.202root 11241100x8000000000000000366242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2fa7d5a53be25632021-12-21 10:31:00.202root 11241100x8000000000000000366243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bf7baa76340976a82021-12-21 10:31:00.202root 11241100x8000000000000000366244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef0eb6dd9a5e9cce2021-12-21 10:31:00.202root 11241100x8000000000000000366245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ce7ed694ff52b892021-12-21 10:31:00.202root 11241100x8000000000000000366246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15f5ffe0ecccbf1a2021-12-21 10:31:00.202root 11241100x8000000000000000366247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2df1fc7f9cb1c1962021-12-21 10:31:00.202root 11241100x8000000000000000366248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b34ce7e4f68ad71a2021-12-21 10:31:00.202root 11241100x8000000000000000366249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46dd773e9b8827d82021-12-21 10:31:00.202root 11241100x8000000000000000366250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c47362247380c452021-12-21 10:31:00.202root 11241100x8000000000000000366251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be23d2ccb701fc9a2021-12-21 10:31:00.202root 11241100x8000000000000000366252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a956e5064ba040392021-12-21 10:31:00.202root 11241100x8000000000000000366253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f71bf8bef5f0db22021-12-21 10:31:00.203root 11241100x8000000000000000366254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1d587056cbbcd21b2021-12-21 10:31:00.203root 11241100x8000000000000000366255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ba4273b08187f642021-12-21 10:31:00.203root 11241100x8000000000000000366256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fd2ceaa4f483a742021-12-21 10:31:00.203root 11241100x8000000000000000366257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cf97c28729170742021-12-21 10:31:00.203root 11241100x8000000000000000366258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.596e543f847733f62021-12-21 10:31:00.203root 11241100x8000000000000000366259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b3ec75581a7d9212021-12-21 10:31:00.203root 11241100x8000000000000000366260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b12d6f949b4fba502021-12-21 10:31:00.203root 11241100x8000000000000000366261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79e6ee39942a60912021-12-21 10:31:00.203root 11241100x8000000000000000366262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaeb509e57e3a7532021-12-21 10:31:00.203root 11241100x8000000000000000366263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8e87f70ff0a13de2021-12-21 10:31:00.203root 11241100x8000000000000000366264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54074a96bcd9920c2021-12-21 10:31:00.203root 11241100x8000000000000000366265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee3e8a0c9f8547332021-12-21 10:31:00.203root 11241100x8000000000000000366266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2ab272f20a549cac2021-12-21 10:31:00.203root 11241100x8000000000000000366267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c87df547345fa52a2021-12-21 10:31:00.203root 11241100x8000000000000000366268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f45d978179f7f95c2021-12-21 10:31:00.204root 11241100x8000000000000000366269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ab869cb496257702021-12-21 10:31:00.204root 11241100x8000000000000000366270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e809b957c30da02021-12-21 10:31:00.204root 11241100x8000000000000000366271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.367098c2ab51a07c2021-12-21 10:31:00.204root 11241100x8000000000000000366272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9897e1e008f7537c2021-12-21 10:31:00.204root 11241100x8000000000000000366273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd69206fc32bb9f62021-12-21 10:31:00.204root 11241100x8000000000000000366274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6f5403012ef921812021-12-21 10:31:00.204root 11241100x8000000000000000366275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.452c3620ebba10ae2021-12-21 10:31:00.204root 11241100x8000000000000000366276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3ad973da8233f482021-12-21 10:31:00.204root 11241100x8000000000000000366277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e4df9c7a76714282021-12-21 10:31:00.204root 11241100x8000000000000000366278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11253fd834a126df2021-12-21 10:31:00.204root 11241100x8000000000000000366279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c2a6960c8fa34c0d2021-12-21 10:31:00.204root 11241100x8000000000000000366280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb1e98911bc310762021-12-21 10:31:00.204root 11241100x8000000000000000366281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60a6adbbbdedb4b02021-12-21 10:31:00.204root 11241100x8000000000000000366282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e67f68d84dea231d2021-12-21 10:31:00.205root 11241100x8000000000000000366283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e367d68e261fced2021-12-21 10:31:00.205root 11241100x8000000000000000366284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8bcc748d64ad692021-12-21 10:31:00.205root 11241100x8000000000000000366285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27da5d8c29004c3b2021-12-21 10:31:00.205root 11241100x8000000000000000366286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5923798edd5b61ae2021-12-21 10:31:00.205root 11241100x8000000000000000366287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d13e815d75af717e2021-12-21 10:31:00.205root 11241100x8000000000000000366288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bcf1938647d27b92021-12-21 10:31:00.205root 11241100x8000000000000000366289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c83bda14af9aae362021-12-21 10:31:00.205root 11241100x8000000000000000366290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0228ba27752ccdfc2021-12-21 10:31:00.205root 11241100x8000000000000000366291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aad4310826b7a03b2021-12-21 10:31:00.205root 11241100x8000000000000000366292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.205{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2437387e29c93c62021-12-21 10:31:00.205root 11241100x8000000000000000366293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ab0cebc8a4a616a2021-12-21 10:31:00.206root 11241100x8000000000000000366294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1653ba67fb984f72021-12-21 10:31:00.206root 11241100x8000000000000000366295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f095f5a0321d002021-12-21 10:31:00.206root 11241100x8000000000000000366296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14e7e479ef24e7a82021-12-21 10:31:00.206root 11241100x8000000000000000366297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ce7f96e9809a5dd2021-12-21 10:31:00.206root 11241100x8000000000000000366298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd865b2d7304b2362021-12-21 10:31:00.206root 11241100x8000000000000000366299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cf3593e77c9653b2021-12-21 10:31:00.206root 11241100x8000000000000000366300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b17d465a7e7df29e2021-12-21 10:31:00.206root 11241100x8000000000000000366301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2de62d3fb8eb4fd2021-12-21 10:31:00.206root 11241100x8000000000000000366302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6742a9d069a3b8d22021-12-21 10:31:00.206root 11241100x8000000000000000366303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281c0b88f2b29b592021-12-21 10:31:00.206root 11241100x8000000000000000366304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.206{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bde7d44a070739422021-12-21 10:31:00.206root 11241100x8000000000000000366305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3773b41f9d665ef2021-12-21 10:31:00.207root 11241100x8000000000000000366306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.041029b1de4bc35d2021-12-21 10:31:00.207root 11241100x8000000000000000366307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb9f2d38cefe8bb32021-12-21 10:31:00.207root 11241100x8000000000000000366308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f2b77ffe49478d92021-12-21 10:31:00.207root 11241100x8000000000000000366309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b2db7b1edd9b04b2021-12-21 10:31:00.207root 11241100x8000000000000000366310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43e3d65241270e862021-12-21 10:31:00.207root 11241100x8000000000000000366311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c84159cf928b61fe2021-12-21 10:31:00.207root 11241100x8000000000000000366312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57418e9ce23271ce2021-12-21 10:31:00.207root 11241100x8000000000000000366313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f728708f01dad02b2021-12-21 10:31:00.207root 11241100x8000000000000000366314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7734373a57e580492021-12-21 10:31:00.207root 11241100x8000000000000000366315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0056fbb610e2ae002021-12-21 10:31:00.207root 11241100x8000000000000000366316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0f7c57a7b4dd519b2021-12-21 10:31:00.207root 11241100x8000000000000000366317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bc648701a938a52021-12-21 10:31:00.207root 11241100x8000000000000000366318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.207{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e55e38aad9e2f812021-12-21 10:31:00.207root 11241100x8000000000000000366319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b40d5637561f6c02021-12-21 10:31:00.208root 11241100x8000000000000000366320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34db147fc502876a2021-12-21 10:31:00.208root 11241100x8000000000000000366321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feec412741ee4b252021-12-21 10:31:00.208root 11241100x8000000000000000366322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7150498f5ecd87a2021-12-21 10:31:00.208root 11241100x8000000000000000366323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf2226d46d11b91b2021-12-21 10:31:00.208root 11241100x8000000000000000366324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4310e64c09d60d0e2021-12-21 10:31:00.208root 11241100x8000000000000000366325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c333ac33219db2252021-12-21 10:31:00.208root 11241100x8000000000000000366326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b9b4833c4f5957b2021-12-21 10:31:00.208root 11241100x8000000000000000366327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1bf2a753988016c22021-12-21 10:31:00.208root 11241100x8000000000000000366328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d8786c68fae9ef22021-12-21 10:31:00.208root 11241100x8000000000000000366329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e2e57f1e36b90c2021-12-21 10:31:00.208root 11241100x8000000000000000366330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aac81b0af3504bb82021-12-21 10:31:00.208root 11241100x8000000000000000366331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d1bb9e4194bc98d2021-12-21 10:31:00.208root 11241100x8000000000000000366332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c35b50f23e83dc2021-12-21 10:31:00.208root 11241100x8000000000000000366333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.208{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dbcf64f4e6981602021-12-21 10:31:00.208root 11241100x8000000000000000366334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb72065a41644ba52021-12-21 10:31:00.209root 11241100x8000000000000000366335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7a181ac460b3bd4b2021-12-21 10:31:00.209root 11241100x8000000000000000366336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fa90389598ca3b2021-12-21 10:31:00.209root 11241100x8000000000000000366337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0508709296922ca32021-12-21 10:31:00.209root 11241100x8000000000000000366338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb8106f7224dd68c2021-12-21 10:31:00.209root 11241100x8000000000000000366339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.075940cd2cb6d36e2021-12-21 10:31:00.209root 11241100x8000000000000000366340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b6d349bf47055e92021-12-21 10:31:00.209root 11241100x8000000000000000366341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7ced81beeb2d7362021-12-21 10:31:00.209root 11241100x8000000000000000366342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba7ccee3698f1d82021-12-21 10:31:00.209root 11241100x8000000000000000366343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0612cd31a1bdd7662021-12-21 10:31:00.209root 11241100x8000000000000000366344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b16f05925f80f79a2021-12-21 10:31:00.209root 11241100x8000000000000000366345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ade18ab591fcfd212021-12-21 10:31:00.209root 11241100x8000000000000000366346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f989736d2733ac02021-12-21 10:31:00.209root 11241100x8000000000000000366347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.209{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.948d6ac571a6b5612021-12-21 10:31:00.209root 11241100x8000000000000000366348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ee5a5d7e24d544a2021-12-21 10:31:00.210root 11241100x8000000000000000366349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8081e0151ec83e8b2021-12-21 10:31:00.210root 11241100x8000000000000000366350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da54af2d7b09bb292021-12-21 10:31:00.210root 11241100x8000000000000000366351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a863c6f81bd8eb212021-12-21 10:31:00.210root 11241100x8000000000000000366352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a8025ee00c0cb3c2021-12-21 10:31:00.210root 11241100x8000000000000000366353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ada5d3f787505392021-12-21 10:31:00.210root 11241100x8000000000000000366354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b7f4673809739322021-12-21 10:31:00.210root 11241100x8000000000000000366355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.232a8f709156e7ed2021-12-21 10:31:00.210root 11241100x8000000000000000366356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e4371ea96642d762021-12-21 10:31:00.210root 11241100x8000000000000000366357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6819ffdc94b6418d2021-12-21 10:31:00.210root 11241100x8000000000000000366358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34fb1dd599293f0b2021-12-21 10:31:00.210root 11241100x8000000000000000366359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.69b638bced769fa52021-12-21 10:31:00.210root 11241100x8000000000000000366360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48d7bc69bf7c807a2021-12-21 10:31:00.210root 11241100x8000000000000000366361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e99cb2e4c60489c2021-12-21 10:31:00.210root 11241100x8000000000000000366362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.210{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85349b75fa095bea2021-12-21 10:31:00.210root 11241100x8000000000000000366363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2e42ca6f368bd7042021-12-21 10:31:00.211root 11241100x8000000000000000366364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a5215721fa677f02021-12-21 10:31:00.211root 11241100x8000000000000000366365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc138edec011905f2021-12-21 10:31:00.211root 11241100x8000000000000000366366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b344bcf248bddd662021-12-21 10:31:00.211root 11241100x8000000000000000366367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5dcb07e81d10e0cc2021-12-21 10:31:00.211root 11241100x8000000000000000366368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f7713ee0f65383b2021-12-21 10:31:00.211root 11241100x8000000000000000366369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ee2811ee2fe4a3e2021-12-21 10:31:00.211root 11241100x8000000000000000366370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b646c4b37ce021e2021-12-21 10:31:00.211root 11241100x8000000000000000366371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bf1c54a5db199f32021-12-21 10:31:00.211root 11241100x8000000000000000366372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d09d591fc0f5daf92021-12-21 10:31:00.211root 11241100x8000000000000000366373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20e17f6d6753ba732021-12-21 10:31:00.211root 11241100x8000000000000000366374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7352d8ae1a06bb9b2021-12-21 10:31:00.211root 11241100x8000000000000000366375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.211{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a1f78fea1eb16a2021-12-21 10:31:00.211root 11241100x8000000000000000366376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d87021edd144870c2021-12-21 10:31:00.212root 11241100x8000000000000000366377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea11335cec6a3f12021-12-21 10:31:00.212root 11241100x8000000000000000366378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3888692d847dd85f2021-12-21 10:31:00.212root 11241100x8000000000000000366379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.56a79c9561730b0a2021-12-21 10:31:00.212root 11241100x8000000000000000366380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7925ce45be2fc9012021-12-21 10:31:00.212root 11241100x8000000000000000366381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a54d3b443f79112021-12-21 10:31:00.212root 11241100x8000000000000000366382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4962fb41765fc94f2021-12-21 10:31:00.212root 11241100x8000000000000000366383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef83a3fc92b88bce2021-12-21 10:31:00.212root 11241100x8000000000000000366384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8ccc106b4a842332021-12-21 10:31:00.212root 11241100x8000000000000000366385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25b3ee1400bf811f2021-12-21 10:31:00.212root 11241100x8000000000000000366386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0652160315932022021-12-21 10:31:00.212root 11241100x8000000000000000366387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f822337300ecb27f2021-12-21 10:31:00.212root 11241100x8000000000000000366388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b07880362d16bba2021-12-21 10:31:00.212root 11241100x8000000000000000366389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.212{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.819cd683877705642021-12-21 10:31:00.212root 11241100x8000000000000000366390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6b5bad97929b5c2021-12-21 10:31:00.213root 11241100x8000000000000000366391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96b06c51ae6e385d2021-12-21 10:31:00.213root 11241100x8000000000000000366392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.213{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a6ca1abfd01753b92021-12-21 10:31:00.213root 11241100x8000000000000000366393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72c9cb730de08fec2021-12-21 10:31:00.693root 11241100x8000000000000000366394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.233d4d6c1ce664232021-12-21 10:31:00.693root 11241100x8000000000000000366395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814a6d622760780c2021-12-21 10:31:00.693root 11241100x8000000000000000366396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b944e442d5bbd2b2021-12-21 10:31:00.693root 11241100x8000000000000000366397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d68a8421f0f6b9b2021-12-21 10:31:00.693root 11241100x8000000000000000366398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26562faa60a475172021-12-21 10:31:00.693root 11241100x8000000000000000366399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9586bbca217698392021-12-21 10:31:00.693root 11241100x8000000000000000366400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38b8fe1901f678512021-12-21 10:31:00.693root 11241100x8000000000000000366401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2784cffc3871bb7d2021-12-21 10:31:00.693root 11241100x8000000000000000366402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32d98972195dae7a2021-12-21 10:31:00.694root 11241100x8000000000000000366403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5922a37a1bb91c42021-12-21 10:31:00.694root 11241100x8000000000000000366404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9569ea296bfda0c12021-12-21 10:31:00.694root 11241100x8000000000000000366405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72dd288b43c7b28a2021-12-21 10:31:00.694root 11241100x8000000000000000366406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8eb2c3fccb549092021-12-21 10:31:00.694root 11241100x8000000000000000366407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e544dec9d27f89672021-12-21 10:31:00.694root 11241100x8000000000000000366408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.30f82749e3f373aa2021-12-21 10:31:00.694root 11241100x8000000000000000366409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3e97e54be21213872021-12-21 10:31:00.694root 11241100x8000000000000000366410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f891ba46002de512021-12-21 10:31:00.694root 11241100x8000000000000000366411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24443a0f1f58ae822021-12-21 10:31:00.694root 11241100x8000000000000000366412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c0e774d9a4f04302021-12-21 10:31:00.695root 11241100x8000000000000000366413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0da23b529f08e6b2021-12-21 10:31:00.695root 11241100x8000000000000000366414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdce0bc33ac80b362021-12-21 10:31:00.695root 11241100x8000000000000000366415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32803902cfe51f122021-12-21 10:31:00.695root 11241100x8000000000000000366416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.634db28dccf02e102021-12-21 10:31:00.695root 11241100x8000000000000000366417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4d9533c72e4f1c82021-12-21 10:31:00.695root 11241100x8000000000000000366418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.677fb11257920ec42021-12-21 10:31:00.695root 11241100x8000000000000000366419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0410c617c3929202021-12-21 10:31:00.695root 11241100x8000000000000000366420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43c8d89d30be9c882021-12-21 10:31:00.695root 11241100x8000000000000000366421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58196a11a88700cf2021-12-21 10:31:00.695root 11241100x8000000000000000366422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73478e23876868e72021-12-21 10:31:00.696root 11241100x8000000000000000366423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d35846e71a76f00c2021-12-21 10:31:00.696root 11241100x8000000000000000366424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973544d1b1a2a03b2021-12-21 10:31:00.696root 11241100x8000000000000000366425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.792aae32f5c001df2021-12-21 10:31:00.696root 11241100x8000000000000000366426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.505c95593d4539202021-12-21 10:31:00.696root 11241100x8000000000000000366427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.787d06132072db632021-12-21 10:31:00.696root 11241100x8000000000000000366428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3388a8e9ac4761c42021-12-21 10:31:00.696root 11241100x8000000000000000366429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f91994d9d7323202021-12-21 10:31:00.696root 11241100x8000000000000000366430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2f9d2dafc80f1a72021-12-21 10:31:00.696root 11241100x8000000000000000366431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c599b66c2bb3c3e2021-12-21 10:31:00.696root 11241100x8000000000000000366432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0f8ba93c4beeade2021-12-21 10:31:00.697root 11241100x8000000000000000366433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93e234867b7fb32d2021-12-21 10:31:00.697root 11241100x8000000000000000366434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bc0946f9c9d88b2f2021-12-21 10:31:00.697root 11241100x8000000000000000366435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c58cbed9932faa152021-12-21 10:31:00.697root 11241100x8000000000000000366436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf63f3b2a3a1f9f2021-12-21 10:31:00.697root 11241100x8000000000000000366437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b1f8660110e1dfe72021-12-21 10:31:00.697root 11241100x8000000000000000366438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.72bf781a1469b64a2021-12-21 10:31:00.698root 11241100x8000000000000000366439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8a45ecaf39f8cf12021-12-21 10:31:00.698root 11241100x8000000000000000366440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b69802e7a65176b92021-12-21 10:31:00.698root 11241100x8000000000000000366441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b583b45681f262102021-12-21 10:31:00.698root 11241100x8000000000000000366442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b54a52a8628ac1dd2021-12-21 10:31:00.698root 11241100x8000000000000000366443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5feca57d5b5d8fe2021-12-21 10:31:00.698root 11241100x8000000000000000366444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a066cc68ca9822a12021-12-21 10:31:00.698root 11241100x8000000000000000366445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fef5eeb00adfa5b2021-12-21 10:31:00.698root 11241100x8000000000000000366446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3118b15e5340c9cd2021-12-21 10:31:00.699root 11241100x8000000000000000366447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cd5aa0b490800c72021-12-21 10:31:00.699root 11241100x8000000000000000366448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a802c220964c20252021-12-21 10:31:00.699root 11241100x8000000000000000366449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ceb28935c64f1842021-12-21 10:31:00.699root 11241100x8000000000000000366450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ea5afa373630ab2021-12-21 10:31:00.699root 11241100x8000000000000000366451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6445e026cf47dac2021-12-21 10:31:00.699root 11241100x8000000000000000366452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.289d9337c265c7052021-12-21 10:31:00.699root 11241100x8000000000000000366453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9a826ccc0e053472021-12-21 10:31:00.700root 11241100x8000000000000000366454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b5c705dfed6e13f2021-12-21 10:31:00.700root 11241100x8000000000000000366455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20c2de91e4e3f3162021-12-21 10:31:00.700root 11241100x8000000000000000366456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5abb53f43453bf672021-12-21 10:31:00.700root 11241100x8000000000000000366457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ba9ffc709888d302021-12-21 10:31:00.700root 11241100x8000000000000000366458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.700{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.47cdb0ff30d9de732021-12-21 10:31:00.700root 11241100x8000000000000000366459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39bb1568e6b1017b2021-12-21 10:31:00.701root 11241100x8000000000000000366460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5cfa45f5f2052e2021-12-21 10:31:00.701root 11241100x8000000000000000366461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05a4fcf93ae358a22021-12-21 10:31:00.701root 11241100x8000000000000000366462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3577ae303756d8802021-12-21 10:31:00.701root 11241100x8000000000000000366463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.701{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99d24bdd18a206912021-12-21 10:31:00.701root 11241100x8000000000000000366464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c961f97d6b8f8522021-12-21 10:31:00.702root 11241100x8000000000000000366465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcc1611ad9cd97c62021-12-21 10:31:00.702root 11241100x8000000000000000366466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fa71e365194aef72021-12-21 10:31:00.702root 11241100x8000000000000000366467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9234e427f843d8512021-12-21 10:31:00.702root 11241100x8000000000000000366468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d8bc7837573c6502021-12-21 10:31:00.702root 11241100x8000000000000000366469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a3a1df949d788742021-12-21 10:31:00.702root 11241100x8000000000000000366470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba1516b301051a602021-12-21 10:31:00.703root 11241100x8000000000000000366471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b956db9622301c9a2021-12-21 10:31:00.703root 11241100x8000000000000000366472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9faf1f1b748b3e8b2021-12-21 10:31:00.703root 11241100x8000000000000000366473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be01e388c26a9e132021-12-21 10:31:00.703root 11241100x8000000000000000366474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7b2c7d2039539af2021-12-21 10:31:00.703root 11241100x8000000000000000366475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.470f570e2a6e92942021-12-21 10:31:00.703root 11241100x8000000000000000366476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39e85cef852e22c42021-12-21 10:31:00.703root 11241100x8000000000000000366477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7d891dae013b2612021-12-21 10:31:00.704root 11241100x8000000000000000366478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6248438c3dbafb5c2021-12-21 10:31:00.704root 11241100x8000000000000000366479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7db52baf6cfd14b62021-12-21 10:31:00.704root 11241100x8000000000000000366480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da54012f7c11b7812021-12-21 10:31:00.704root 11241100x8000000000000000366481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa9d79b0855ea3242021-12-21 10:31:00.704root 11241100x8000000000000000366482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e82318684c435e532021-12-21 10:31:00.704root 11241100x8000000000000000366483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78a336038e493e962021-12-21 10:31:00.704root 11241100x8000000000000000366484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.704{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.988c98d8ad5776c02021-12-21 10:31:00.704root 11241100x8000000000000000366485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cff06a3de47cb7e52021-12-21 10:31:00.705root 11241100x8000000000000000366486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4d7ae719f22e302021-12-21 10:31:00.705root 11241100x8000000000000000366487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.302e1f30d92ae4a02021-12-21 10:31:00.705root 11241100x8000000000000000366488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4218d782e9cf9c02021-12-21 10:31:00.705root 11241100x8000000000000000366489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d9ff284d00b4222021-12-21 10:31:00.705root 11241100x8000000000000000366490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f79eb365351e00ad2021-12-21 10:31:00.705root 11241100x8000000000000000366491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94182d8b6fb81ca82021-12-21 10:31:00.705root 11241100x8000000000000000366492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5cba07cfa4c220b2021-12-21 10:31:00.706root 11241100x8000000000000000366493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4bbc850245dd8ef52021-12-21 10:31:00.706root 11241100x8000000000000000366494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f465b39a557c45092021-12-21 10:31:00.706root 11241100x8000000000000000366495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5a5e6d0040847262021-12-21 10:31:00.706root 11241100x8000000000000000366496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d499b966d5ef2efe2021-12-21 10:31:00.706root 11241100x8000000000000000366497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e29f3a8d00b6ed22021-12-21 10:31:00.706root 11241100x8000000000000000366498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7e1358cf13e379d2021-12-21 10:31:00.707root 11241100x8000000000000000366499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eb1866001e6b5842021-12-21 10:31:00.707root 11241100x8000000000000000366500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44b40b9572334b482021-12-21 10:31:00.707root 11241100x8000000000000000366501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a45223b6236aeb2021-12-21 10:31:00.707root 11241100x8000000000000000366502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb1d3a202f238a32021-12-21 10:31:00.708root 11241100x8000000000000000366503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1edca297a19c15a92021-12-21 10:31:00.708root 11241100x8000000000000000366504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.68bbd1bf0835ef902021-12-21 10:31:00.708root 11241100x8000000000000000366505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.577ec691e9acf7fb2021-12-21 10:31:00.708root 11241100x8000000000000000366506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e681c1321bfd09f32021-12-21 10:31:00.708root 11241100x8000000000000000366507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c5663c12d7b8452021-12-21 10:31:00.708root 11241100x8000000000000000366508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c8adbaed6bc6472021-12-21 10:31:00.708root 11241100x8000000000000000366509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c89222848c5c8fd32021-12-21 10:31:00.709root 11241100x8000000000000000366510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.793d370276760da72021-12-21 10:31:00.709root 11241100x8000000000000000366511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53ba5528e69046f02021-12-21 10:31:00.709root 11241100x8000000000000000366512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d211431f5593122021-12-21 10:31:00.709root 11241100x8000000000000000366513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dea568c139679212021-12-21 10:31:00.709root 11241100x8000000000000000366514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9c46852863523c2021-12-21 10:31:00.709root 11241100x8000000000000000366515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9ac0378b5865b8d2021-12-21 10:31:00.710root 11241100x8000000000000000366516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7415906e6faf0e672021-12-21 10:31:00.710root 11241100x8000000000000000366517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c6d1cebbcbd5242021-12-21 10:31:00.710root 11241100x8000000000000000366518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0405568dbfae720a2021-12-21 10:31:00.710root 11241100x8000000000000000366519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.178baaf3c625cfd12021-12-21 10:31:00.710root 11241100x8000000000000000366520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f667c8f31ac6cef2021-12-21 10:31:00.711root 11241100x8000000000000000366521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8205e4bfb0990c9f2021-12-21 10:31:00.711root 11241100x8000000000000000366522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92f2fcd1574c9fb12021-12-21 10:31:00.711root 11241100x8000000000000000366523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.711{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bcb2428c49a2563e2021-12-21 10:31:00.711root 11241100x8000000000000000366524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b2af5e9106ce3e2021-12-21 10:31:00.712root 11241100x8000000000000000366525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0252de7914326ba22021-12-21 10:31:00.712root 11241100x8000000000000000366526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4aa7c296abbe68012021-12-21 10:31:00.712root 11241100x8000000000000000366527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.402f7265fdfb26342021-12-21 10:31:00.712root 11241100x8000000000000000366528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cf4e1bba9365a2a2021-12-21 10:31:00.712root 11241100x8000000000000000366529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f07615d4b4ca2a42021-12-21 10:31:00.712root 11241100x8000000000000000366530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46c3df0a621dc4ad2021-12-21 10:31:00.712root 11241100x8000000000000000366531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9428b279b938bad22021-12-21 10:31:00.712root 11241100x8000000000000000366532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1153bc4fab3b08902021-12-21 10:31:00.712root 11241100x8000000000000000366533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a63630339313ba602021-12-21 10:31:00.712root 11241100x8000000000000000366534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.393a6b0c18414e102021-12-21 10:31:00.712root 11241100x8000000000000000366535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43a968c1a80487b92021-12-21 10:31:00.712root 11241100x8000000000000000366536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f27e486ae11297e02021-12-21 10:31:00.712root 11241100x8000000000000000366537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a04a3b65bcf2b9982021-12-21 10:31:00.712root 11241100x8000000000000000366538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4cf5a0c243d9cc72021-12-21 10:31:00.713root 11241100x8000000000000000366539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de644f035bbfd8222021-12-21 10:31:00.713root 11241100x8000000000000000366540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9879f382d1caae82021-12-21 10:31:00.713root 11241100x8000000000000000366541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df5fef921413ce32021-12-21 10:31:00.713root 11241100x8000000000000000366542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c3abab449abae2e2021-12-21 10:31:00.713root 11241100x8000000000000000366543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6bf6679fb1fa67b2021-12-21 10:31:00.713root 11241100x8000000000000000366544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd9bb7ba4f712c52021-12-21 10:31:00.713root 11241100x8000000000000000366545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a15709932703a242021-12-21 10:31:00.713root 11241100x8000000000000000366546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c954c65ba46e0c42021-12-21 10:31:00.713root 11241100x8000000000000000366547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e04003c2475366b82021-12-21 10:31:00.713root 11241100x8000000000000000366548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b05592836f94182021-12-21 10:31:00.714root 11241100x8000000000000000366549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fcb584c269c48e52021-12-21 10:31:00.714root 11241100x8000000000000000366550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a12e37a57e4b1dfa2021-12-21 10:31:00.714root 11241100x8000000000000000366551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6925281deabce23f2021-12-21 10:31:00.714root 11241100x8000000000000000366552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8565666da41c91e82021-12-21 10:31:00.714root 11241100x8000000000000000366553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95916d82ff78b4772021-12-21 10:31:00.714root 11241100x8000000000000000366554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db4178f0341730e32021-12-21 10:31:00.715root 11241100x8000000000000000366555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9463898af43764662021-12-21 10:31:00.715root 11241100x8000000000000000366556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7fc2a82867b532d2021-12-21 10:31:00.715root 11241100x8000000000000000366557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92feb980f04a8e212021-12-21 10:31:00.715root 11241100x8000000000000000366558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9702a1516539c73e2021-12-21 10:31:00.715root 11241100x8000000000000000366559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb72b99c8af841712021-12-21 10:31:00.715root 11241100x8000000000000000366560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.92126e33af5365fc2021-12-21 10:31:00.715root 11241100x8000000000000000366561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c1346bcba4e181e82021-12-21 10:31:00.715root 11241100x8000000000000000366562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5813a193341fde8d2021-12-21 10:31:00.715root 11241100x8000000000000000366563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.715{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.310c648da59af1812021-12-21 10:31:00.715root 11241100x8000000000000000366564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70261d92674a9a082021-12-21 10:31:00.716root 11241100x8000000000000000366565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c40de64cf804f9242021-12-21 10:31:00.716root 11241100x8000000000000000366566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:00.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.425039c8c961662a2021-12-21 10:31:00.716root 11241100x8000000000000000366567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8002e7e794c86e8d2021-12-21 10:31:01.192root 11241100x8000000000000000366568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22520cd06df452d82021-12-21 10:31:01.193root 11241100x8000000000000000366569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.946f73ae81d61bd92021-12-21 10:31:01.193root 11241100x8000000000000000366570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2442e9e73fbbb4a62021-12-21 10:31:01.193root 11241100x8000000000000000366571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7f1c048c0a4323172021-12-21 10:31:01.193root 11241100x8000000000000000366572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dea85844c337f7d12021-12-21 10:31:01.193root 11241100x8000000000000000366573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c10494e1223f45f2021-12-21 10:31:01.193root 11241100x8000000000000000366574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fc90c0bf21bb6a812021-12-21 10:31:01.193root 11241100x8000000000000000366575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd553cf010ef56532021-12-21 10:31:01.193root 11241100x8000000000000000366576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc45b0b0a09be3db2021-12-21 10:31:01.194root 11241100x8000000000000000366577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e21c2edffe180df2021-12-21 10:31:01.194root 11241100x8000000000000000366578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d395563da8ce23a62021-12-21 10:31:01.194root 11241100x8000000000000000366579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46920c01657c3adb2021-12-21 10:31:01.194root 11241100x8000000000000000366580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26258c32f3ff8e532021-12-21 10:31:01.194root 11241100x8000000000000000366581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7e432bda55e3d31c2021-12-21 10:31:01.195root 11241100x8000000000000000366582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae3ffa5d7dd1f4e32021-12-21 10:31:01.195root 11241100x8000000000000000366583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.195{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b6db472c19a74ee2021-12-21 10:31:01.195root 11241100x8000000000000000366584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09060bc42e121e082021-12-21 10:31:01.196root 11241100x8000000000000000366585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7370b3576a822b9a2021-12-21 10:31:01.196root 11241100x8000000000000000366586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58276f1930f6bcd2021-12-21 10:31:01.196root 11241100x8000000000000000366587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.196{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.814c26f18beb2b6f2021-12-21 10:31:01.196root 11241100x8000000000000000366588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64a925ef511d9ea62021-12-21 10:31:01.197root 11241100x8000000000000000366589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95ab364273a687ff2021-12-21 10:31:01.197root 11241100x8000000000000000366590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97628c8691ceffc12021-12-21 10:31:01.197root 11241100x8000000000000000366591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab8432f028453d72021-12-21 10:31:01.197root 11241100x8000000000000000366592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85ea4af4f7cd7ac82021-12-21 10:31:01.197root 11241100x8000000000000000366593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.197{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40fc259aa1b00fda2021-12-21 10:31:01.197root 11241100x8000000000000000366594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2cbfd3facfe1b7c62021-12-21 10:31:01.198root 11241100x8000000000000000366595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24159da8c4e94bd72021-12-21 10:31:01.198root 11241100x8000000000000000366596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41450890ba41f8272021-12-21 10:31:01.198root 11241100x8000000000000000366597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0681e7127c41f1c52021-12-21 10:31:01.198root 11241100x8000000000000000366598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd98248b0e93d1582021-12-21 10:31:01.198root 11241100x8000000000000000366599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38c175bdd8e7b6332021-12-21 10:31:01.198root 11241100x8000000000000000366600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.198{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.343b63e304f235a62021-12-21 10:31:01.198root 11241100x8000000000000000366601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb3ec3bd4015860b2021-12-21 10:31:01.199root 11241100x8000000000000000366602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.48e2a7cafd281bf12021-12-21 10:31:01.199root 11241100x8000000000000000366603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.25160539014e9ed22021-12-21 10:31:01.199root 11241100x8000000000000000366604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b040ffc0f502f37d2021-12-21 10:31:01.199root 11241100x8000000000000000366605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61e41b6a42d81a902021-12-21 10:31:01.199root 11241100x8000000000000000366606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9a11275354a5f472021-12-21 10:31:01.199root 11241100x8000000000000000366607Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5eb70bccdccd7d7e2021-12-21 10:31:01.199root 11241100x8000000000000000366608Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7ecc6accb15d1d682021-12-21 10:31:01.199root 11241100x8000000000000000366609Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d936eb5ef8fc50e32021-12-21 10:31:01.199root 11241100x8000000000000000366610Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.365f147bb2d675f92021-12-21 10:31:01.199root 11241100x8000000000000000366611Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd03cc08436529842021-12-21 10:31:01.199root 11241100x8000000000000000366612Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.199{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f077e8b4210742c12021-12-21 10:31:01.199root 11241100x8000000000000000366613Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28d993e01865c2c22021-12-21 10:31:01.200root 11241100x8000000000000000366614Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b44e06959d6bcd032021-12-21 10:31:01.200root 11241100x8000000000000000366615Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31cf80b97799163f2021-12-21 10:31:01.200root 11241100x8000000000000000366616Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d3069d1931d1fb422021-12-21 10:31:01.200root 11241100x8000000000000000366617Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1aa49a3be34b62a42021-12-21 10:31:01.200root 11241100x8000000000000000366618Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5db036a5a614251b2021-12-21 10:31:01.200root 11241100x8000000000000000366619Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f3efc26e20396622021-12-21 10:31:01.200root 11241100x8000000000000000366620Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64ef66d8bb73dff72021-12-21 10:31:01.200root 11241100x8000000000000000366621Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4978b68e5ad925502021-12-21 10:31:01.200root 11241100x8000000000000000366622Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2627af3080d2829e2021-12-21 10:31:01.200root 11241100x8000000000000000366623Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0551faf6113b55bd2021-12-21 10:31:01.200root 11241100x8000000000000000366624Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5df26c64ad4ae702021-12-21 10:31:01.200root 11241100x8000000000000000366625Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54616514c40940542021-12-21 10:31:01.200root 11241100x8000000000000000366626Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fce99b6051c995c2021-12-21 10:31:01.200root 11241100x8000000000000000366627Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.200{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97e65f8b9be7ba962021-12-21 10:31:01.200root 11241100x8000000000000000366628Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b341a8f1bfe9cdc2021-12-21 10:31:01.201root 11241100x8000000000000000366629Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c82592aa6a1af9c92021-12-21 10:31:01.201root 11241100x8000000000000000366630Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a6dbf4bdcb6db682021-12-21 10:31:01.201root 11241100x8000000000000000366631Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3c601f593e04d9062021-12-21 10:31:01.201root 11241100x8000000000000000366632Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.873e75d0e92ff3762021-12-21 10:31:01.201root 11241100x8000000000000000366633Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86f61f6990c9bc362021-12-21 10:31:01.201root 11241100x8000000000000000366634Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a54d70f897cacfbf2021-12-21 10:31:01.201root 11241100x8000000000000000366635Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.486a92e507c66b9a2021-12-21 10:31:01.201root 11241100x8000000000000000366636Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42a72dffed66db932021-12-21 10:31:01.201root 11241100x8000000000000000366637Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.929ea2ea532461582021-12-21 10:31:01.201root 11241100x8000000000000000366638Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab7887ded534e5522021-12-21 10:31:01.201root 11241100x8000000000000000366639Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c2da1f77cfc55d2021-12-21 10:31:01.201root 11241100x8000000000000000366640Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3bb1ba234d0a07742021-12-21 10:31:01.201root 11241100x8000000000000000366641Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe7bc7a36332e842021-12-21 10:31:01.201root 11241100x8000000000000000366642Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.201{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6dc9936e59ed2d802021-12-21 10:31:01.201root 11241100x8000000000000000366643Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.153ccfb736aa55012021-12-21 10:31:01.202root 11241100x8000000000000000366644Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.436adc9dfd4dabab2021-12-21 10:31:01.202root 11241100x8000000000000000366645Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0205869a0236ddd52021-12-21 10:31:01.202root 11241100x8000000000000000366646Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58aa259b2a969ef2021-12-21 10:31:01.202root 11241100x8000000000000000366647Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.67ab3dea0221ec7a2021-12-21 10:31:01.202root 11241100x8000000000000000366648Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5822658bee1ceb0c2021-12-21 10:31:01.202root 11241100x8000000000000000366649Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ac8f3e662b94ee2021-12-21 10:31:01.202root 11241100x8000000000000000366650Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e982332c19d61ef32021-12-21 10:31:01.202root 11241100x8000000000000000366651Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.31f034f10dd4e14f2021-12-21 10:31:01.202root 11241100x8000000000000000366652Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1b273e45f7f35412021-12-21 10:31:01.202root 11241100x8000000000000000366653Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e65e24bfc8a39a8a2021-12-21 10:31:01.202root 11241100x8000000000000000366654Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170f8b8afa7357592021-12-21 10:31:01.202root 11241100x8000000000000000366655Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.202{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c671d612b9b69c4a2021-12-21 10:31:01.202root 11241100x8000000000000000366656Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10abfab4bbee30802021-12-21 10:31:01.203root 11241100x8000000000000000366657Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a65e5d1c86345b02021-12-21 10:31:01.203root 11241100x8000000000000000366658Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.783164e0ee999ab42021-12-21 10:31:01.203root 11241100x8000000000000000366659Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a0e63b7d59203172021-12-21 10:31:01.203root 11241100x8000000000000000366660Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb3f77480c6435e52021-12-21 10:31:01.203root 11241100x8000000000000000366661Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2223432939fa5cd32021-12-21 10:31:01.203root 11241100x8000000000000000366662Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8be0282a3c79d5e12021-12-21 10:31:01.203root 11241100x8000000000000000366663Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13c47fd189b4926d2021-12-21 10:31:01.203root 11241100x8000000000000000366664Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.203{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9d8b1737409ced92021-12-21 10:31:01.203root 11241100x8000000000000000366665Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6919ec8a548f71f2021-12-21 10:31:01.204root 11241100x8000000000000000366666Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a8941942b8aa6baa2021-12-21 10:31:01.204root 11241100x8000000000000000366667Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3557b4124322035f2021-12-21 10:31:01.204root 11241100x8000000000000000366668Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cb54b599ba1ddbb2021-12-21 10:31:01.204root 11241100x8000000000000000366669Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c3d86ac3083ed572021-12-21 10:31:01.204root 11241100x8000000000000000366670Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83c0db3b63269b392021-12-21 10:31:01.204root 11241100x8000000000000000366671Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65b6f1151c5099302021-12-21 10:31:01.204root 11241100x8000000000000000366672Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.204{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb694492441fd93a2021-12-21 10:31:01.204root 11241100x8000000000000000366673Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.354e509b3e5fbf3e2021-12-21 10:31:01.693root 11241100x8000000000000000366674Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1281f0cfae0b61382021-12-21 10:31:01.693root 11241100x8000000000000000366675Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07f847a50da966ee2021-12-21 10:31:01.693root 11241100x8000000000000000366676Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0d370b916d1c2f92021-12-21 10:31:01.693root 11241100x8000000000000000366677Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb36a82df9516fc82021-12-21 10:31:01.694root 11241100x8000000000000000366678Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d260421e18f0d9292021-12-21 10:31:01.694root 11241100x8000000000000000366679Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c7f1c5535717812021-12-21 10:31:01.695root 11241100x8000000000000000366680Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3daca0d2c9e936192021-12-21 10:31:01.695root 11241100x8000000000000000366681Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eaef905ae01fca952021-12-21 10:31:01.695root 11241100x8000000000000000366682Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c1e92ec1fed6ea22021-12-21 10:31:01.696root 11241100x8000000000000000366683Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bef043a38ffa2032021-12-21 10:31:01.696root 11241100x8000000000000000366684Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3680562394d34932021-12-21 10:31:01.696root 11241100x8000000000000000366685Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.76f62c416e813bb52021-12-21 10:31:01.696root 11241100x8000000000000000366686Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.adaa74baa41d05f12021-12-21 10:31:01.696root 11241100x8000000000000000366687Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.696{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e266edd49c0a6a982021-12-21 10:31:01.696root 11241100x8000000000000000366688Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9832480ca227aa0c2021-12-21 10:31:01.697root 11241100x8000000000000000366689Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ece70b38bc634322021-12-21 10:31:01.697root 11241100x8000000000000000366690Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8c8b5fd5ed8504dc2021-12-21 10:31:01.697root 11241100x8000000000000000366691Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d88bcef65022a692021-12-21 10:31:01.697root 11241100x8000000000000000366692Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.388fb4b02846163f2021-12-21 10:31:01.697root 11241100x8000000000000000366693Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5027e80337d8c11b2021-12-21 10:31:01.697root 11241100x8000000000000000366694Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0efccc2645927ce52021-12-21 10:31:01.697root 11241100x8000000000000000366695Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.697{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c4e6f1a43f9a2262021-12-21 10:31:01.697root 11241100x8000000000000000366696Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a7e0a6020c88bc62021-12-21 10:31:01.698root 11241100x8000000000000000366697Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.698{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ac2efce203329262021-12-21 10:31:01.698root 11241100x8000000000000000366698Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07be8768c10ed7e02021-12-21 10:31:01.699root 11241100x8000000000000000366699Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.699{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f9842c86cfb9db0f2021-12-21 10:31:01.699root 11241100x8000000000000000366700Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cdc3b4e73bae98cb2021-12-21 10:31:01.702root 11241100x8000000000000000366701Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.530d8602a5faadf72021-12-21 10:31:01.702root 11241100x8000000000000000366702Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1928b664a5a21e362021-12-21 10:31:01.702root 11241100x8000000000000000366703Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.702{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fb8b1bd25c6c8112021-12-21 10:31:01.702root 11241100x8000000000000000366704Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50a2d6847e3ec9f52021-12-21 10:31:01.703root 11241100x8000000000000000366705Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7906d259389c2cd92021-12-21 10:31:01.703root 11241100x8000000000000000366706Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.429e40c30927286a2021-12-21 10:31:01.703root 11241100x8000000000000000366707Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0966483ef71b9f5a2021-12-21 10:31:01.703root 11241100x8000000000000000366708Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.312d2c080cd677052021-12-21 10:31:01.703root 11241100x8000000000000000366709Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc1ef415abcc301f2021-12-21 10:31:01.703root 11241100x8000000000000000366710Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.351940ca538390032021-12-21 10:31:01.703root 11241100x8000000000000000366711Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8f97f0b590120b02021-12-21 10:31:01.703root 11241100x8000000000000000366712Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb43581953181a82021-12-21 10:31:01.703root 11241100x8000000000000000366713Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.703{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3d6f131576ff9ef2021-12-21 10:31:01.703root 11241100x8000000000000000366714Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.705{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7489c5627ece95b2021-12-21 10:31:01.705root 11241100x8000000000000000366715Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d6c48202d0fd01542021-12-21 10:31:01.706root 11241100x8000000000000000366716Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce7fc4c7a349740e2021-12-21 10:31:01.706root 11241100x8000000000000000366717Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0ceeec13f1898b82021-12-21 10:31:01.706root 11241100x8000000000000000366718Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.430225dcbdcc7e0a2021-12-21 10:31:01.706root 11241100x8000000000000000366719Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90dd5109462d839f2021-12-21 10:31:01.706root 11241100x8000000000000000366720Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f44d5a6a493c54b12021-12-21 10:31:01.706root 11241100x8000000000000000366721Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.feb131dd4a7509802021-12-21 10:31:01.706root 11241100x8000000000000000366722Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d355b9c80642d3332021-12-21 10:31:01.706root 11241100x8000000000000000366723Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.706{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cfbd58ab0e5244d2021-12-21 10:31:01.706root 11241100x8000000000000000366724Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81956dd94cdc016f2021-12-21 10:31:01.707root 11241100x8000000000000000366725Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e94fc25b28ad3922021-12-21 10:31:01.707root 11241100x8000000000000000366726Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40219ac91b31b9532021-12-21 10:31:01.707root 11241100x8000000000000000366727Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7df165a9d7bdfd1e2021-12-21 10:31:01.707root 11241100x8000000000000000366728Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86d96715b8b0e19c2021-12-21 10:31:01.707root 11241100x8000000000000000366729Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.707{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aaa831238224aff2021-12-21 10:31:01.707root 11241100x8000000000000000366730Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8268fc36ca0b0bc52021-12-21 10:31:01.708root 11241100x8000000000000000366731Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.708{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c65e555748cf8b982021-12-21 10:31:01.708root 11241100x8000000000000000366732Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cedb76bd0daf0572021-12-21 10:31:01.709root 11241100x8000000000000000366733Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e93f3b4620fc1c02021-12-21 10:31:01.709root 11241100x8000000000000000366734Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.224ee53bba06cfc92021-12-21 10:31:01.709root 11241100x8000000000000000366735Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a591a75b364afb852021-12-21 10:31:01.709root 11241100x8000000000000000366736Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27eb9cb9ff1fc2312021-12-21 10:31:01.709root 11241100x8000000000000000366737Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.709{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01b6ae0d3a4fc72c2021-12-21 10:31:01.709root 11241100x8000000000000000366738Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fed7eae1c9e800ac2021-12-21 10:31:01.710root 11241100x8000000000000000366739Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7791a33ba40348bf2021-12-21 10:31:01.710root 11241100x8000000000000000366740Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab170993ae804fa32021-12-21 10:31:01.710root 11241100x8000000000000000366741Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2524c59af18967c2021-12-21 10:31:01.710root 11241100x8000000000000000366742Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2780258f0f6e8c1a2021-12-21 10:31:01.710root 11241100x8000000000000000366743Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b156a9793e58a002021-12-21 10:31:01.710root 11241100x8000000000000000366744Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.710{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.968041ab41d9b7d82021-12-21 10:31:01.710root 11241100x8000000000000000366745Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe7f9e0eb42024582021-12-21 10:31:01.712root 11241100x8000000000000000366746Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b627e0765385ccd2021-12-21 10:31:01.712root 11241100x8000000000000000366747Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c18f6dc4ec5c3f1b2021-12-21 10:31:01.712root 11241100x8000000000000000366748Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e2a65e1d76b20152021-12-21 10:31:01.712root 11241100x8000000000000000366749Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8439e5f2ca9c642021-12-21 10:31:01.712root 11241100x8000000000000000366750Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e0c83eaf90af166f2021-12-21 10:31:01.712root 11241100x8000000000000000366751Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d712ece0b85a1252021-12-21 10:31:01.712root 11241100x8000000000000000366752Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.712{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0adf563fa5af75bd2021-12-21 10:31:01.712root 11241100x8000000000000000366753Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6533950826de2c7a2021-12-21 10:31:01.713root 11241100x8000000000000000366754Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ba19771079b1ac22021-12-21 10:31:01.713root 11241100x8000000000000000366755Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bcac7b173780a082021-12-21 10:31:01.713root 11241100x8000000000000000366756Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99c56fc0b70a86942021-12-21 10:31:01.713root 11241100x8000000000000000366757Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1992b654acbec0e72021-12-21 10:31:01.713root 11241100x8000000000000000366758Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ff87645a58eb8b02021-12-21 10:31:01.713root 11241100x8000000000000000366759Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.713{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e642f5b910b4cc52021-12-21 10:31:01.713root 11241100x8000000000000000366760Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.714{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88ee16eaed79ceeb2021-12-21 10:31:01.714root 11241100x8000000000000000366761Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.716{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51ce390a07b20f642021-12-21 10:31:01.716root 11241100x8000000000000000366762Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fee7fe2e04d8847e2021-12-21 10:31:01.717root 11241100x8000000000000000366763Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49092138fc33346c2021-12-21 10:31:01.717root 11241100x8000000000000000366764Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac156cfda6e9bc4b2021-12-21 10:31:01.717root 11241100x8000000000000000366765Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.717{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cfcad4f06f459ac32021-12-21 10:31:01.717root 11241100x8000000000000000366766Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a126555ec624f9a02021-12-21 10:31:01.718root 11241100x8000000000000000366767Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17af29df741ceda92021-12-21 10:31:01.718root 11241100x8000000000000000366768Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c468c072f023e01e2021-12-21 10:31:01.718root 11241100x8000000000000000366769Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4b3dfd8b1c7151b2021-12-21 10:31:01.718root 11241100x8000000000000000366770Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2d682d8dddb2cbcb2021-12-21 10:31:01.718root 11241100x8000000000000000366771Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c598b804bb5d5652021-12-21 10:31:01.718root 11241100x8000000000000000366772Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce6a96ac2ae02a012021-12-21 10:31:01.718root 11241100x8000000000000000366773Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1eeff2f3adb946542021-12-21 10:31:01.718root 11241100x8000000000000000366774Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e159137a4b15af792021-12-21 10:31:01.718root 11241100x8000000000000000366775Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfe75bec5afb123c2021-12-21 10:31:01.718root 11241100x8000000000000000366776Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39529509d8da3b0c2021-12-21 10:31:01.718root 11241100x8000000000000000366777Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.718{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.037be5bda79b55b02021-12-21 10:31:01.718root 11241100x8000000000000000366778Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f777bce5c91733ca2021-12-21 10:31:01.719root 11241100x8000000000000000366779Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e78ab673ad0996772021-12-21 10:31:01.719root 11241100x8000000000000000366780Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ed95e2bccb2f532021-12-21 10:31:01.719root 11241100x8000000000000000366781Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93515f6d41cf07bd2021-12-21 10:31:01.719root 11241100x8000000000000000366782Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.719{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a9c44613055117b2021-12-21 10:31:01.719root 11241100x8000000000000000366783Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4b201b43b9dcd302021-12-21 10:31:01.720root 11241100x8000000000000000366784Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fade0a275b8f47402021-12-21 10:31:01.720root 11241100x8000000000000000366785Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba848438e7aab37e2021-12-21 10:31:01.720root 11241100x8000000000000000366786Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1977e31e57ded34c2021-12-21 10:31:01.720root 11241100x8000000000000000366787Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f7c7bf08038718072021-12-21 10:31:01.720root 11241100x8000000000000000366788Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39d9b8b2b4f4da022021-12-21 10:31:01.720root 11241100x8000000000000000366789Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.720{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cf77b810d0fe7ae2021-12-21 10:31:01.720root 11241100x8000000000000000366790Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.723{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff017073979daad12021-12-21 10:31:01.723root 11241100x8000000000000000366791Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.984b5f0c8ad662072021-12-21 10:31:01.724root 11241100x8000000000000000366792Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a9125385df5d77e2021-12-21 10:31:01.724root 11241100x8000000000000000366793Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.724{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.894ca00722fbec532021-12-21 10:31:01.724root 11241100x8000000000000000366794Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3e9c730aece2f082021-12-21 10:31:01.725root 11241100x8000000000000000366795Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561e6b903c8a38012021-12-21 10:31:01.725root 11241100x8000000000000000366796Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6424136992a6e2752021-12-21 10:31:01.725root 11241100x8000000000000000366797Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4952fbc92987ec92021-12-21 10:31:01.725root 11241100x8000000000000000366798Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44bef6c88f0a142b2021-12-21 10:31:01.725root 11241100x8000000000000000366799Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.669c70e1c2c2fbed2021-12-21 10:31:01.725root 11241100x8000000000000000366800Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbe4ba0c0de5f7a02021-12-21 10:31:01.725root 11241100x8000000000000000366801Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.efa78a088ec722482021-12-21 10:31:01.725root 11241100x8000000000000000366802Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64c02dd47cf165ef2021-12-21 10:31:01.725root 11241100x8000000000000000366803Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.725{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.be43447e0b9ebb112021-12-21 10:31:01.725root 11241100x8000000000000000366804Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.751a5c46710cfb672021-12-21 10:31:01.726root 11241100x8000000000000000366805Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f15c3e15972aa83a2021-12-21 10:31:01.726root 11241100x8000000000000000366806Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a275b893c709711a2021-12-21 10:31:01.726root 11241100x8000000000000000366807Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3fa5cc5bcf6ebf82021-12-21 10:31:01.726root 11241100x8000000000000000366808Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a345adf36ae731a2021-12-21 10:31:01.726root 11241100x8000000000000000366809Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51714850cafbe38a2021-12-21 10:31:01.726root 11241100x8000000000000000366810Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:01.726{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae398084659825322021-12-21 10:31:01.726root 354300x8000000000000000366886Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:09.024{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47212-false10.0.1.12-8000- 23542300x8000000000000000366887Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:09.348{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000366888Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:09.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1cee738d74324a5b2021-12-21 10:31:09.349root 11241100x8000000000000000366889Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:09.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.617a34644411692c2021-12-21 10:31:09.349root 11241100x8000000000000000366890Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:09.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.190754d916ae26d72021-12-21 10:31:09.693root 11241100x8000000000000000366891Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:09.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9d365984abe4c612021-12-21 10:31:09.694root 11241100x8000000000000000366892Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:10.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f61814e1cb0ab7b82021-12-21 10:31:10.192root 11241100x8000000000000000366893Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:10.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c9dfcf8dd733fae2021-12-21 10:31:10.193root 11241100x8000000000000000366894Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:10.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9a573d5178753e32021-12-21 10:31:10.692root 11241100x8000000000000000366895Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:10.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c80c41e6be2e5e422021-12-21 10:31:10.693root 11241100x8000000000000000366896Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:11.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce8f669baaf5ab062021-12-21 10:31:11.192root 11241100x8000000000000000366897Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:11.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20ed09385d216cc72021-12-21 10:31:11.193root 11241100x8000000000000000366898Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:11.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74cbcbd6e254f2042021-12-21 10:31:11.692root 11241100x8000000000000000366899Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:11.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b03138a5fc0e90892021-12-21 10:31:11.692root 11241100x8000000000000000366900Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:12.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d7d1a3baa3f20e02021-12-21 10:31:12.192root 11241100x8000000000000000366901Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:12.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03ce76d368fbb8962021-12-21 10:31:12.193root 11241100x8000000000000000366902Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:12.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2362696234bc1ff12021-12-21 10:31:12.692root 11241100x8000000000000000366903Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:12.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22c18b4ec14be6492021-12-21 10:31:12.692root 11241100x8000000000000000366904Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:13.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8af115ce654c33ed2021-12-21 10:31:13.192root 11241100x8000000000000000366905Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:13.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f946aed037df2a282021-12-21 10:31:13.193root 11241100x8000000000000000366906Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:13.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13b05904ca941ce22021-12-21 10:31:13.692root 11241100x8000000000000000366907Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:13.692{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eb46e7996724cb842021-12-21 10:31:13.692root 354300x8000000000000000366908Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:14.128{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47214-false10.0.1.12-8000- 11241100x8000000000000000366909Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:14.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.279f91a756e901952021-12-21 10:31:14.129root 11241100x8000000000000000366910Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:14.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.270a58edd48ec2e92021-12-21 10:31:14.129root 11241100x8000000000000000366911Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:14.129{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9297048e4e980f202021-12-21 10:31:14.129root 11241100x8000000000000000366912Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:14.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87a2b3958e01594b2021-12-21 10:31:14.442root 11241100x8000000000000000366913Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dacf6b2078dfbe32021-12-21 10:31:14.443root 11241100x8000000000000000366914Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:14.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58ce24fa4c090b212021-12-21 10:31:14.443root 11241100x8000000000000000366915Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:14.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e7616391806582e22021-12-21 10:31:14.942root 11241100x8000000000000000366916Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90cb50b53ff586f72021-12-21 10:31:14.943root 11241100x8000000000000000366917Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:14.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3906140a319b3e042021-12-21 10:31:14.943root 11241100x8000000000000000366918Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b543869750f38e302021-12-21 10:31:15.443root 11241100x8000000000000000366919Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff80456942497f042021-12-21 10:31:15.443root 11241100x8000000000000000366920Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:15.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.229875f09202a25c2021-12-21 10:31:15.443root 11241100x8000000000000000366921Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:15.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b64e7033deb217a82021-12-21 10:31:15.942root 11241100x8000000000000000366922Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3219480ce31c21662021-12-21 10:31:15.943root 11241100x8000000000000000366923Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:15.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bbb82f61c35afb792021-12-21 10:31:15.943root 11241100x8000000000000000366924Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1415577c0f5ed3872021-12-21 10:31:16.443root 11241100x8000000000000000366925Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1caa22eae1fa6eaa2021-12-21 10:31:16.443root 11241100x8000000000000000366926Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:16.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66fb4dc9778382892021-12-21 10:31:16.443root 11241100x8000000000000000366927Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:16.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1298678616866ce02021-12-21 10:31:16.942root 11241100x8000000000000000366928Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84ebec37e4edd8ce2021-12-21 10:31:16.943root 11241100x8000000000000000366929Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:16.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17233e716357b6522021-12-21 10:31:16.943root 11241100x8000000000000000366930Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:17.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac840d57c6da92192021-12-21 10:31:17.442root 11241100x8000000000000000366931Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45c8d89135929e6b2021-12-21 10:31:17.443root 11241100x8000000000000000366932Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:17.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e7cf3f0b414944f2021-12-21 10:31:17.443root 11241100x8000000000000000366933Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:17.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1321acafb6669ea22021-12-21 10:31:17.942root 11241100x8000000000000000366934Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.624527a9617699182021-12-21 10:31:17.943root 11241100x8000000000000000366935Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:17.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cbd9a54d12c3ad522021-12-21 10:31:17.943root 11241100x8000000000000000366936Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:18.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86a5c3b435b71cb12021-12-21 10:31:18.442root 11241100x8000000000000000366937Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b822ea9306fc76812021-12-21 10:31:18.443root 11241100x8000000000000000366938Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:18.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73b813a988b721262021-12-21 10:31:18.443root 11241100x8000000000000000366939Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:18.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d2a3b381464e78b2021-12-21 10:31:18.942root 11241100x8000000000000000366940Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d9930ba4f142a632021-12-21 10:31:18.943root 11241100x8000000000000000366941Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:18.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8b56ca29540db1a2021-12-21 10:31:18.943root 11241100x8000000000000000366942Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:19.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5956f9c4a18db1342021-12-21 10:31:19.442root 11241100x8000000000000000366943Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54bf63b64d4fe6042021-12-21 10:31:19.443root 11241100x8000000000000000366944Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:19.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ed48eb175f945bb2021-12-21 10:31:19.443root 11241100x8000000000000000366945Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:19.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d17f80a8527e2c2021-12-21 10:31:19.942root 11241100x8000000000000000366946Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93fd8a99a39281332021-12-21 10:31:19.943root 11241100x8000000000000000366947Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:19.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49fe9cccca18782e2021-12-21 10:31:19.943root 354300x8000000000000000366948Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:20.017{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47216-false10.0.1.12-8000- 154100x8000000000000000366949Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:20.130{ec2b6afe-acf8-61c1-6814-8a72ed550000}5747/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/4046root{ec2b6afe-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}2319--- 534500x8000000000000000366950Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:20.140{ec2b6afe-acf8-61c1-6814-8a72ed550000}5747/bin/psroot 11241100x8000000000000000366951Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9f9f5b479a0bd1fb2021-12-21 10:31:20.443root 11241100x8000000000000000366952Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b1267ac42f89eb42021-12-21 10:31:20.443root 11241100x8000000000000000366953Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba3909e0526b17652021-12-21 10:31:20.443root 11241100x8000000000000000366954Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e5ee29766966eaf2021-12-21 10:31:20.443root 11241100x8000000000000000366955Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d866f8e562d121f2021-12-21 10:31:20.443root 11241100x8000000000000000366956Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:20.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aaa5b3b08cfa3e552021-12-21 10:31:20.443root 11241100x8000000000000000366957Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dbc886ae5302bf62021-12-21 10:31:20.943root 11241100x8000000000000000366958Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e33a8db1c3d3ade52021-12-21 10:31:20.943root 11241100x8000000000000000366959Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83e240ddbb9981352021-12-21 10:31:20.943root 11241100x8000000000000000366960Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.846399b510a093232021-12-21 10:31:20.943root 11241100x8000000000000000366961Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:20.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61742e06cccffe7f2021-12-21 10:31:20.943root 11241100x8000000000000000366962Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:20.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b249ed3208663782021-12-21 10:31:20.944root 11241100x8000000000000000366963Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4652f1648c37f192021-12-21 10:31:21.443root 11241100x8000000000000000366964Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d1b8090fcec88122021-12-21 10:31:21.443root 11241100x8000000000000000366965Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b35280192ea038ec2021-12-21 10:31:21.443root 11241100x8000000000000000366966Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d8a9200137981f5a2021-12-21 10:31:21.443root 11241100x8000000000000000366967Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87e0daca125263a82021-12-21 10:31:21.443root 11241100x8000000000000000366968Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:21.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6bf5b29b96f1bd6e2021-12-21 10:31:21.443root 11241100x8000000000000000366969Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f080915a1dd87ca72021-12-21 10:31:21.943root 11241100x8000000000000000366970Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c0c0237f636878c2021-12-21 10:31:21.943root 11241100x8000000000000000366971Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07060d9e65ca002f2021-12-21 10:31:21.943root 11241100x8000000000000000366972Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.832131b4c53030432021-12-21 10:31:21.943root 11241100x8000000000000000366973Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50b832c792eab5fc2021-12-21 10:31:21.943root 11241100x8000000000000000366974Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:21.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5c4147cf0d427112021-12-21 10:31:21.943root 11241100x8000000000000000366975Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c3d138cfe45a3722021-12-21 10:31:22.443root 11241100x8000000000000000366976Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.112cb2eff72eef572021-12-21 10:31:22.443root 11241100x8000000000000000366977Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.651fdcf5333a84462021-12-21 10:31:22.443root 11241100x8000000000000000366978Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dd4f5792fc2d55222021-12-21 10:31:22.443root 11241100x8000000000000000366979Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ab8e0bb82a5ac802021-12-21 10:31:22.443root 11241100x8000000000000000366980Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:22.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb7f5d051fb1cc452021-12-21 10:31:22.443root 11241100x8000000000000000366981Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.00202ccf62bff1eb2021-12-21 10:31:22.943root 11241100x8000000000000000366982Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.333a09d3dc6aa7f52021-12-21 10:31:22.943root 11241100x8000000000000000366983Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1a6dc90a3bf42e52021-12-21 10:31:22.943root 11241100x8000000000000000366984Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.01ea425c347c30b72021-12-21 10:31:22.943root 11241100x8000000000000000366985Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3304bcd08222df792021-12-21 10:31:22.943root 11241100x8000000000000000366986Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:22.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a7917bceb2b63b902021-12-21 10:31:22.943root 11241100x8000000000000000366987Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee1997ce13c34c6c2021-12-21 10:31:23.443root 11241100x8000000000000000366988Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b35837fcf2dd8752021-12-21 10:31:23.443root 11241100x8000000000000000366989Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a9f3916f888ebf562021-12-21 10:31:23.443root 11241100x8000000000000000366990Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0587b7ad2c2621352021-12-21 10:31:23.443root 11241100x8000000000000000366991Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1dd48851b20937692021-12-21 10:31:23.443root 11241100x8000000000000000366992Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:23.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5b5b836d36aaf33d2021-12-21 10:31:23.443root 11241100x8000000000000000366993Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19a8fa4a0f287f3b2021-12-21 10:31:23.943root 11241100x8000000000000000366994Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3eb2526c417546602021-12-21 10:31:23.943root 11241100x8000000000000000366995Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a24be8a2ff2b3be32021-12-21 10:31:23.943root 11241100x8000000000000000366996Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf05e1bf3c3bfb9f2021-12-21 10:31:23.943root 11241100x8000000000000000366997Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2eca1a447dad6e72021-12-21 10:31:23.943root 11241100x8000000000000000366998Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:23.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.32a59d2cdd5e05cd2021-12-21 10:31:23.943root 11241100x8000000000000000366999Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:24.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e9059ceededc0ce2021-12-21 10:31:24.442root 11241100x8000000000000000367000Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d5885a0eecbb8f2021-12-21 10:31:24.443root 11241100x8000000000000000367001Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6744200771a89362021-12-21 10:31:24.443root 11241100x8000000000000000367002Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cf0554f6d629e85f2021-12-21 10:31:24.443root 11241100x8000000000000000367003Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ead5c6d2e5920f62021-12-21 10:31:24.443root 11241100x8000000000000000367004Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:24.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8e6d4406ea7aa9c2021-12-21 10:31:24.443root 11241100x8000000000000000367005Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4331653a02d0d5372021-12-21 10:31:24.943root 11241100x8000000000000000367006Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c835dec3db8b9b0e2021-12-21 10:31:24.943root 11241100x8000000000000000367007Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.802fed7cceab1bf82021-12-21 10:31:24.943root 11241100x8000000000000000367008Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d16becc5cd8f0d312021-12-21 10:31:24.943root 11241100x8000000000000000367009Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86783ed1758e107d2021-12-21 10:31:24.943root 11241100x8000000000000000367010Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:24.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2f69a441160fd7102021-12-21 10:31:24.943root 354300x8000000000000000367011Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:25.031{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47218-false10.0.1.12-8000- 354300x8000000000000000367012Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:25.121{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.25-34284-false10.0.1.12-8089- 11241100x8000000000000000367013Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7877949af88f180e2021-12-21 10:31:25.443root 11241100x8000000000000000367014Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54f543167b1d83732021-12-21 10:31:25.443root 11241100x8000000000000000367015Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a60382b9c31bfb2021-12-21 10:31:25.443root 11241100x8000000000000000367016Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.eba5d0c7be61de5f2021-12-21 10:31:25.443root 11241100x8000000000000000367017Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f58774d6afa0f46f2021-12-21 10:31:25.443root 11241100x8000000000000000367018Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.09127996661898a72021-12-21 10:31:25.443root 11241100x8000000000000000367019Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d842eeced091bdf2021-12-21 10:31:25.443root 11241100x8000000000000000367020Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:25.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a575da97b5de046b2021-12-21 10:31:25.443root 11241100x8000000000000000367021Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af26bcf366804b812021-12-21 10:31:25.943root 11241100x8000000000000000367022Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e686fae833abaff02021-12-21 10:31:25.943root 11241100x8000000000000000367023Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bfa89e87f33fd5a32021-12-21 10:31:25.943root 11241100x8000000000000000367024Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fb7563ca55b205b2021-12-21 10:31:25.943root 11241100x8000000000000000367025Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:25.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d86d7d351e884fbe2021-12-21 10:31:25.943root 11241100x8000000000000000367026Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e9859ce5f7be41d2021-12-21 10:31:25.944root 11241100x8000000000000000367027Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a84b584bdb1bccf2021-12-21 10:31:25.944root 11241100x8000000000000000367028Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:25.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96660f7c857549932021-12-21 10:31:25.944root 11241100x8000000000000000367029Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.144e870f2ca201672021-12-21 10:31:26.443root 11241100x8000000000000000367030Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba52e609c80644fe2021-12-21 10:31:26.443root 11241100x8000000000000000367031Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a95dd18d6c99b5252021-12-21 10:31:26.443root 11241100x8000000000000000367032Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:26.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8adaf2e8038b7c932021-12-21 10:31:26.443root 11241100x8000000000000000367033Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.139b265e980727b12021-12-21 10:31:26.444root 11241100x8000000000000000367034Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a766105c739f3cc52021-12-21 10:31:26.444root 11241100x8000000000000000367035Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.352823351384abc72021-12-21 10:31:26.444root 11241100x8000000000000000367036Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:26.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52a97449e075b3162021-12-21 10:31:26.444root 11241100x8000000000000000367037Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:26.942{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.571b58bbd3c4eb5f2021-12-21 10:31:26.942root 11241100x8000000000000000367038Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.414eba166e0927892021-12-21 10:31:26.943root 11241100x8000000000000000367039Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d8def515bcd6fb22021-12-21 10:31:26.943root 11241100x8000000000000000367040Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e678bb0e8fd0515f2021-12-21 10:31:26.943root 11241100x8000000000000000367041Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bfcfdebfd24545a2021-12-21 10:31:26.943root 11241100x8000000000000000367042Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8765a4cbbbbdb932021-12-21 10:31:26.943root 11241100x8000000000000000367043Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c53a83da7dcc7dc2021-12-21 10:31:26.943root 11241100x8000000000000000367044Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:26.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3edc798bd5b1dac92021-12-21 10:31:26.943root 11241100x8000000000000000367045Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86c07735f4d5d0782021-12-21 10:31:27.443root 11241100x8000000000000000367046Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c4f2b77034a119b22021-12-21 10:31:27.443root 11241100x8000000000000000367047Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e272bb667be5522021-12-21 10:31:27.443root 11241100x8000000000000000367048Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa6dee960354d7f82021-12-21 10:31:27.443root 11241100x8000000000000000367049Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de6bd093a4c937602021-12-21 10:31:27.443root 11241100x8000000000000000367050Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8ad60df3ecbfe84e2021-12-21 10:31:27.443root 11241100x8000000000000000367051Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.981b23fd6e8c88412021-12-21 10:31:27.443root 11241100x8000000000000000367052Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:27.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dab65fb08f8b269a2021-12-21 10:31:27.443root 11241100x8000000000000000367053Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45f138d2e0db38de2021-12-21 10:31:27.943root 11241100x8000000000000000367054Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.07201915ac92faa02021-12-21 10:31:27.943root 11241100x8000000000000000367055Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0bf02afb31049a792021-12-21 10:31:27.943root 11241100x8000000000000000367056Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b921b067ec0061d32021-12-21 10:31:27.943root 11241100x8000000000000000367057Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64b04b5a4aec5bb22021-12-21 10:31:27.943root 11241100x8000000000000000367058Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc1230d602a355172021-12-21 10:31:27.943root 11241100x8000000000000000367059Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6849ec186c97fe3e2021-12-21 10:31:27.943root 11241100x8000000000000000367060Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:27.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4874bca011c88692021-12-21 10:31:27.943root 11241100x8000000000000000367061Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f3054f057950d1682021-12-21 10:31:28.443root 11241100x8000000000000000367062Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce124ccd264635e42021-12-21 10:31:28.443root 11241100x8000000000000000367063Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.88f73e654d7bab3c2021-12-21 10:31:28.443root 11241100x8000000000000000367064Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0fbe1474ad3860172021-12-21 10:31:28.443root 11241100x8000000000000000367065Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.544987a6adae426b2021-12-21 10:31:28.443root 11241100x8000000000000000367066Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac7869fb2f93ffa22021-12-21 10:31:28.443root 11241100x8000000000000000367067Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b55ffe7eff903b72021-12-21 10:31:28.443root 11241100x8000000000000000367068Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:28.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f156f9d996538bbb2021-12-21 10:31:28.443root 11241100x8000000000000000367069Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04a531bd26afbe6a2021-12-21 10:31:28.943root 11241100x8000000000000000367070Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c34e8b24041029c2021-12-21 10:31:28.943root 11241100x8000000000000000367071Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:28.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9ea04b28abc18282021-12-21 10:31:28.943root 11241100x8000000000000000367072Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.39bf9d6a2275f68b2021-12-21 10:31:28.944root 11241100x8000000000000000367073Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:28.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98d16e9a0abcd70f2021-12-21 10:31:28.944root 11241100x8000000000000000367074Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9009693ddb171992021-12-21 10:31:28.945root 11241100x8000000000000000367075Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22cf123e27a4423f2021-12-21 10:31:28.945root 11241100x8000000000000000367076Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:28.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5834ae2bf4205fea2021-12-21 10:31:28.945root 11241100x8000000000000000367077Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34819756b80170312021-12-21 10:31:29.443root 11241100x8000000000000000367078Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b5c2a9d7e78ea9de2021-12-21 10:31:29.443root 11241100x8000000000000000367079Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.49c69b086ea8e46c2021-12-21 10:31:29.443root 11241100x8000000000000000367080Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8e631a67b611a6ba2021-12-21 10:31:29.443root 11241100x8000000000000000367081Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1b1733ddbfc150f2021-12-21 10:31:29.443root 11241100x8000000000000000367082Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.84e848d6a4f5bac92021-12-21 10:31:29.443root 11241100x8000000000000000367083Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.44877ba1e3a006082021-12-21 10:31:29.443root 11241100x8000000000000000367084Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:29.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e8051b4de47342e2021-12-21 10:31:29.443root 11241100x8000000000000000367085Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.19c53729231332822021-12-21 10:31:29.943root 11241100x8000000000000000367086Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6501d4b34d5241522021-12-21 10:31:29.943root 11241100x8000000000000000367087Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.019462a1539aac402021-12-21 10:31:29.943root 11241100x8000000000000000367088Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c93f641fac3cf6d82021-12-21 10:31:29.943root 11241100x8000000000000000367089Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d1f2945577164c9f2021-12-21 10:31:29.943root 11241100x8000000000000000367090Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.da17920dee7460cc2021-12-21 10:31:29.943root 11241100x8000000000000000367091Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:29.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.281346b89743ad2e2021-12-21 10:31:29.943root 11241100x8000000000000000367092Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:29.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ae56375aac3d98202021-12-21 10:31:29.944root 354300x8000000000000000367093Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:30.186{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47222-false10.0.1.12-8000- 11241100x8000000000000000367094Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.895b5f808a5f47872021-12-21 10:31:30.443root 11241100x8000000000000000367095Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.098267bf60d8b92d2021-12-21 10:31:30.443root 11241100x8000000000000000367096Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.129fe9fffb1d6fc72021-12-21 10:31:30.443root 11241100x8000000000000000367097Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6940a57727ab47c22021-12-21 10:31:30.443root 11241100x8000000000000000367098Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dad95511c5674692021-12-21 10:31:30.443root 11241100x8000000000000000367099Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba5248ea39882402021-12-21 10:31:30.443root 11241100x8000000000000000367100Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b7aea4f933ef63b2021-12-21 10:31:30.443root 11241100x8000000000000000367101Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab3c995c0eeace7f2021-12-21 10:31:30.443root 11241100x8000000000000000367102Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:30.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb44662c3648ddd32021-12-21 10:31:30.443root 11241100x8000000000000000367103Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e3ce6f36a83b3f2021-12-21 10:31:30.943root 11241100x8000000000000000367104Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6d0990a05a151a2a2021-12-21 10:31:30.943root 11241100x8000000000000000367105Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04d0f42169061df52021-12-21 10:31:30.943root 11241100x8000000000000000367106Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34b4d82d7b4ff0982021-12-21 10:31:30.943root 11241100x8000000000000000367107Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.08ca78ba656e69a72021-12-21 10:31:30.943root 11241100x8000000000000000367108Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddcb198a70e5ac0e2021-12-21 10:31:30.943root 11241100x8000000000000000367109Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66a1f524a073b42c2021-12-21 10:31:30.943root 11241100x8000000000000000367110Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4899fa750df7e10c2021-12-21 10:31:30.943root 11241100x8000000000000000367111Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:30.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.99e253f05a5f3f512021-12-21 10:31:30.943root 11241100x8000000000000000367112Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40c02660b6868ac92021-12-21 10:31:31.443root 11241100x8000000000000000367113Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e550d89061bf60b22021-12-21 10:31:31.443root 11241100x8000000000000000367114Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb6ec6372275a8dd2021-12-21 10:31:31.443root 11241100x8000000000000000367115Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.853e56aea24e291a2021-12-21 10:31:31.443root 11241100x8000000000000000367116Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a2a3750e21d96bd12021-12-21 10:31:31.443root 11241100x8000000000000000367117Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d29c8e99c68197372021-12-21 10:31:31.443root 11241100x8000000000000000367118Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5150e6984537fed2021-12-21 10:31:31.443root 11241100x8000000000000000367119Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:31.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3da31698bfc1fd72021-12-21 10:31:31.443root 11241100x8000000000000000367120Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:31.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86056640694556d12021-12-21 10:31:31.444root 11241100x8000000000000000367121Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36e997b0097a06da2021-12-21 10:31:31.943root 11241100x8000000000000000367122Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.94b53fee652a57962021-12-21 10:31:31.943root 11241100x8000000000000000367123Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583acc78a8f616102021-12-21 10:31:31.943root 11241100x8000000000000000367124Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b204ae72f9c60b12021-12-21 10:31:31.943root 11241100x8000000000000000367125Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.798d251a72d6c2dc2021-12-21 10:31:31.943root 11241100x8000000000000000367126Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc95614053e50a362021-12-21 10:31:31.943root 11241100x8000000000000000367127Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b8f6800edb2d176e2021-12-21 10:31:31.943root 11241100x8000000000000000367128Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e20605f00b1247e2021-12-21 10:31:31.943root 11241100x8000000000000000367129Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:31.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2477c8a5c3dad27b2021-12-21 10:31:31.943root 11241100x8000000000000000367130Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cd7379be4aa207212021-12-21 10:31:32.443root 11241100x8000000000000000367131Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1fdc5c42069655db2021-12-21 10:31:32.443root 11241100x8000000000000000367132Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4caac83a974ba7282021-12-21 10:31:32.443root 11241100x8000000000000000367133Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa5a7d7d1f860a242021-12-21 10:31:32.443root 11241100x8000000000000000367134Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5bad0cfc8e83cf812021-12-21 10:31:32.443root 11241100x8000000000000000367135Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4d535b456e3da202021-12-21 10:31:32.443root 11241100x8000000000000000367136Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3975432de57ace752021-12-21 10:31:32.443root 11241100x8000000000000000367137Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42c7bbe0123aa6152021-12-21 10:31:32.443root 11241100x8000000000000000367138Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:32.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.53de1eaa319d95542021-12-21 10:31:32.443root 11241100x8000000000000000367139Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.374d1106bcf3141c2021-12-21 10:31:32.943root 11241100x8000000000000000367140Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e3601dde0fbbdc02021-12-21 10:31:32.943root 11241100x8000000000000000367141Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dafd60e4242be2a22021-12-21 10:31:32.943root 11241100x8000000000000000367142Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3abf5cc3c8adf2a82021-12-21 10:31:32.943root 11241100x8000000000000000367143Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e83bba35df9aad842021-12-21 10:31:32.943root 11241100x8000000000000000367144Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7e715c4edce6f442021-12-21 10:31:32.943root 11241100x8000000000000000367145Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:32.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ad97b8a717520f5f2021-12-21 10:31:32.943root 11241100x8000000000000000367146Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.60d43380cb26cf2c2021-12-21 10:31:32.944root 11241100x8000000000000000367147Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:32.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ca8a498b2005d522021-12-21 10:31:32.944root 11241100x8000000000000000367148Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b3347020d51acc172021-12-21 10:31:33.443root 11241100x8000000000000000367149Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bed490ca436e41642021-12-21 10:31:33.443root 11241100x8000000000000000367150Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5011416dae8d018a2021-12-21 10:31:33.443root 11241100x8000000000000000367151Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9e786f5c715a2112021-12-21 10:31:33.443root 11241100x8000000000000000367152Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62ed30884bd3ccbc2021-12-21 10:31:33.443root 11241100x8000000000000000367153Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.58d3aebe72632a742021-12-21 10:31:33.443root 11241100x8000000000000000367154Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4e8a921d8b334b42021-12-21 10:31:33.443root 11241100x8000000000000000367155Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.befe88b2c908148b2021-12-21 10:31:33.443root 11241100x8000000000000000367156Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:33.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.753fd3a2c29fde382021-12-21 10:31:33.443root 11241100x8000000000000000367157Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b77ae77af8d37852021-12-21 10:31:33.943root 11241100x8000000000000000367158Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c0b06d160d11ee52021-12-21 10:31:33.943root 11241100x8000000000000000367159Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.557f6d6bcec6e2182021-12-21 10:31:33.943root 11241100x8000000000000000367160Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3053208999c64aca2021-12-21 10:31:33.943root 11241100x8000000000000000367161Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e57f9447cd721d9c2021-12-21 10:31:33.943root 11241100x8000000000000000367162Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b324b8ac6425d7132021-12-21 10:31:33.943root 11241100x8000000000000000367163Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.16c2344d460a5af22021-12-21 10:31:33.943root 11241100x8000000000000000367164Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6031b5c8bbd61d502021-12-21 10:31:33.943root 11241100x8000000000000000367165Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:33.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8228cd4c2393287b2021-12-21 10:31:33.943root 11241100x8000000000000000367166Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.911e217db3c90a7c2021-12-21 10:31:34.443root 11241100x8000000000000000367167Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b14892d02e8b35b42021-12-21 10:31:34.443root 11241100x8000000000000000367168Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.013fa0e6a4eedbdc2021-12-21 10:31:34.443root 11241100x8000000000000000367169Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.42d65e358c3df9662021-12-21 10:31:34.443root 11241100x8000000000000000367170Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f5a6af91d1342deb2021-12-21 10:31:34.443root 11241100x8000000000000000367171Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0315ef93d813aed2021-12-21 10:31:34.443root 11241100x8000000000000000367172Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:34.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a975f6cd3c76b192021-12-21 10:31:34.443root 11241100x8000000000000000367173Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b042a666ce15d52021-12-21 10:31:34.444root 11241100x8000000000000000367174Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:34.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0db21b74ccc30ef52021-12-21 10:31:34.444root 11241100x8000000000000000367175Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3af9f123deb20a302021-12-21 10:31:34.943root 11241100x8000000000000000367176Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8f5689212f5dcb9e2021-12-21 10:31:34.943root 11241100x8000000000000000367177Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6c7255ac2f7bb5f2021-12-21 10:31:34.943root 11241100x8000000000000000367178Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b4a2c353184d05732021-12-21 10:31:34.943root 11241100x8000000000000000367179Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f41ffcc6569268992021-12-21 10:31:34.943root 11241100x8000000000000000367180Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c0760d3d4d855ccb2021-12-21 10:31:34.943root 11241100x8000000000000000367181Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e28fbfbb484d87ce2021-12-21 10:31:34.943root 11241100x8000000000000000367182Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ebe031d83d7e16342021-12-21 10:31:34.943root 11241100x8000000000000000367183Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:34.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3661c531499c28622021-12-21 10:31:34.943root 11241100x8000000000000000367184Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.980cfd27a9574b462021-12-21 10:31:35.443root 11241100x8000000000000000367185Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52c40f2f1ff339a72021-12-21 10:31:35.443root 11241100x8000000000000000367186Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0879430f09c423872021-12-21 10:31:35.443root 11241100x8000000000000000367187Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8d8ff193cee38332021-12-21 10:31:35.443root 11241100x8000000000000000367188Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ff8b4c66921ceac2021-12-21 10:31:35.443root 11241100x8000000000000000367189Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.723c74a80cad78352021-12-21 10:31:35.443root 11241100x8000000000000000367190Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e68db0db4efb00b2021-12-21 10:31:35.443root 11241100x8000000000000000367191Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.329ed528dd47d5482021-12-21 10:31:35.443root 11241100x8000000000000000367192Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:35.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.561f70ecbb26989d2021-12-21 10:31:35.443root 11241100x8000000000000000367193Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4d943d61e50cdab2021-12-21 10:31:35.943root 11241100x8000000000000000367194Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e59dd510194a66372021-12-21 10:31:35.943root 11241100x8000000000000000367195Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.78dfc9b4cdc751c72021-12-21 10:31:35.943root 11241100x8000000000000000367196Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8439c6cbe8dfe5d72021-12-21 10:31:35.943root 11241100x8000000000000000367197Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.797cbafcd995a8e82021-12-21 10:31:35.943root 11241100x8000000000000000367198Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62280bddc86e746b2021-12-21 10:31:35.943root 11241100x8000000000000000367199Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa0f2423ef523f382021-12-21 10:31:35.943root 11241100x8000000000000000367200Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:35.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.373962cda20e69972021-12-21 10:31:35.943root 11241100x8000000000000000367201Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:35.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6af7c7712c8a6aca2021-12-21 10:31:35.944root 354300x8000000000000000367202Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:36.088{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47224-false10.0.1.12-8000- 11241100x8000000000000000367203Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:36.346{ec2b6afe-95d2-61c1-3038-b84203560000}5272/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log2021-12-21 10:31:36.346root 11241100x8000000000000000367204Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:36.347{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.184fa99f04b918f42021-12-21 10:31:36.347root 11241100x8000000000000000367205Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:36.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d6d75b78a34225b2021-12-21 10:31:36.348root 11241100x8000000000000000367206Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:36.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.add4fd7b619558892021-12-21 10:31:36.348root 11241100x8000000000000000367207Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:36.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af3d9dbd2b4c54042021-12-21 10:31:36.348root 11241100x8000000000000000367208Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:36.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9fcb6e1fdfe019a22021-12-21 10:31:36.348root 11241100x8000000000000000367209Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:36.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff0417964d6112e92021-12-21 10:31:36.348root 11241100x8000000000000000367210Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:36.348{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.609b31b5ae7835982021-12-21 10:31:36.348root 11241100x8000000000000000367211Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:36.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1ee64a36f803217a2021-12-21 10:31:36.349root 11241100x8000000000000000367212Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:36.349{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1df7ed1da0ec26f52021-12-21 10:31:36.349root 11241100x8000000000000000367213Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:36.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e24dfe125f6f5512021-12-21 10:31:36.350root 11241100x8000000000000000367214Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:36.350{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ead412577389c2f32021-12-21 10:31:36.350root 11241100x8000000000000000367215Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e5b98bc04d5b2fa92021-12-21 10:31:36.693root 11241100x8000000000000000367216Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.15ad0a75a95f8f102021-12-21 10:31:36.693root 11241100x8000000000000000367217Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b05d9fc4b76cd792021-12-21 10:31:36.693root 11241100x8000000000000000367218Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f6eccd68aa331872021-12-21 10:31:36.693root 11241100x8000000000000000367219Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:36.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9c857e1b05d93fa2021-12-21 10:31:36.693root 11241100x8000000000000000367220Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e3f3e69b461680be2021-12-21 10:31:36.694root 11241100x8000000000000000367221Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:36.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9aea754f0657e0ea2021-12-21 10:31:36.694root 11241100x8000000000000000367222Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.62efb7a4c4544f7d2021-12-21 10:31:36.695root 11241100x8000000000000000367223Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0500e3c9050ab2372021-12-21 10:31:36.695root 11241100x8000000000000000367224Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3a1e2a2c86b114f12021-12-21 10:31:36.695root 11241100x8000000000000000367225Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:36.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ddec6d88ab71d53c2021-12-21 10:31:36.695root 11241100x8000000000000000367226Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.127f6067eec95b1d2021-12-21 10:31:37.193root 11241100x8000000000000000367227Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.df1df1f032ef4d9b2021-12-21 10:31:37.193root 11241100x8000000000000000367228Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d0e08577b3dee8612021-12-21 10:31:37.193root 11241100x8000000000000000367229Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.38096c8749a919552021-12-21 10:31:37.193root 11241100x8000000000000000367230Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.89f1fe56cd9bdd632021-12-21 10:31:37.193root 11241100x8000000000000000367231Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b0d62fb8e4d4eaf2021-12-21 10:31:37.193root 11241100x8000000000000000367232Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8038b7df2d420b792021-12-21 10:31:37.193root 11241100x8000000000000000367233Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b40f6fec74caa8c42021-12-21 10:31:37.193root 11241100x8000000000000000367234Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.011ccc000867cae72021-12-21 10:31:37.193root 11241100x8000000000000000367235Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:37.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.468506e8743636992021-12-21 10:31:37.193root 11241100x8000000000000000367236Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:37.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db3433fea7269ef92021-12-21 10:31:37.194root 11241100x8000000000000000367237Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2512eb55e199dc242021-12-21 10:31:37.693root 11241100x8000000000000000367238Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.464cbba0246cb2b72021-12-21 10:31:37.693root 11241100x8000000000000000367239Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4f39b418818c87b02021-12-21 10:31:37.693root 11241100x8000000000000000367240Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f8846459a22511a52021-12-21 10:31:37.693root 11241100x8000000000000000367241Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7009278a81637c732021-12-21 10:31:37.693root 11241100x8000000000000000367242Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c91c379ff6ace0462021-12-21 10:31:37.693root 11241100x8000000000000000367243Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c5ebf5dcc02564c2021-12-21 10:31:37.693root 11241100x8000000000000000367244Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.542ab9560a9d94e02021-12-21 10:31:37.693root 11241100x8000000000000000367245Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6ddcb9eed43d1cbd2021-12-21 10:31:37.693root 11241100x8000000000000000367246Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9df0430e069230f52021-12-21 10:31:37.693root 11241100x8000000000000000367247Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:37.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e17b41789ac98bb02021-12-21 10:31:37.693root 11241100x8000000000000000367248Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.71007459a3e450f42021-12-21 10:31:38.193root 11241100x8000000000000000367249Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db8ab6d0ce56ccc92021-12-21 10:31:38.193root 11241100x8000000000000000367250Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5cfcd5a99469a5722021-12-21 10:31:38.193root 11241100x8000000000000000367251Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d89e8562bb6479ba2021-12-21 10:31:38.193root 11241100x8000000000000000367252Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f2f67355b37714e22021-12-21 10:31:38.193root 11241100x8000000000000000367253Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0905c07699cb7b3c2021-12-21 10:31:38.193root 11241100x8000000000000000367254Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecc283304a553b872021-12-21 10:31:38.193root 11241100x8000000000000000367255Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51c207a825e9052f2021-12-21 10:31:38.193root 11241100x8000000000000000367256Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3687801966058c972021-12-21 10:31:38.193root 11241100x8000000000000000367257Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2ce32b80527298e2021-12-21 10:31:38.193root 11241100x8000000000000000367258Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:38.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.859c120b887f3d072021-12-21 10:31:38.193root 11241100x8000000000000000367259Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f99455961b840002021-12-21 10:31:38.693root 11241100x8000000000000000367260Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a453277adb906bb92021-12-21 10:31:38.693root 11241100x8000000000000000367261Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abab6d16c4595e072021-12-21 10:31:38.693root 11241100x8000000000000000367262Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b799b6708a584b82021-12-21 10:31:38.693root 11241100x8000000000000000367263Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ff62019cfe317bb62021-12-21 10:31:38.693root 11241100x8000000000000000367264Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37a5078448969ecd2021-12-21 10:31:38.693root 11241100x8000000000000000367265Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf812016a34d87f2021-12-21 10:31:38.693root 11241100x8000000000000000367266Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:38.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5071939f505fe7492021-12-21 10:31:38.693root 11241100x8000000000000000367267Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f73e87127dc3025b2021-12-21 10:31:38.694root 11241100x8000000000000000367268Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de5c7912ae2ca4a42021-12-21 10:31:38.694root 11241100x8000000000000000367269Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:38.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7bd6d22ef54e20dd2021-12-21 10:31:38.694root 11241100x8000000000000000367270Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93afabdd2bedbb5c2021-12-21 10:31:39.193root 11241100x8000000000000000367271Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73548d9a60933a1f2021-12-21 10:31:39.193root 11241100x8000000000000000367272Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de69122b456bb7332021-12-21 10:31:39.193root 11241100x8000000000000000367273Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37fdbc702bd22a0d2021-12-21 10:31:39.193root 11241100x8000000000000000367274Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ac8b404f9384f3282021-12-21 10:31:39.193root 11241100x8000000000000000367275Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e540234405e563922021-12-21 10:31:39.193root 11241100x8000000000000000367276Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.655b54e7e75a752e2021-12-21 10:31:39.193root 11241100x8000000000000000367277Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:39.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b868850a3b55ba2a2021-12-21 10:31:39.193root 11241100x8000000000000000367278Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6709c0e6cfa4f4542021-12-21 10:31:39.194root 11241100x8000000000000000367279Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e6a3a4652ecfa2d2021-12-21 10:31:39.194root 11241100x8000000000000000367280Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:39.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1e938ad8c21ac9b72021-12-21 10:31:39.194root 23542300x8000000000000000367281Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:39.348{ec2b6afe-95d2-61c1-3038-b84203560000}5272root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 11241100x8000000000000000367282Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66cda6e208b72dba2021-12-21 10:31:39.694root 11241100x8000000000000000367283Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f8ab1297353ad2c2021-12-21 10:31:39.694root 11241100x8000000000000000367284Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b256b2713d2a7a42021-12-21 10:31:39.694root 11241100x8000000000000000367285Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d625931cbe396ed2021-12-21 10:31:39.694root 11241100x8000000000000000367286Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.13e8eb9e42e1ea332021-12-21 10:31:39.694root 11241100x8000000000000000367287Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2985eff1af7217072021-12-21 10:31:39.694root 11241100x8000000000000000367288Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:39.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b26d034a54549fe02021-12-21 10:31:39.694root 11241100x8000000000000000367289Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.261a05cce501146b2021-12-21 10:31:39.695root 11241100x8000000000000000367290Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9e1fff0daefde1bd2021-12-21 10:31:39.695root 11241100x8000000000000000367291Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5a744cdd01077f2021-12-21 10:31:39.695root 11241100x8000000000000000367292Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9515152f27850f32021-12-21 10:31:39.695root 11241100x8000000000000000367293Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:39.695{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e8a98db39eb6cafc2021-12-21 10:31:39.695root 11241100x8000000000000000367294Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.275f6aebb3eaf7802021-12-21 10:31:40.193root 11241100x8000000000000000367295Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af45177cd5c951f82021-12-21 10:31:40.193root 11241100x8000000000000000367296Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d175d3ed1378a1fc2021-12-21 10:31:40.193root 11241100x8000000000000000367297Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a067a0317faf71732021-12-21 10:31:40.193root 11241100x8000000000000000367298Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecd3e58447d96f2b2021-12-21 10:31:40.193root 11241100x8000000000000000367299Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d610338f1140d112021-12-21 10:31:40.193root 11241100x8000000000000000367300Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.66e1c581b86a4fff2021-12-21 10:31:40.193root 11241100x8000000000000000367301Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34024741e4bc62d52021-12-21 10:31:40.193root 11241100x8000000000000000367302Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:40.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8cc2942e8efc56f52021-12-21 10:31:40.193root 11241100x8000000000000000367303Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4d1f3833acf01e622021-12-21 10:31:40.194root 11241100x8000000000000000367304Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f10e35b08d522e902021-12-21 10:31:40.194root 11241100x8000000000000000367305Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:40.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8536dd60392b240c2021-12-21 10:31:40.194root 11241100x8000000000000000367306Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bade02cd6d78c0aa2021-12-21 10:31:40.693root 11241100x8000000000000000367307Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1b626c135a5c4e902021-12-21 10:31:40.693root 11241100x8000000000000000367308Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.20460ac233ef48382021-12-21 10:31:40.693root 11241100x8000000000000000367309Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f03bd8f8d1c596a22021-12-21 10:31:40.693root 11241100x8000000000000000367310Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f1c1be3b253d62882021-12-21 10:31:40.693root 11241100x8000000000000000367311Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ee849a44647f80222021-12-21 10:31:40.693root 11241100x8000000000000000367312Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.113e52b1907426552021-12-21 10:31:40.693root 11241100x8000000000000000367313Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f33025708b52172021-12-21 10:31:40.693root 11241100x8000000000000000367314Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ecbb2e8a3a0a8edb2021-12-21 10:31:40.693root 11241100x8000000000000000367315Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b59e447c80c2c0ce2021-12-21 10:31:40.693root 11241100x8000000000000000367316Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:40.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c9fb4312b37770a32021-12-21 10:31:40.693root 11241100x8000000000000000367317Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:40.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61a843fb469070a62021-12-21 10:31:40.694root 354300x8000000000000000367318Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.160{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47226-false10.0.1.12-8000- 11241100x8000000000000000367319Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.162{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e2e2c4c516dedf4e2021-12-21 10:31:41.162root 11241100x8000000000000000367320Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.162{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef529022aa9df2b2021-12-21 10:31:41.162root 11241100x8000000000000000367321Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.162{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6b16d39283eda2952021-12-21 10:31:41.162root 11241100x8000000000000000367322Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.77a97c8375aed1f82021-12-21 10:31:41.163root 11241100x8000000000000000367323Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fb0efdd7fc3f66102021-12-21 10:31:41.163root 11241100x8000000000000000367324Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a78fbd45dcdce0be2021-12-21 10:31:41.163root 11241100x8000000000000000367325Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.163{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.37da7c65a43fdcce2021-12-21 10:31:41.163root 11241100x8000000000000000367326Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46ff18b76ff784562021-12-21 10:31:41.164root 11241100x8000000000000000367327Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c945cee67ecdc212021-12-21 10:31:41.164root 11241100x8000000000000000367328Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dc14dbc66563ea412021-12-21 10:31:41.164root 11241100x8000000000000000367329Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.164{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5fdae6a8976d508f2021-12-21 10:31:41.164root 11241100x8000000000000000367330Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.165{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f51a3359095f8ab82021-12-21 10:31:41.165root 11241100x8000000000000000367331Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.165{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24a26f1bd851a9352021-12-21 10:31:41.165root 11241100x8000000000000000367332Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d1dce61b84e7902021-12-21 10:31:41.443root 11241100x8000000000000000367333Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d63e276247061abc2021-12-21 10:31:41.443root 11241100x8000000000000000367334Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e4781e2b1ad251532021-12-21 10:31:41.443root 11241100x8000000000000000367335Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0cc742a4fbc41dc92021-12-21 10:31:41.443root 11241100x8000000000000000367336Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.940bb6eb8f08ae0f2021-12-21 10:31:41.443root 11241100x8000000000000000367337Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d4c161f63d0e4e752021-12-21 10:31:41.443root 11241100x8000000000000000367338Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c73c471034047052021-12-21 10:31:41.443root 11241100x8000000000000000367339Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b2a81cc8e3c5152e2021-12-21 10:31:41.443root 11241100x8000000000000000367340Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa652190e28871232021-12-21 10:31:41.444root 11241100x8000000000000000367341Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.973b08d60c25971b2021-12-21 10:31:41.444root 11241100x8000000000000000367342Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5d5658860c88b8512021-12-21 10:31:41.444root 11241100x8000000000000000367343Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0e7ee37a69c52b4f2021-12-21 10:31:41.444root 11241100x8000000000000000367344Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d635f743c5c4aefd2021-12-21 10:31:41.444root 11241100x8000000000000000367345Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4e214763f0c1b5332021-12-21 10:31:41.943root 11241100x8000000000000000367346Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d3197a126930d242021-12-21 10:31:41.943root 11241100x8000000000000000367347Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6c2ec935cb79cd222021-12-21 10:31:41.943root 11241100x8000000000000000367348Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e9533f45ebfa0a72021-12-21 10:31:41.943root 11241100x8000000000000000367349Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1973b6e0e73b61c2021-12-21 10:31:41.943root 11241100x8000000000000000367350Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bd41d013204415642021-12-21 10:31:41.943root 11241100x8000000000000000367351Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.607271dc302761332021-12-21 10:31:41.943root 11241100x8000000000000000367352Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.439cc74167da04fe2021-12-21 10:31:41.943root 11241100x8000000000000000367353Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5ae6f321c19099192021-12-21 10:31:41.943root 11241100x8000000000000000367354Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4b3e4f718d9910202021-12-21 10:31:41.944root 11241100x8000000000000000367355Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dce513ab0ec268962021-12-21 10:31:41.944root 11241100x8000000000000000367356Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6a2a3036848ea8b62021-12-21 10:31:41.944root 11241100x8000000000000000367357Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:41.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d9040935bac0d1302021-12-21 10:31:41.944root 11241100x8000000000000000367358Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c5c6446c627764fc2021-12-21 10:31:42.443root 11241100x8000000000000000367359Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9be64788875f21942021-12-21 10:31:42.443root 11241100x8000000000000000367360Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a4dde1b4da9e33b52021-12-21 10:31:42.443root 11241100x8000000000000000367361Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e18f60928f5330622021-12-21 10:31:42.443root 11241100x8000000000000000367362Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1acb3776e1f701322021-12-21 10:31:42.443root 11241100x8000000000000000367363Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.82ba990ec692f2e62021-12-21 10:31:42.443root 11241100x8000000000000000367364Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:42.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4348a08e20e845d92021-12-21 10:31:42.443root 11241100x8000000000000000367365Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.75ecc2617077c8032021-12-21 10:31:42.444root 11241100x8000000000000000367366Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aa39fcbb9eb5a5f62021-12-21 10:31:42.444root 11241100x8000000000000000367367Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ef95991f722a82922021-12-21 10:31:42.444root 11241100x8000000000000000367368Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.03427c80a6bbf9052021-12-21 10:31:42.444root 11241100x8000000000000000367369Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6fa88505523a07b02021-12-21 10:31:42.444root 11241100x8000000000000000367370Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:42.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.61d9455229c571072021-12-21 10:31:42.444root 11241100x8000000000000000367371Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.70d384d0bf94be2e2021-12-21 10:31:42.943root 11241100x8000000000000000367372Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4196ad6441209992021-12-21 10:31:42.943root 11241100x8000000000000000367373Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5e4b3bc8d8e7de172021-12-21 10:31:42.943root 11241100x8000000000000000367374Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f69585c2656a22fd2021-12-21 10:31:42.943root 11241100x8000000000000000367375Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.de53c2a299c122512021-12-21 10:31:42.943root 11241100x8000000000000000367376Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:42.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.063249f52a50bddc2021-12-21 10:31:42.943root 11241100x8000000000000000367377Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c8763a052eb3b4e82021-12-21 10:31:42.944root 11241100x8000000000000000367378Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0341fcd2e00de9e22021-12-21 10:31:42.944root 11241100x8000000000000000367379Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c20979f63c88c6e2021-12-21 10:31:42.944root 11241100x8000000000000000367380Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.57df26384fd00f552021-12-21 10:31:42.944root 11241100x8000000000000000367381Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.80f669033412b4712021-12-21 10:31:42.944root 11241100x8000000000000000367382Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:42.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b76de50a4d6c696b2021-12-21 10:31:42.944root 11241100x8000000000000000367383Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:42.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.96d462531c401dfe2021-12-21 10:31:42.945root 11241100x8000000000000000367384Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:43.442{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.90b9d891191d39d62021-12-21 10:31:43.442root 11241100x8000000000000000367385Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f71bd1f45d1561e02021-12-21 10:31:43.443root 11241100x8000000000000000367386Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b99e1cd45c5f5cd22021-12-21 10:31:43.443root 11241100x8000000000000000367387Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9a60db2fea0491572021-12-21 10:31:43.443root 11241100x8000000000000000367388Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4ff07b753b742d0d2021-12-21 10:31:43.443root 11241100x8000000000000000367389Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.724237ecbf1bff622021-12-21 10:31:43.443root 11241100x8000000000000000367390Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a5b6bf91d137f09f2021-12-21 10:31:43.443root 11241100x8000000000000000367391Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.64e6e8cd425a99242021-12-21 10:31:43.443root 11241100x8000000000000000367392Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3920b34a02b685962021-12-21 10:31:43.443root 11241100x8000000000000000367393Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.50cca81a91c070e82021-12-21 10:31:43.443root 11241100x8000000000000000367394Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:43.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.caf86debe825e9612021-12-21 10:31:43.443root 11241100x8000000000000000367395Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a13d000353afeab32021-12-21 10:31:43.444root 11241100x8000000000000000367396Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:43.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb59dac4fcbe52622021-12-21 10:31:43.444root 11241100x8000000000000000367397Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83f3f4c8be9355152021-12-21 10:31:43.943root 11241100x8000000000000000367398Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a60e878d60f7832c2021-12-21 10:31:43.943root 11241100x8000000000000000367399Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.abc656137ad56bda2021-12-21 10:31:43.943root 11241100x8000000000000000367400Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b6d898015ab74e632021-12-21 10:31:43.943root 11241100x8000000000000000367401Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:43.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f75e25ded276cd182021-12-21 10:31:43.943root 11241100x8000000000000000367402Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3ed1c0355bf773662021-12-21 10:31:43.944root 11241100x8000000000000000367403Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7d14b13c7c27808c2021-12-21 10:31:43.944root 11241100x8000000000000000367404Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98816fafdda1ee982021-12-21 10:31:43.944root 11241100x8000000000000000367405Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.615808e71b5a150a2021-12-21 10:31:43.944root 11241100x8000000000000000367406Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c2d3a2ac0bc16db2021-12-21 10:31:43.944root 11241100x8000000000000000367407Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:43.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9dd4d74043ddf5412021-12-21 10:31:43.944root 11241100x8000000000000000367408Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a8af8a9479ee64c2021-12-21 10:31:43.945root 11241100x8000000000000000367409Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:43.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3b389100331116752021-12-21 10:31:43.945root 11241100x8000000000000000367410Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f6efe18f1ba8fd5b2021-12-21 10:31:44.443root 11241100x8000000000000000367411Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa936d4b82512b322021-12-21 10:31:44.443root 11241100x8000000000000000367412Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.85e59bf33cab95102021-12-21 10:31:44.443root 11241100x8000000000000000367413Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b349f730f0f6a2c72021-12-21 10:31:44.443root 11241100x8000000000000000367414Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ca9394d698352d7a2021-12-21 10:31:44.443root 11241100x8000000000000000367415Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:44.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e2c909a93813cc12021-12-21 10:31:44.443root 11241100x8000000000000000367416Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fa431df51036b2b52021-12-21 10:31:44.444root 11241100x8000000000000000367417Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40bc0f7993a0b0ee2021-12-21 10:31:44.444root 11241100x8000000000000000367418Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2354ad86b46025cf2021-12-21 10:31:44.444root 11241100x8000000000000000367419Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f4ea49d3ed47c60b2021-12-21 10:31:44.444root 11241100x8000000000000000367420Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.17acd0be9c444f372021-12-21 10:31:44.444root 11241100x8000000000000000367421Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fceb21d5341922cf2021-12-21 10:31:44.444root 11241100x8000000000000000367422Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:44.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8df77f6fbec58e262021-12-21 10:31:44.444root 11241100x8000000000000000367423Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a01364ce23869fc62021-12-21 10:31:44.943root 11241100x8000000000000000367424Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511ab6d52b07ebb52021-12-21 10:31:44.943root 11241100x8000000000000000367425Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cba007ecef17a63b2021-12-21 10:31:44.943root 11241100x8000000000000000367426Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a289d478c59708cb2021-12-21 10:31:44.943root 11241100x8000000000000000367427Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:44.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.378d9a1e791901a82021-12-21 10:31:44.943root 11241100x8000000000000000367428Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8dd2fa4184b460332021-12-21 10:31:44.944root 11241100x8000000000000000367429Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.fe5286de9a6a8ef32021-12-21 10:31:44.944root 11241100x8000000000000000367430Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.936446da32e0af732021-12-21 10:31:44.944root 11241100x8000000000000000367431Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a3d80ea51f3b81ff2021-12-21 10:31:44.944root 11241100x8000000000000000367432Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cb1ac16ee8735d4b2021-12-21 10:31:44.944root 11241100x8000000000000000367433Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2161c2b4b44ebeac2021-12-21 10:31:44.944root 11241100x8000000000000000367434Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29ad7be1f43356262021-12-21 10:31:44.944root 11241100x8000000000000000367435Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:44.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f88d59c313c73e22021-12-21 10:31:44.944root 11241100x8000000000000000367436Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.27e68716368f237f2021-12-21 10:31:45.443root 11241100x8000000000000000367437Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ce0d1e4e850fe08e2021-12-21 10:31:45.443root 11241100x8000000000000000367438Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.cc6c7543e10572242021-12-21 10:31:45.443root 11241100x8000000000000000367439Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.af61caeb58f902702021-12-21 10:31:45.443root 11241100x8000000000000000367440Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7508472ecc4df40c2021-12-21 10:31:45.443root 11241100x8000000000000000367441Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:45.443{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40375852684073262021-12-21 10:31:45.443root 11241100x8000000000000000367442Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.05adc0ede3cae7172021-12-21 10:31:45.444root 11241100x8000000000000000367443Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.55b798ab618003192021-12-21 10:31:45.444root 11241100x8000000000000000367444Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3adc9feeda1011822021-12-21 10:31:45.444root 11241100x8000000000000000367445Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.195f766c93cd31082021-12-21 10:31:45.444root 11241100x8000000000000000367446Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2dbba9a34837d7742021-12-21 10:31:45.444root 11241100x8000000000000000367447Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6e247d9929bc96502021-12-21 10:31:45.444root 11241100x8000000000000000367448Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:45.444{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.41f423698fd0fbfd2021-12-21 10:31:45.444root 11241100x8000000000000000367449Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5c367880e8e323462021-12-21 10:31:45.943root 11241100x8000000000000000367450Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:45.943{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54ed32ecdf7820ca2021-12-21 10:31:45.943root 11241100x8000000000000000367451Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.950077070a0451aa2021-12-21 10:31:45.944root 11241100x8000000000000000367452Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ada1436d513700112021-12-21 10:31:45.944root 11241100x8000000000000000367453Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.95238d6c99d0e1992021-12-21 10:31:45.944root 11241100x8000000000000000367454Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:45.944{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b9e36950707b1b942021-12-21 10:31:45.944root 11241100x8000000000000000367455Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a686c55c8ab28512021-12-21 10:31:45.945root 11241100x8000000000000000367456Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a2c978e833565ad2021-12-21 10:31:45.945root 11241100x8000000000000000367457Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ab0ce153cd762a932021-12-21 10:31:45.945root 11241100x8000000000000000367458Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7c50db8f71d3304f2021-12-21 10:31:45.945root 11241100x8000000000000000367459Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.887084886b2dc5622021-12-21 10:31:45.945root 11241100x8000000000000000367460Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:45.945{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7584cf410e2093b32021-12-21 10:31:45.945root 11241100x8000000000000000367461Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:45.946{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8b8ed1c0f2fd89122021-12-21 10:31:45.946root 354300x8000000000000000367462Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:46.216{ec2b6afe-95d9-61c1-5175-3a0400000000}5346/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.25-47228-false10.0.1.12-8000- 11241100x8000000000000000367463Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:46.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f94b12b1bd0aeba62021-12-21 10:31:46.217root 11241100x8000000000000000367464Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:46.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b70ca6973c881e452021-12-21 10:31:46.217root 11241100x8000000000000000367465Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:46.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9ea6f62b22d8bd582021-12-21 10:31:46.217root 11241100x8000000000000000367466Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:46.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.782a181327f28bf72021-12-21 10:31:46.217root 11241100x8000000000000000367467Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:46.217{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a995eb63dd60f3862021-12-21 10:31:46.217root 11241100x8000000000000000367468Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:46.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2155d406802ca9012021-12-21 10:31:46.218root 11241100x8000000000000000367469Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:46.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.83350363190a24a82021-12-21 10:31:46.218root 11241100x8000000000000000367470Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:46.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f8f9dc6ed2fb5bf2021-12-21 10:31:46.218root 11241100x8000000000000000367471Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:46.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4fbc8b9fd68c96e72021-12-21 10:31:46.218root 11241100x8000000000000000367472Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:46.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bae16836436a23002021-12-21 10:31:46.218root 11241100x8000000000000000367473Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:46.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.606a8c54a06762f42021-12-21 10:31:46.218root 11241100x8000000000000000367474Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:46.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a1197e459d5f7362021-12-21 10:31:46.218root 11241100x8000000000000000367475Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:46.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.98839171967776152021-12-21 10:31:46.218root 11241100x8000000000000000367476Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:46.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7cc5b2208f1f23e22021-12-21 10:31:46.218root 11241100x8000000000000000367477Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:46.218{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2bbd4b4334705c542021-12-21 10:31:46.218root 11241100x8000000000000000367478Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:46.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.10a79814aa2727192021-12-21 10:31:46.219root 11241100x8000000000000000367479Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:46.219{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8fe78d7c3a5706b02021-12-21 10:31:46.219root 11241100x8000000000000000367480Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ad7ffdac4b49d42021-12-21 10:31:46.693root 11241100x8000000000000000367481Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2fcc648d563fcdc52021-12-21 10:31:46.693root 11241100x8000000000000000367482Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec5aa124bf777c4d2021-12-21 10:31:46.693root 11241100x8000000000000000367483Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb57c84978cf27a02021-12-21 10:31:46.693root 11241100x8000000000000000367484Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.29615d5ff1191dfd2021-12-21 10:31:46.693root 11241100x8000000000000000367485Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.43ea10f642fcab312021-12-21 10:31:46.693root 11241100x8000000000000000367486Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:46.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.a0d4d6b88e6c9c2f2021-12-21 10:31:46.693root 11241100x8000000000000000367487Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c23fa8d676ea44492021-12-21 10:31:46.694root 11241100x8000000000000000367488Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9cb96ade1f54e0382021-12-21 10:31:46.694root 11241100x8000000000000000367489Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8a0c4e28638bc7112021-12-21 10:31:46.694root 11241100x8000000000000000367490Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d327c19c2987c1512021-12-21 10:31:46.694root 11241100x8000000000000000367491Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1934a0d28da83f2e2021-12-21 10:31:46.694root 11241100x8000000000000000367492Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.495f3a3c86c237532021-12-21 10:31:46.694root 11241100x8000000000000000367493Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:46.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f06d10ed5d9aed462021-12-21 10:31:46.694root 11241100x8000000000000000367494Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:47.192{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.65db9d12400daf882021-12-21 10:31:47.192root 11241100x8000000000000000367495Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d7082b9b4bb9fe752021-12-21 10:31:47.193root 11241100x8000000000000000367496Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.196884370de29b4c2021-12-21 10:31:47.193root 11241100x8000000000000000367497Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.583cc607895e84be2021-12-21 10:31:47.193root 11241100x8000000000000000367498Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dcf10fdd7db6b10b2021-12-21 10:31:47.193root 11241100x8000000000000000367499Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.93190282626019512021-12-21 10:31:47.193root 11241100x8000000000000000367500Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bb8d4c7099ea9bcb2021-12-21 10:31:47.193root 11241100x8000000000000000367501Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.52603fac215306b52021-12-21 10:31:47.193root 11241100x8000000000000000367502Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5acd5d6e6b38b46a2021-12-21 10:31:47.193root 11241100x8000000000000000367503Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:47.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.46492f9cb403d4052021-12-21 10:31:47.193root 11241100x8000000000000000367504Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.199f00a40dbed6822021-12-21 10:31:47.194root 11241100x8000000000000000367505Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1f29869cc08dfbb92021-12-21 10:31:47.194root 11241100x8000000000000000367506Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.14c128bdaa0356132021-12-21 10:31:47.194root 11241100x8000000000000000367507Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:47.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.550705595256884e2021-12-21 10:31:47.194root 11241100x8000000000000000367508Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c7a0ec271810d40c2021-12-21 10:31:47.693root 11241100x8000000000000000367509Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.dfd181c236df49652021-12-21 10:31:47.693root 11241100x8000000000000000367510Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ec3cc432238c75be2021-12-21 10:31:47.693root 11241100x8000000000000000367511Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1798676f3646d5d92021-12-21 10:31:47.693root 11241100x8000000000000000367512Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.c16f037fdd8b3b272021-12-21 10:31:47.693root 11241100x8000000000000000367513Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.26361c2ec3149a0a2021-12-21 10:31:47.693root 11241100x8000000000000000367514Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2943450ea1f2c7092021-12-21 10:31:47.693root 11241100x8000000000000000367515Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:47.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.403dec2da403dcaf2021-12-21 10:31:47.693root 11241100x8000000000000000367516Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5f775b5eabfbed982021-12-21 10:31:47.694root 11241100x8000000000000000367517Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d5d0296c7a8fe1e02021-12-21 10:31:47.694root 11241100x8000000000000000367518Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e9991f7df23e3e962021-12-21 10:31:47.694root 11241100x8000000000000000367519Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.665df2ac1bcaff342021-12-21 10:31:47.694root 11241100x8000000000000000367520Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.133e203665d6414b2021-12-21 10:31:47.694root 11241100x8000000000000000367521Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:47.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6509a18f323c1f012021-12-21 10:31:47.694root 11241100x8000000000000000367522Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.aeae0b840b2017132021-12-21 10:31:48.193root 11241100x8000000000000000367523Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4cfa9722d82211e12021-12-21 10:31:48.193root 11241100x8000000000000000367524Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.40a8cbcd0da9fd582021-12-21 10:31:48.193root 11241100x8000000000000000367525Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8bf147ccbbc6f24e2021-12-21 10:31:48.193root 11241100x8000000000000000367526Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.103fc6c818c612712021-12-21 10:31:48.193root 11241100x8000000000000000367527Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:48.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed80e452e7ce2d242021-12-21 10:31:48.193root 11241100x8000000000000000367528Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.21c054ec1f420d112021-12-21 10:31:48.194root 11241100x8000000000000000367529Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a4293cf62c4278e2021-12-21 10:31:48.194root 11241100x8000000000000000367530Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1738a0f554a8a03b2021-12-21 10:31:48.194root 11241100x8000000000000000367531Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.87ba2b34c043d5092021-12-21 10:31:48.194root 11241100x8000000000000000367532Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e6351cefd0db34ab2021-12-21 10:31:48.194root 11241100x8000000000000000367533Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c982d4cdb4405932021-12-21 10:31:48.194root 11241100x8000000000000000367534Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.099d64ac9abd5f4a2021-12-21 10:31:48.194root 11241100x8000000000000000367535Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:48.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3d61f788ffc6a58f2021-12-21 10:31:48.194root 11241100x8000000000000000367536Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6cc6eb10631e344a2021-12-21 10:31:48.693root 11241100x8000000000000000367537Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.97410007838cc15f2021-12-21 10:31:48.693root 11241100x8000000000000000367538Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ed9982676451f6372021-12-21 10:31:48.693root 11241100x8000000000000000367539Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.86828cb9b2a5c7722021-12-21 10:31:48.693root 11241100x8000000000000000367540Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.8d4ecf8fe22101952021-12-21 10:31:48.693root 11241100x8000000000000000367541Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b216ded9b5d9d9332021-12-21 10:31:48.693root 11241100x8000000000000000367542Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.758b7e6b8a2b7f9f2021-12-21 10:31:48.693root 11241100x8000000000000000367543Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c4902c85cbee02b2021-12-21 10:31:48.693root 11241100x8000000000000000367544Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:48.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.586b0f6ea61659a52021-12-21 10:31:48.693root 11241100x8000000000000000367545Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.6420234d67ccf5262021-12-21 10:31:48.694root 11241100x8000000000000000367546Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f6a6c17c74a6bb2021-12-21 10:31:48.694root 11241100x8000000000000000367547Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.22f3972fc5eea0f52021-12-21 10:31:48.694root 11241100x8000000000000000367548Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ceaa9980fec8b102021-12-21 10:31:48.694root 11241100x8000000000000000367549Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:48.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.45941de89e9291bf2021-12-21 10:31:48.694root 11241100x8000000000000000367550Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.214daba886f335642021-12-21 10:31:49.193root 11241100x8000000000000000367551Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.11f43861fd807b732021-12-21 10:31:49.193root 11241100x8000000000000000367552Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5a2b7f78cf20674d2021-12-21 10:31:49.193root 11241100x8000000000000000367553Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9c63dc92189c1e632021-12-21 10:31:49.193root 11241100x8000000000000000367554Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d934fd47703452572021-12-21 10:31:49.193root 11241100x8000000000000000367555Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1c4bf55ef874c5642021-12-21 10:31:49.193root 11241100x8000000000000000367556Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.81d781cb0f8aa8642021-12-21 10:31:49.193root 11241100x8000000000000000367557Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0b783063150b92542021-12-21 10:31:49.193root 11241100x8000000000000000367558Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:49.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.3f7af1f7b13058f32021-12-21 10:31:49.193root 11241100x8000000000000000367559Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.532fe9d6d292741a2021-12-21 10:31:49.194root 11241100x8000000000000000367560Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b46d7b38e0989a3b2021-12-21 10:31:49.194root 11241100x8000000000000000367561Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.36736c8d964bebfc2021-12-21 10:31:49.194root 11241100x8000000000000000367562Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.170802f584919ce02021-12-21 10:31:49.194root 11241100x8000000000000000367563Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.006874b3b3914ce12021-12-21 10:31:49.194root 11241100x8000000000000000367564Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:49.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.511c67aae9c6ff892021-12-21 10:31:49.194root 11241100x8000000000000000367565Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.34e98558bf883b252021-12-21 10:31:49.693root 11241100x8000000000000000367566Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.907ad2a87c7bd7972021-12-21 10:31:49.693root 11241100x8000000000000000367567Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e620e093dbe47de72021-12-21 10:31:49.693root 11241100x8000000000000000367568Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0ef11849a4b6bcb12021-12-21 10:31:49.693root 11241100x8000000000000000367569Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f49de7d7ec9169b12021-12-21 10:31:49.693root 11241100x8000000000000000367570Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.51f85b070cbe93952021-12-21 10:31:49.693root 11241100x8000000000000000367571Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18812a699b1b05262021-12-21 10:31:49.693root 11241100x8000000000000000367572Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7fc1181d308107e12021-12-21 10:31:49.693root 11241100x8000000000000000367573Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.b05afa6700c0750b2021-12-21 10:31:49.693root 11241100x8000000000000000367574Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:49.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04ecc55f8ed1eca72021-12-21 10:31:49.693root 11241100x8000000000000000367575Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.baea02a2714de0922021-12-21 10:31:49.694root 11241100x8000000000000000367576Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.35c49fb9557fce452021-12-21 10:31:49.694root 11241100x8000000000000000367577Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1978b26126a7ec402021-12-21 10:31:49.694root 11241100x8000000000000000367578Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:49.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.400ec52665b0d7ef2021-12-21 10:31:49.694root 11241100x8000000000000000367579Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.54faf2af5fa2f48c2021-12-21 10:31:50.193root 11241100x8000000000000000367580Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.79de49ff60221fa92021-12-21 10:31:50.193root 11241100x8000000000000000367581Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.73beb38ee39e5d812021-12-21 10:31:50.193root 11241100x8000000000000000367582Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.5009034b8288c8062021-12-21 10:31:50.193root 11241100x8000000000000000367583Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0a94f9347f10a02d2021-12-21 10:31:50.193root 11241100x8000000000000000367584Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0d5fd5663b38742f2021-12-21 10:31:50.193root 11241100x8000000000000000367585Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.74c8cb1db806522f2021-12-21 10:31:50.193root 11241100x8000000000000000367586Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.db227ec30fe268542021-12-21 10:31:50.193root 11241100x8000000000000000367587Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.1a3ddcac11f4b0562021-12-21 10:31:50.193root 11241100x8000000000000000367588Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:50.193{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4c09da6b9758cef72021-12-21 10:31:50.193root 11241100x8000000000000000367589Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.bea8bca529c3e74a2021-12-21 10:31:50.194root 11241100x8000000000000000367590Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2c40dec544d3a22b2021-12-21 10:31:50.194root 11241100x8000000000000000367591Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.18c98da56f0715ce2021-12-21 10:31:50.194root 11241100x8000000000000000367592Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:50.194{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.9d5939527c7e85c02021-12-21 10:31:50.194root 11241100x8000000000000000367593Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.24929652f9bf0e3d2021-12-21 10:31:50.693root 11241100x8000000000000000367594Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.ba2c90a6316199052021-12-21 10:31:50.693root 11241100x8000000000000000367595Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:50.693{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.810f45ca9c0c5e802021-12-21 10:31:50.693root 11241100x8000000000000000367596Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.957ed8e4964e1a552021-12-21 10:31:50.694root 11241100x8000000000000000367597Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e1e8e785c9ddd8692021-12-21 10:31:50.694root 11241100x8000000000000000367598Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.7755082f46a7e6602021-12-21 10:31:50.694root 11241100x8000000000000000367599Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.e70ec2dc143c2da92021-12-21 10:31:50.694root 11241100x8000000000000000367600Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.f043b433cbdcf31b2021-12-21 10:31:50.694root 11241100x8000000000000000367601Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.28b310bfccc602742021-12-21 10:31:50.694root 11241100x8000000000000000367602Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.4a23793d9af9ba5e2021-12-21 10:31:50.694root 11241100x8000000000000000367603Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.2b8055fbca8b54d72021-12-21 10:31:50.694root 11241100x8000000000000000367604Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.d2fe51ce003e1ad22021-12-21 10:31:50.694root 11241100x8000000000000000367605Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.0c35cbfb088de9da2021-12-21 10:31:50.694root 11241100x8000000000000000367606Linux-Sysmon/Operationalsysmonlinux-tcontreras-attack-range-643-2021-12-21 10:31:50.694{ec2b6afe-95d7-61c1-3048-d63b52560000}5340/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/lib/splunk/modinputs/journald/sysmon.checkpoint.tmp.04549b24a3c1c72c2021-12-21 10:31:50.694root